Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261385 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    bssd wrote:

    If you had your AV policy set to delete,  we have had success using the batch file submitted earlier in this thread with a few mods as follows:

    Net Stop "sophos Anti-Virus"
    net stop "Sophos AutoUpdate Service"
    net stop "Sophos Agent"
    net stop "Sophos Anti-Virus status reporter"
    net stop "Sophos Device Control Service"
    net stop "Sophos Message Router"
    net stop "Sophos Web Control Service"

    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files (x86)\Sophos\Sophos

    Anti-Virus\agen-xuv.ide"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo

    File Deleted)


    xcopy "\\Your Server Name\SophosUpdate\CIDs\S000\SAVSCFXP\SAU\program files\Sophos\AutoUpdate\*.*" "c:\SophosFix\AUFiles\"


    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program Files

    (x86)\Sophos\AutoUpdate"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program

    Files\Sophos\AutoUpdate"&Echo File Deleted)

    Del "C:\ProgramData\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"
    Del "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"

    net start "Sophos AutoUpdate Service"
    Net Start "Sophos Anti-Virus"
    net start "Sophos Agent"
    net start "Sophos Anti-Virus status reporter"
    net start "Sophos Device Control Service"
    net start "Sophos Message Router"
    net start "Sophos Web Control Service"
    shutdown -r -t 001

    This will cause the workstation to reboot imediately.

    We have 2800 machines and half of them did not update.  We will be working through the night to get back to normal. 

    No need to start the services prior to restarting the system. They are all set to start automatically. Might speed your process up a touch for you.

    :31981
Reply
  • 0
    bssd wrote:

    If you had your AV policy set to delete,  we have had success using the batch file submitted earlier in this thread with a few mods as follows:

    Net Stop "sophos Anti-Virus"
    net stop "Sophos AutoUpdate Service"
    net stop "Sophos Agent"
    net stop "Sophos Anti-Virus status reporter"
    net stop "Sophos Device Control Service"
    net stop "Sophos Message Router"
    net stop "Sophos Web Control Service"

    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files (x86)\Sophos\Sophos

    Anti-Virus\agen-xuv.ide"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo

    File Deleted)


    xcopy "\\Your Server Name\SophosUpdate\CIDs\S000\SAVSCFXP\SAU\program files\Sophos\AutoUpdate\*.*" "c:\SophosFix\AUFiles\"


    If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program Files

    (x86)\Sophos\AutoUpdate"&Echo File Deleted)

    If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\savmain.exe" (Copy "c:\SophosFix\AUFiles\*.*" "C:\Program

    Files\Sophos\AutoUpdate"&Echo File Deleted)

    Del "C:\ProgramData\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"
    Del "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\config\Quarantine.xml"

    net start "Sophos AutoUpdate Service"
    Net Start "Sophos Anti-Virus"
    net start "Sophos Agent"
    net start "Sophos Anti-Virus status reporter"
    net start "Sophos Device Control Service"
    net start "Sophos Message Router"
    net start "Sophos Web Control Service"
    shutdown -r -t 001

    This will cause the workstation to reboot imediately.

    We have 2800 machines and half of them did not update.  We will be working through the night to get back to normal. 

    No need to start the services prior to restarting the system. They are all set to start automatically. Might speed your process up a touch for you.

    :31981
Children
No Data