Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261148 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Vista/7

    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALsvc.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\inetconn.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\AUAdapter.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swi_update.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"

    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALsvc.exe.000" "ALsvc.exe"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\inetconn.dll.000" "inetconn.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\AUAdapter.dll.000" "AUAdapter.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\swi_update.exe.000" "swi_update.exe"

    shutdown -r

    Windows Server 2008

    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALsvc.exe.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\inetconn.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\AUAdapter.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swi_update_64.exe.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\sharedres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swlocale.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\sharedres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\Logger.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ispsheet.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\SAUConfigDLL.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ischdres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ilogres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\iconfres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\EMLibUpdateAgentNT.exe.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\config.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\cidsync.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ChannelUpdater.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALMonres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\SingleGUIPlugin.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"

    PAUSE


    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ALsvc.exe.000" "ALsvc.exe"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\inetconn.dll.000" "inetconn.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\AUAdapter.dll.000" "AUAdapter.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\swi_update_64.exe.000" "swi_update.exe"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ALMonres.dll.000" "ALMonres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ChannelUpdater.dll.000" "ChannelUpdater.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\cidsync.dll.000" "cidsync.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\config.dll.000" "config.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\EMLibUpdateAgentNT.exe.000" "EMLibUpdateAgentNT.exe"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\iconfres.dll.000" "iconfres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ilogres.dll.000" "ilogres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ischdres.dll.000" "ischdres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\SAUConfigDLL.dll.000" "SAUConfigDLL.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ispsheet.dll.000" "ispsheet.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\Logger.dll.000" "Logger.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\sharedres.dll.000" "sharedres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\swlocale.dll.000" "swlocale.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\sharedres.dll.000" "sharedres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\SingleGUIPlugin.dll.000" "SingleGUIPlugin.dll"

    PAUSE

    Windows XP (untested)

    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALsvc.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\inetconn.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\AUAdapter.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swi_update.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"

    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALsvc.exe.000" "ALsvc.exe"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\inetconn.dll.000" "inetconn.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\AUAdapter.dll.000" "AUAdapter.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\swi_update.exe.000" "swi_update.exe"

    shutdown -r

    :31469
Reply
  • 0

    Vista/7

    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALsvc.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\inetconn.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\AUAdapter.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swi_update.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"

    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALsvc.exe.000" "ALsvc.exe"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\inetconn.dll.000" "inetconn.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\AUAdapter.dll.000" "AUAdapter.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\swi_update.exe.000" "swi_update.exe"

    shutdown -r

    Windows Server 2008

    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALsvc.exe.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\inetconn.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\AUAdapter.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swi_update_64.exe.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\sharedres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swlocale.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\sharedres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\Logger.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ispsheet.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\SAUConfigDLL.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ischdres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ilogres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\iconfres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\EMLibUpdateAgentNT.exe.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\config.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\cidsync.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ChannelUpdater.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALMonres.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"
    MOVE "C:\USERS\ALL USERS\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\SingleGUIPlugin.dll.000" "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\"

    PAUSE


    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ALsvc.exe.000" "ALsvc.exe"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\inetconn.dll.000" "inetconn.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\AUAdapter.dll.000" "AUAdapter.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\swi_update_64.exe.000" "swi_update.exe"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ALMonres.dll.000" "ALMonres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ChannelUpdater.dll.000" "ChannelUpdater.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\cidsync.dll.000" "cidsync.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\config.dll.000" "config.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\EMLibUpdateAgentNT.exe.000" "EMLibUpdateAgentNT.exe"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\iconfres.dll.000" "iconfres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ilogres.dll.000" "ilogres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ischdres.dll.000" "ischdres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\SAUConfigDLL.dll.000" "SAUConfigDLL.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\ispsheet.dll.000" "ispsheet.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\Logger.dll.000" "Logger.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\sharedres.dll.000" "sharedres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\swlocale.dll.000" "swlocale.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\sharedres.dll.000" "sharedres.dll"
    RENAME "C:\PROGRAM FILES (x86)\SOPHOS\AUTOUPDATE\SingleGUIPlugin.dll.000" "SingleGUIPlugin.dll"

    PAUSE

    Windows XP (untested)

    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\ALsvc.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\inetconn.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\AUAdapter.dll.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"
    MOVE "C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SOPHOS\SOPHOS ANTI-VIRUS\INFECTED\swi_update.exe.000" "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\"

    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALsvc.exe.000" "ALsvc.exe"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\inetconn.dll.000" "inetconn.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\AUAdapter.dll.000" "AUAdapter.dll"
    RENAME "C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\swi_update.exe.000" "swi_update.exe"

    shutdown -r

    :31469
Children
No Data