Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260939 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    ktremain wrote:
    jkillebrew wrote:

    FixSAV.vbs

    I came up with my own script that parses the SAV.log file and copies ALL files back to their original locations. If you deleted them, you're sunk and would have to copy from another computer I guess.

    I also added some stuff from ktremain and KUSA's scripts to get the service restarted and almon running.

    Enjoy!

    BTW I didnt even fix the missing definition file, just ran this and then ran the updater, and it never re-quarantined my files.

    Nice script, i assume you intentionally left the copy line commented to force people to read and understand it? :)

    Oops, i had that commented out and the first line while testing the additions from your script. I corrected it, so the current copy is good to go. :smileywink: btw your script needed to wait between stopping and starting the service.

    FixSAV.vbs I think this is the best script so far but if anyone has improvements or a better one, please share!

    Also anyone using this should DISABLE ON ACCESS SCANNING from the console on all your workstations before running this or it may be undone again!

    :30913
Reply
  • 0
    ktremain wrote:
    jkillebrew wrote:

    FixSAV.vbs

    I came up with my own script that parses the SAV.log file and copies ALL files back to their original locations. If you deleted them, you're sunk and would have to copy from another computer I guess.

    I also added some stuff from ktremain and KUSA's scripts to get the service restarted and almon running.

    Enjoy!

    BTW I didnt even fix the missing definition file, just ran this and then ran the updater, and it never re-quarantined my files.

    Nice script, i assume you intentionally left the copy line commented to force people to read and understand it? :)

    Oops, i had that commented out and the first line while testing the additions from your script. I corrected it, so the current copy is good to go. :smileywink: btw your script needed to wait between stopping and starting the service.

    FixSAV.vbs I think this is the best script so far but if anyone has improvements or a better one, please share!

    Also anyone using this should DISABLE ON ACCESS SCANNING from the console on all your workstations before running this or it may be undone again!

    :30913
Children
No Data