Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
Well for me it looks like it did a false detection on more than just Sophos related files.
Virus/spyware 'Shh/Updater-B' has been detected in "C:\program files\Google\googletoolbar2.dll\FILE:0001". Cleanup unavailable.
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Disks\Audio\RtlUpd.exe". Cleanup unavailable.
Infected file "C:\Disks\Audio\RtlUpd.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\RtlUpd.exe.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\MCK\Common\JRE\1.5.0_12\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\MCK\Common\JRE\1.5.0_12\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Meds\FDBIncrementalUpdate.exe". Cleanup unavailable.
Infected file "C:\Meds\FDBIncrementalUpdate.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\FDBIncrementalUpdate.exe.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.2.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Java\j2re1.4.2_13\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\Program Files\Java\j2re1.4.2_13\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.3.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\inetconn.dll". Cleanup unavailable.
Infected file "C:\Program Files\Sophos\AutoUpdate\inetconn.dll" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\inetconn.dll.000".
Infected file "C:\WINDOWS\RtlUpd.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\RtlUpd.exe.2.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.1.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck_g.exe". Cleanup unavailable.
Infected file "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck_g.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck_g.exe.000".
Is sophos really saying that we have to script and move these files into the original location? So mean while I have 2000+ hospital workstations that I would have to do this on. Assumingly if the script runs successfully. I am currently on hold with sophos but its been 32mins!
Well for me it looks like it did a false detection on more than just Sophos related files.
Virus/spyware 'Shh/Updater-B' has been detected in "C:\program files\Google\googletoolbar2.dll\FILE:0001". Cleanup unavailable.
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Disks\Audio\RtlUpd.exe". Cleanup unavailable.
Infected file "C:\Disks\Audio\RtlUpd.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\RtlUpd.exe.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\MCK\Common\JRE\1.5.0_12\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\MCK\Common\JRE\1.5.0_12\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Meds\FDBIncrementalUpdate.exe". Cleanup unavailable.
Infected file "C:\Meds\FDBIncrementalUpdate.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\FDBIncrementalUpdate.exe.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.2.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Java\j2re1.4.2_13\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\Program Files\Java\j2re1.4.2_13\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.3.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\inetconn.dll". Cleanup unavailable.
Infected file "C:\Program Files\Sophos\AutoUpdate\inetconn.dll" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\inetconn.dll.000".
Infected file "C:\WINDOWS\RtlUpd.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\RtlUpd.exe.2.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck.exe". Cleanup unavailable.
Infected file "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck.exe.1.000".
Virus/spyware 'Shh/Updater-B' has been detected in "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck_g.exe". Cleanup unavailable.
Infected file "C:\oracle\product\10.2.0\client_1\jdk\jre\bin\jucheck_g.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\jucheck_g.exe.000".
Is sophos really saying that we have to script and move these files into the original location? So mean while I have 2000+ hospital workstations that I would have to do this on. Assumingly if the script runs successfully. I am currently on hold with sophos but its been 32mins!
