Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
Same checksum error
2012-09-20 12:49:55 : Starting to decode C:/Documents and Settings/All Users/Application Data/Sophos/Update Manager/Working/Decoded-Sub0/F26F7EC0-1302-4DA7-8B6B-A5383051D41A/rms/program files/Sophos/Remote Management System/EMLibUpdateAgentNT.exe IsCancelled? 0
2012-09-20 12:49:55 : EventLog: 3758112772 1 Inserts:> "C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-Sub0\F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "SAVSCFXP" "F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "RECOMMENDED" "F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "Checksum error: 1f34572837d9904ed93222719dae2762x000 -> EMLibUpdateAgentNT.exe"
2012-09-20 12:49:55 : Cmd-ALL << [E4004][C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-Sub0\F26F7EC0-1302-4DA7-8B6B-A5383051D41A][SAVSCFXP][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][RECOMMENDED][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Checksum error: 1f34572837d9904ed93222719dae2762x000 -> EMLibUpdateAgentNT.exe] Decode operation failed when decoding payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A'. Details: Checksum error: 1f34572837d9904ed93222719dae2762x000 -> EMLibUpdateAgentNT.exe
2012-09-20 12:49:55 : Cmd-ALL << [E400D][ActionDecodeEverything-Sub0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDecodeEverything-Sub0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' failed!
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionGenerateCid-Sub0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGenerateCid-Sub0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:55 : Cmd-ALL << [I1017][ActionGenerateCid-Sub0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGenerateCid-Sub0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' could not execute.
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionDeployCids-Sub0-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeployCids-Sub0-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:55 : Cmd-ALL << [I1017][ActionDeployCids-Sub0-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeployCids-Sub0-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' could not execute.
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionGatherCurrencyData-Sub1][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub1' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:55 : GatherCurrencyData: Considering payload Payload-Sub1...
2012-09-20 12:49:55 : GatherCurrencyData: Payload version information has changed, proceeding.
2012-09-20 12:49:55 : GatherCurrencyData: Obtaining currency data...
2012-09-20 12:49:55 : GatherCurrencyData: ReleaseHasRole(EPS) threw an exception, returning false. Details: Attribute not found.
2012-09-20 12:49:55 : GatherCurrencyData: No relevant attributes found for this payload.
2012-09-20 12:49:55 : Cmd-ALL << [I0009][ActionGatherCurrencyData-Sub1][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub1' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionDeploySDF-Sub1-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub1-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : Cmd-ALL << [S0015][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosMA][sec][7D48A012-0C64-4F21-BA27-A9CEDF442749][0.0.0] The SDF deployment operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [S0013][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosMA] The decode operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [I0009][ActionDeploySDF-Sub1-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub1-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:56 : Cmd-ALL << [I1021][ActionGatherCurrencyData-Sub2][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub2' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : GatherCurrencyData: Considering payload Payload-Sub2...
2012-09-20 12:49:56 : GatherCurrencyData: Payload version information has changed, proceeding.
2012-09-20 12:49:56 : GatherCurrencyData: Obtaining currency data...
2012-09-20 12:49:56 : GatherCurrencyData: ReleaseHasRole(EPS) threw an exception, returning false. Details: Attribute not found.
2012-09-20 12:49:56 : GatherCurrencyData: No relevant attributes found for this payload.
2012-09-20 12:49:56 : Cmd-ALL << [I0009][ActionGatherCurrencyData-Sub2][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub2' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:56 : Cmd-ALL << [I1021][ActionDeploySDF-Sub2-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub2-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : Cmd-ALL << [S0015][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA][PSRVR][2DE69C24-D975-47b2-8D2F-6BEA861A9C75][RECOMMENDED] The SDF deployment operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [S0013][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA] The decode operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [I0009][ActionDeploySDF-Sub2-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub2-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:56 : Cmd-ALL << [I1021][ActionGatherCurrencyData-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : GatherCurrencyData: Considering payload Payload-SDDM...
2012-09-20 12:49:56 : GatherCurrencyData: Payload version information has changed, proceeding.
2012-09-20 12:49:56 : GatherCurrencyData: Obtaining currency data...
2012-09-20 12:49:57 : GatherCurrencyData: ReleaseHasRole(EPS) threw an exception, returning false. Details: Attribute not found.
2012-09-20 12:49:57 : GatherCurrencyData: No relevant attributes found for this payload.
2012-09-20 12:49:57 : Cmd-ALL << [I0009][ActionGatherCurrencyData-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:57 : Cmd-ALL << [I1021][ActionDecodeEverything-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDecodeEverything-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:57 : Cmd-ALL << [S001A][C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][sum][A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][RECOMMENDED] The decode operation was successful (and NULL).
2012-09-20 12:49:57 : Cmd-ALL << [S0013][C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-SDDM] The decode operation was successful, and no new data files were decoded.
2012-09-20 12:49:57 : Cmd-ALL << [I0009][ActionDecodeEverything-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDecodeEverything-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:57 : Cmd-ALL << [E400E][DispatcherSupplements-2012-09-20T17-49-50-1] Event with dispatcher ID 'DispatcherSupplements-2012-09-20T17-49-50-1' failed to execute.
2012-09-20 12:49:57 : Cmd-ALL << [I1020][DispatcherSupplements-2012-09-20T17-49-50-1] All events with dispatcher ID 'DispatcherSupplements-2012-09-20T17-49-50-1' complete.
Same checksum error
2012-09-20 12:49:55 : Starting to decode C:/Documents and Settings/All Users/Application Data/Sophos/Update Manager/Working/Decoded-Sub0/F26F7EC0-1302-4DA7-8B6B-A5383051D41A/rms/program files/Sophos/Remote Management System/EMLibUpdateAgentNT.exe IsCancelled? 0
2012-09-20 12:49:55 : EventLog: 3758112772 1 Inserts:> "C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-Sub0\F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "SAVSCFXP" "F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "RECOMMENDED" "F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "Checksum error: 1f34572837d9904ed93222719dae2762x000 -> EMLibUpdateAgentNT.exe"
2012-09-20 12:49:55 : Cmd-ALL << [E4004][C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-Sub0\F26F7EC0-1302-4DA7-8B6B-A5383051D41A][SAVSCFXP][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][RECOMMENDED][F26F7EC0-1302-4DA7-8B6B-A5383051D41A][Checksum error: 1f34572837d9904ed93222719dae2762x000 -> EMLibUpdateAgentNT.exe] Decode operation failed when decoding payload 'F26F7EC0-1302-4DA7-8B6B-A5383051D41A'. Details: Checksum error: 1f34572837d9904ed93222719dae2762x000 -> EMLibUpdateAgentNT.exe
2012-09-20 12:49:55 : Cmd-ALL << [E400D][ActionDecodeEverything-Sub0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDecodeEverything-Sub0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' failed!
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionGenerateCid-Sub0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGenerateCid-Sub0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:55 : Cmd-ALL << [I1017][ActionGenerateCid-Sub0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGenerateCid-Sub0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' could not execute.
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionDeployCids-Sub0-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeployCids-Sub0-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:55 : Cmd-ALL << [I1017][ActionDeployCids-Sub0-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeployCids-Sub0-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' could not execute.
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionGatherCurrencyData-Sub1][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub1' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:55 : GatherCurrencyData: Considering payload Payload-Sub1...
2012-09-20 12:49:55 : GatherCurrencyData: Payload version information has changed, proceeding.
2012-09-20 12:49:55 : GatherCurrencyData: Obtaining currency data...
2012-09-20 12:49:55 : GatherCurrencyData: ReleaseHasRole(EPS) threw an exception, returning false. Details: Attribute not found.
2012-09-20 12:49:55 : GatherCurrencyData: No relevant attributes found for this payload.
2012-09-20 12:49:55 : Cmd-ALL << [I0009][ActionGatherCurrencyData-Sub1][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub1' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:55 : Cmd-ALL << [I1021][ActionDeploySDF-Sub1-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub1-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : Cmd-ALL << [S0015][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosMA][sec][7D48A012-0C64-4F21-BA27-A9CEDF442749][0.0.0] The SDF deployment operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [S0013][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosMA] The decode operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [I0009][ActionDeploySDF-Sub1-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub1-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:56 : Cmd-ALL << [I1021][ActionGatherCurrencyData-Sub2][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub2' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : GatherCurrencyData: Considering payload Payload-Sub2...
2012-09-20 12:49:56 : GatherCurrencyData: Payload version information has changed, proceeding.
2012-09-20 12:49:56 : GatherCurrencyData: Obtaining currency data...
2012-09-20 12:49:56 : GatherCurrencyData: ReleaseHasRole(EPS) threw an exception, returning false. Details: Attribute not found.
2012-09-20 12:49:56 : GatherCurrencyData: No relevant attributes found for this payload.
2012-09-20 12:49:56 : Cmd-ALL << [I0009][ActionGatherCurrencyData-Sub2][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-Sub2' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:56 : Cmd-ALL << [I1021][ActionDeploySDF-Sub2-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub2-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : Cmd-ALL << [S0015][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA][PSRVR][2DE69C24-D975-47b2-8D2F-6BEA861A9C75][RECOMMENDED] The SDF deployment operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [S0013][C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Endpoint Management\4.5\Updates\Secure\SDFs\SophosPA] The decode operation was successful, and no new data files were decoded.
2012-09-20 12:49:56 : Cmd-ALL << [I0009][ActionDeploySDF-Sub2-0][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDeploySDF-Sub2-0' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:56 : Cmd-ALL << [I1021][ActionGatherCurrencyData-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:56 : GatherCurrencyData: Considering payload Payload-SDDM...
2012-09-20 12:49:56 : GatherCurrencyData: Payload version information has changed, proceeding.
2012-09-20 12:49:56 : GatherCurrencyData: Obtaining currency data...
2012-09-20 12:49:57 : GatherCurrencyData: ReleaseHasRole(EPS) threw an exception, returning false. Details: Attribute not found.
2012-09-20 12:49:57 : GatherCurrencyData: No relevant attributes found for this payload.
2012-09-20 12:49:57 : Cmd-ALL << [I0009][ActionGatherCurrencyData-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionGatherCurrencyData-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:57 : Cmd-ALL << [I1021][ActionDecodeEverything-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDecodeEverything-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' started...
2012-09-20 12:49:57 : Cmd-ALL << [S001A][C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-SDDM\A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][sum][A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1][RECOMMENDED] The decode operation was successful (and NULL).
2012-09-20 12:49:57 : Cmd-ALL << [S0013][C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Working\.\Decoded-SDDM] The decode operation was successful, and no new data files were decoded.
2012-09-20 12:49:57 : Cmd-ALL << [I0009][ActionDecodeEverything-SDDM][DispatcherSupplements-2012-09-20T17-49-50-1] Action 'ActionDecodeEverything-SDDM' with caller 'DispatcherSupplements-2012-09-20T17-49-50-1' succeeded!
2012-09-20 12:49:57 : Cmd-ALL << [E400E][DispatcherSupplements-2012-09-20T17-49-50-1] Event with dispatcher ID 'DispatcherSupplements-2012-09-20T17-49-50-1' failed to execute.
2012-09-20 12:49:57 : Cmd-ALL << [I1020][DispatcherSupplements-2012-09-20T17-49-50-1] All events with dispatcher ID 'DispatcherSupplements-2012-09-20T17-49-50-1' complete.
