Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    KUSA wrote:
    jkillebrew wrote:

    Oops, i had that commented out and the first line while testing the additions from your script. I corrected it, so the current copy is good to go. :smileywink: btw your script needed to wait between stopping and starting the service.

    FixSAV.vbs I think this is the best script so far but if anyone has improvements or a better one, please share!

    Also anyone using this should DISABLE ON ACCESS SCANNING from the console on all your workstations before running this or it may be undone again!

    This is the script to use. Nicely done. Mine was the lazy man's version... Quick and dirty. Yours is the deluxe model. I do see some of my code in there so Yay for teamwork. :)

    Cool. I've run this on a handfull of our workstations so far and looking at the resulting log at c:\windows\temp\savfix.log I'm amazed at how many different files were moved to quarantine! Adobe and Google updaters, program installers downloaded from the internet for all kinds of various applications, and at least two dozen different sophos related files! This has been quite damaging for us.

    :30951
Reply
  • 0
    KUSA wrote:
    jkillebrew wrote:

    Oops, i had that commented out and the first line while testing the additions from your script. I corrected it, so the current copy is good to go. :smileywink: btw your script needed to wait between stopping and starting the service.

    FixSAV.vbs I think this is the best script so far but if anyone has improvements or a better one, please share!

    Also anyone using this should DISABLE ON ACCESS SCANNING from the console on all your workstations before running this or it may be undone again!

    This is the script to use. Nicely done. Mine was the lazy man's version... Quick and dirty. Yours is the deluxe model. I do see some of my code in there so Yay for teamwork. :)

    Cool. I've run this on a handfull of our workstations so far and looking at the resulting log at c:\windows\temp\savfix.log I'm amazed at how many different files were moved to quarantine! Adobe and Google updaters, program installers downloaded from the internet for all kinds of various applications, and at least two dozen different sophos related files! This has been quite damaging for us.

    :30951
Children
No Data