Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261484 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    I am having a go at resolving this issue that we are having, but I am getting stuck at a certain point...

    We have the Clean Up set to "deny access and move to default location" but when looking in C:\Program Files\Sophos\Sophos Anti-Virus there is no "INFECTED" folder, there are only two folders in this directory "Web Control" and "Web Intelligence".

    Files have deffinately been move to this location, as I am seeing this in email from the console.   "Infected file "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000"."

    I have checked several machines that are affected, and all are the same having no "INFECTED" folder.  So I am kind of stuck with not knowing which path to take to get this issue resolved on my machines.  Is there a 1 fix for all scenarios that I can try?

    Also...  We are seeing more than just the Sophos Update files that are effected by this, will the "fix" that is run also restore all other files that were effected?

    :32313
Reply
  • 0

    I am having a go at resolving this issue that we are having, but I am getting stuck at a certain point...

    We have the Clean Up set to "deny access and move to default location" but when looking in C:\Program Files\Sophos\Sophos Anti-Virus there is no "INFECTED" folder, there are only two folders in this directory "Web Control" and "Web Intelligence".

    Files have deffinately been move to this location, as I am seeing this in email from the console.   "Infected file "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000"."

    I have checked several machines that are affected, and all are the same having no "INFECTED" folder.  So I am kind of stuck with not knowing which path to take to get this issue resolved on my machines.  Is there a 1 fix for all scenarios that I can try?

    Also...  We are seeing more than just the Sophos Update files that are effected by this, will the "fix" that is run also restore all other files that were effected?

    :32313
Children
No Data