Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261545 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    Bazagee wrote:
    Nathan wrote:
    Di-Ankh wrote:

    Would this be an answer for my issue?  Not sure if this applies to Windows 2003 server or not...

    http://www.sophos.com/en-us/support/knowledgebase/118323.aspx

    Hi,


    Yes, I would give that a go. Please let me know if you have any trouble with it.

    This script works for me if I run it locally with Admin rights but I'm having a tough time scripting it with PSExec to trigger remotely. Can anyone post up again the syntax for that please...

    EDIT:  I'm able to push the files out to a temp folder on remote machines but not execute the .vbs with reqiured switches..


    Below is what I did. I THINK it worked, but I was unable to remove the temporary folder I put on the remote machine. (It's like something was left open- yet I'm not seeing an Open Files on the machine from managing it from my machine. This has me scratching my head. Wonder if a remote restart would resolve the issue. Anyhow... maybe somone else can chime in here about that.

    ALSO... I set up a temporary Domain Admin account so I could blast it away later. Wasn't sure about the security when I'm putting in the password in plain text with PSEXEC. 
    _______
    _______

    From a command prompt running under an account with Admin rights:

    psexec \\computernamehere -u Domain\DomainAdminUsernameHere -p DomainAdminPasswordHere -w c:\YourTempFolderHere c:\YourTempFolderHere\BatchFileNameHere.bat

    This is all I had in the batch file which was moved to the remote machines:
    cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\sophosw\sophosupdate\cids\s013\savscfxp /updateNow:true

    :32517
Reply
  • 0
    Bazagee wrote:
    Nathan wrote:
    Di-Ankh wrote:

    Would this be an answer for my issue?  Not sure if this applies to Windows 2003 server or not...

    http://www.sophos.com/en-us/support/knowledgebase/118323.aspx

    Hi,


    Yes, I would give that a go. Please let me know if you have any trouble with it.

    This script works for me if I run it locally with Admin rights but I'm having a tough time scripting it with PSExec to trigger remotely. Can anyone post up again the syntax for that please...

    EDIT:  I'm able to push the files out to a temp folder on remote machines but not execute the .vbs with reqiured switches..


    Below is what I did. I THINK it worked, but I was unable to remove the temporary folder I put on the remote machine. (It's like something was left open- yet I'm not seeing an Open Files on the machine from managing it from my machine. This has me scratching my head. Wonder if a remote restart would resolve the issue. Anyhow... maybe somone else can chime in here about that.

    ALSO... I set up a temporary Domain Admin account so I could blast it away later. Wasn't sure about the security when I'm putting in the password in plain text with PSEXEC. 
    _______
    _______

    From a command prompt running under an account with Admin rights:

    psexec \\computernamehere -u Domain\DomainAdminUsernameHere -p DomainAdminPasswordHere -w c:\YourTempFolderHere c:\YourTempFolderHere\BatchFileNameHere.bat

    This is all I had in the batch file which was moved to the remote machines:
    cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\sophosw\sophosupdate\cids\s013\savscfxp /updateNow:true

    :32517
Children
No Data