Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261116 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    My comrades.  Here is what a kind person at Dell Kace helped me put together:

    @ECHO OFF
    REM Sophos.BAT
    REM other file present: ALsvc.exe, ALUpdate.exe, AUAdapter.dll, Cidsync.dll and  inetconn.dll.
    SET ARCH=
    IF EXIST "C:\Program Files (x86)\Sophos\Sophos Anti-Virus" SET ARCH= (x86)

    net stop "Sophos AutoUpdate Service"
    net stop SAVService

    del "C:\Program Files%ARCH%\Sophos\Sophos Anti-Virus\agen-xuv.ide" /f /q
    REM copy "\\Sophos Updating Share\*.*" "C:\Program Files\Sophos\Sophos Anti-Virus\*.*" /y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\ALsvc.exe"     copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000"     "C:\Program

    Files%ARCH%\Sophos\Autoupdate\ALsvc.exe" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\ALUpdate.exe"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\ALUpdate.exe" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\AUAdapter.dll" copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000" "C:\Program

    Files%ARCH%\Sophos\Autoupdate\AUAdapter.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\Cidsync.dll"   copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\Cidsync.dll.000"   "C:\Program

    Files%ARCH%\Sophos\Autoupdate\Cidsync.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\inetconn.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\inetconn.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\inetconn.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\ChannelUpdater.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ChannelUpdater.dll.000" 

    "C:\Program Files%ARCH%\Sophos\Autoupdate\ChannelUpdater.dll" /Y

    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\config.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\config.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\config.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\Logger.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\Logger.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\Logger.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\SingleGUIPlugin.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    \SingleGUIPlugin.dll.000"  "C:\Program Files%ARCH%\Sophos\Autoupdate\SingleGUIPlugin.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\swlocale.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\swlocale.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\swlocale.dll" /Y

    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Sophos Anti-Virus\javab-jd.ide"  copy "p:\java-jd.ide"  "C:\Program Files%ARCH%\Sophos\Sophos Anti-Virus

    \javab-jd.ide" /Y

    net start "Sophos AutoUpdate Service"
    net start SAVService

    It works for 32 and 64 bit Windows.  I've found it requires a reboot to get the shield back.  Good luck.  This has been nuts.

    :31385
Reply
  • 0

    My comrades.  Here is what a kind person at Dell Kace helped me put together:

    @ECHO OFF
    REM Sophos.BAT
    REM other file present: ALsvc.exe, ALUpdate.exe, AUAdapter.dll, Cidsync.dll and  inetconn.dll.
    SET ARCH=
    IF EXIST "C:\Program Files (x86)\Sophos\Sophos Anti-Virus" SET ARCH= (x86)

    net stop "Sophos AutoUpdate Service"
    net stop SAVService

    del "C:\Program Files%ARCH%\Sophos\Sophos Anti-Virus\agen-xuv.ide" /f /q
    REM copy "\\Sophos Updating Share\*.*" "C:\Program Files\Sophos\Sophos Anti-Virus\*.*" /y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\ALsvc.exe"     copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000"     "C:\Program

    Files%ARCH%\Sophos\Autoupdate\ALsvc.exe" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\ALUpdate.exe"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\ALUpdate.exe" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\AUAdapter.dll" copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000" "C:\Program

    Files%ARCH%\Sophos\Autoupdate\AUAdapter.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\Cidsync.dll"   copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\Cidsync.dll.000"   "C:\Program

    Files%ARCH%\Sophos\Autoupdate\Cidsync.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\inetconn.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\inetconn.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\inetconn.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\ChannelUpdater.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ChannelUpdater.dll.000" 

    "C:\Program Files%ARCH%\Sophos\Autoupdate\ChannelUpdater.dll" /Y

    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\config.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\config.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\config.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\Logger.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\Logger.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\Logger.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\SingleGUIPlugin.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    \SingleGUIPlugin.dll.000"  "C:\Program Files%ARCH%\Sophos\Autoupdate\SingleGUIPlugin.dll" /Y
    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Autoupdate\swlocale.dll"  copy "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\swlocale.dll.000"  "C:\Program

    Files%ARCH%\Sophos\Autoupdate\swlocale.dll" /Y

    IF NOT EXIST "C:\Program Files%ARCH%\Sophos\Sophos Anti-Virus\javab-jd.ide"  copy "p:\java-jd.ide"  "C:\Program Files%ARCH%\Sophos\Sophos Anti-Virus

    \javab-jd.ide" /Y

    net start "Sophos AutoUpdate Service"
    net start SAVService

    It works for 32 and 64 bit Windows.  I've found it requires a reboot to get the shield back.  Good luck.  This has been nuts.

    :31385
Children
No Data