Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
This is bad, I got it on a machine and it kept spamming the logs about this. Not only that, I rebooted the machine to see if it would clear up and it appears to have broken Sophos Anti-Virus. DO we have any updates on what is causing this or a valid workaround? This forum thread is huge and I'm having trouble disseminating all the information on here.
I can look at possibly reinstalling Sophos AV and RMS, etc on here. But I want to know what happeened. Let me know if there is any data that I can send to support to help with this. It's on a lab machine so I can send logs, dll's, system profile or whatever.
This smells like a bad virus definition. But what is horrible in my case is that it started reporting all the Sophos update files as this virus and quarantined them all. This is from my SAV.txt file:
20120919 210952 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll". Cleanup unavailable.
20120919 210952 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll" for user pgp_win7_x64-vm\PGP
20120919 210952 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll1". Cleanup unavailable.
20120919 210952 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll1" for user pgp_win7_x64-vm\PGP
20120919 210953 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll2". Cleanup unavailable.
20120919 210953 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll2" for user pgp_win7_x64-vm\PGP
20120919 210953 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll3". Cleanup unavailable.
20120919 210953 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll3" for user pgp_win7_x64-vm\PGP
20120919 210953 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALsvc.exe". Cleanup unavailable.
20120919 210953 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALsvc.exe" for user pgp_win7_x64-vm\PGP
20120919 210954 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALUpdate.exe". Cleanup unavailable.
20120919 210954 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALUpdate.exe" for user pgp_win7_x64-vm\PGP
20120919 210955 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\AUAdapter.dll". Cleanup unavailable.
20120919 210955 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\AUAdapter.dll" for user pgp_win7_x64-vm\PGP
20120919 210955 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\cidsync.dll". Cleanup unavailable.
This is bad, I got it on a machine and it kept spamming the logs about this. Not only that, I rebooted the machine to see if it would clear up and it appears to have broken Sophos Anti-Virus. DO we have any updates on what is causing this or a valid workaround? This forum thread is huge and I'm having trouble disseminating all the information on here.
I can look at possibly reinstalling Sophos AV and RMS, etc on here. But I want to know what happeened. Let me know if there is any data that I can send to support to help with this. It's on a lab machine so I can send logs, dll's, system profile or whatever.
This smells like a bad virus definition. But what is horrible in my case is that it started reporting all the Sophos update files as this virus and quarantined them all. This is from my SAV.txt file:
20120919 210952 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll". Cleanup unavailable.
20120919 210952 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll" for user pgp_win7_x64-vm\PGP
20120919 210952 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll1". Cleanup unavailable.
20120919 210952 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\almonres.dll1" for user pgp_win7_x64-vm\PGP
20120919 210953 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll2". Cleanup unavailable.
20120919 210953 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll2" for user pgp_win7_x64-vm\PGP
20120919 210953 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll3". Cleanup unavailable.
20120919 210953 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALMonres.dll3" for user pgp_win7_x64-vm\PGP
20120919 210953 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALsvc.exe". Cleanup unavailable.
20120919 210953 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALsvc.exe" for user pgp_win7_x64-vm\PGP
20120919 210954 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALUpdate.exe". Cleanup unavailable.
20120919 210954 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\ALUpdate.exe" for user pgp_win7_x64-vm\PGP
20120919 210955 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\AUAdapter.dll". Cleanup unavailable.
20120919 210955 On-access scanner has denied access to location "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\AUAdapter.dll" for user pgp_win7_x64-vm\PGP
20120919 210955 Virus/spyware 'Shh/Updater-B' has been detected in "C:\Windows\Installer\$PatchCache$\Managed\BE814C515767eb242B3B829125AD10D4\2.7.1\cidsync.dll". Cleanup unavailable.
