Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261203 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Hello, my name is Benjamin, I'm new here and not a native english speaker. 

    So I hope you can understand what I write.

    We had a interesting day, but we build a solution for us.

    Warning: this is just tested in our IT department at the moment!

    The QuarReastore_de.vbs is from Sophos support and is also for testing!

    script starts under the rhombuses

    ######################

    REM stop services

    net stop "Sophos Agent" > C:\BF.txt
    net stop "SAVService" >>C:\BF.txt
    net stop "SAVAdminService" >>C:\BF.txt
    net stop "Sophos AutoUpdate Service" >>C:\BF.txt
    net stop "Sophos Message Router" >>C:\BF.txt
    net stop "Sophos Web Control Service" >>C:\BF.txt
    net stop "swi_service" >>C:\BF.txt
    net stop "swi_update_64" >>C:\BF.txt
    net stop "Sophos Anti-Virus" >> C:\BF.txt

    REM Start vbs-script

    %WINDIR%\cscript.exe {DIP}\Apl\Sophos\UpdateBugfix\QuarReastore_de.vbs

    REM delete files

    if not exist "%ALLUSERSPROFILE%\Anwendungsdaten\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" goto next1 >>C:\BF.txt
    del "%ALLUSERSPROFILE%\Anwendungsdaten\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" /f/q >>C:\BF.txt
    :next1
    if not exist "%ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" goto next2 >>C:\BF.txt
    del "%ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" /f/q >>C:\BF.txt
    :next2
    if not exist "%ProgramFiles%\Sophos\Sophos Anti-Virus\agen-xuv.ide" goto next3 >>C:\BF.txt
    del "%ProgramFiles%\Sophos\Sophos Anti-Virus\agen-xuv.ide" /f/q >>C:\BF.txt
    :next3
    if not exist "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" goto next4 >>C:\BF.txt
    del "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" /f/q >>C:\BF.txt
    :next4

    REM start services

    net start "Sophos Anti-Virus" >>C:\BF.txt
    net start "Sophos Agent" >>C:\BF.txt
    net start "SAVService" >>C:\BF.txt
    net start "SAVAdminService" >>C:\BF.txt
    net start "Sophos AutoUpdate Service" >>C:\BF.txt
    net start "Sophos Message Router" >>C:\BF.txt
    net start "Sophos Web Control Service" >>C:\BF.txt
    net start "swi_service" >>C:\BF.txt
    net start "swi_update_64" >>C:\BF.txt

    ##############

    script ends before the rhombuses.

    It should also work if you only stop and start the "Sophos Anti-Virus" services.

    But we did it so. 

    i hope this will help you.

    :31601
Reply
  • 0

    Hello, my name is Benjamin, I'm new here and not a native english speaker. 

    So I hope you can understand what I write.

    We had a interesting day, but we build a solution for us.

    Warning: this is just tested in our IT department at the moment!

    The QuarReastore_de.vbs is from Sophos support and is also for testing!

    script starts under the rhombuses

    ######################

    REM stop services

    net stop "Sophos Agent" > C:\BF.txt
    net stop "SAVService" >>C:\BF.txt
    net stop "SAVAdminService" >>C:\BF.txt
    net stop "Sophos AutoUpdate Service" >>C:\BF.txt
    net stop "Sophos Message Router" >>C:\BF.txt
    net stop "Sophos Web Control Service" >>C:\BF.txt
    net stop "swi_service" >>C:\BF.txt
    net stop "swi_update_64" >>C:\BF.txt
    net stop "Sophos Anti-Virus" >> C:\BF.txt

    REM Start vbs-script

    %WINDIR%\cscript.exe {DIP}\Apl\Sophos\UpdateBugfix\QuarReastore_de.vbs

    REM delete files

    if not exist "%ALLUSERSPROFILE%\Anwendungsdaten\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" goto next1 >>C:\BF.txt
    del "%ALLUSERSPROFILE%\Anwendungsdaten\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" /f/q >>C:\BF.txt
    :next1
    if not exist "%ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" goto next2 >>C:\BF.txt
    del "%ALLUSERSPROFILE%\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" /f/q >>C:\BF.txt
    :next2
    if not exist "%ProgramFiles%\Sophos\Sophos Anti-Virus\agen-xuv.ide" goto next3 >>C:\BF.txt
    del "%ProgramFiles%\Sophos\Sophos Anti-Virus\agen-xuv.ide" /f/q >>C:\BF.txt
    :next3
    if not exist "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" goto next4 >>C:\BF.txt
    del "%ALLUSERSPROFILE%\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml" /f/q >>C:\BF.txt
    :next4

    REM start services

    net start "Sophos Anti-Virus" >>C:\BF.txt
    net start "Sophos Agent" >>C:\BF.txt
    net start "SAVService" >>C:\BF.txt
    net start "SAVAdminService" >>C:\BF.txt
    net start "Sophos AutoUpdate Service" >>C:\BF.txt
    net start "Sophos Message Router" >>C:\BF.txt
    net start "Sophos Web Control Service" >>C:\BF.txt
    net start "swi_service" >>C:\BF.txt
    net start "swi_update_64" >>C:\BF.txt

    ##############

    script ends before the rhombuses.

    It should also work if you only stop and start the "Sophos Anti-Virus" services.

    But we did it so. 

    i hope this will help you.

    :31601
Children
No Data