This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

This thread was automatically locked due to age.

Parents

0 lucas0x7E over 13 years ago

I fully agree, RL!

It took my whole morning to write a quick & dirty solution; fortunately in our case no files where deleted.

Execute this in your domain controller as domain administrator:

psexec -u DOMAIN\admin -s \\* "%LOGONSERVER%\NETLOGON\repair-sophos.bat"

repair-sophos.bat:

@echo off
net stop "Sophos Agent"
net stop "SAVService"
net stop "SAVAdminService"
net stop "Sophos AutoUpdate Service"
net stop "Sophos Message Router"
net stop "Sophos Web Control Service"
net stop "swi_service"
net stop "swi_update_64"
del /f /q "%ProgramFiles%\Sophos\Sophos Anti-Virus\agen-xuv.ide"
del /f /q "%ProgramFiles(x86)%\Sophos\Sophos Anti-Virus\agen-xuv.ide"
del /f /q "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml"
del /f /q "%ProgramData%\Sophos\Sophos Anti-Virus\Config\Quarantine.xml"
net start "Sophos Agent"
net start "SAVService"
net start "SAVAdminService"
net start "Sophos AutoUpdate Service"
net start "Sophos Message Router"
net start "Sophos Web Control Service"
net start "swi_service"
net start "swi_update_64"

Lucas.

Reply