Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261556 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    I keep trying to follow the instructions here: http://www.sophos.com/en-us/support/knowledgebase/118327.aspx and can't get past the first part. I can't download javab-jd.ide at all. I've tried everything I've looked up, and followed the instructions listed but it won't download. When I try to update, it says no updates are required and so nothing comes through, but I've checked \Program Files (x86)\Sophos\Sophos Anti-Virus and it isn't there.

    I've disabled indexing, I've enabled Live Protection, I've added the exceptions...

    I'm not really that tech savvy (I'm a home user who gets Sophos through my university), so I need really plain instructions.

    My most recent trace log:

    Trace(2012-Sep-23 04:13:48): ALUpdate started: -ManualUpdate  -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"
    Trace(2012-Sep-23 04:13:48): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
    Trace(2012-Sep-23 04:13:48): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
    Trace(2012-Sep-23 04:13:48): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
    Trace(2012-Sep-23 04:13:48): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
    Trace(2012-Sep-23 04:13:48): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
    Trace(2012-Sep-23 04:13:48): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
    Trace(2012-Sep-23 04:13:48): Computer is a not possible cluster
    Trace(2012-Sep-23 04:13:48): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2012-Sep-23 04:13:48): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
    Trace(2012-Sep-23 04:13:48): Considering subscribed products.
    Trace(2012-Sep-23 04:13:48): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2012-Sep-23 04:13:48): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
    Trace(2012-Sep-23 04:13:48): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
    Trace(2012-Sep-23 04:13:48): Could not read registry entry containing Sophos address - using hardcoded value.
    Trace(2012-Sep-23 04:13:48): GenerateCustomerID: complete
    Trace(2012-Sep-23 04:13:48): Computer is a not possible cluster
    Trace(2012-Sep-23 04:13:48): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2012-Sep-23 04:13:49): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend started
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2012-Sep-23 04:13:49): RMSMessageHandler: ALUpdateStart
    Trace(2012-Sep-23 04:13:49): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2012-Sep-23 04:13:49): ALUpdate(AutoUpdate.Started):
    Trace(2012-Sep-23 04:13:49): UpdateCoordinator::UpdateNow: Entering
    Trace(2012-Sep-23 04:13:49): PopulateCache: Entering
    Trace(2012-Sep-23 04:13:49): UpdateCoordinator::UpdateNow: About to Sync list of products
    Trace(2012-Sep-23 04:13:49): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2012-Sep-23 04:13:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
    Trace(2012-Sep-23 04:13:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
    Trace(2012-Sep-23 04:13:49): Calling package_source_init
    Trace(2012-Sep-23 04:13:49): TrySyncProduct, Calling BeginSync
    Trace(2012-Sep-23 04:13:49): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\escdp.dat
    Trace(2012-Sep-23 04:13:49): Remote connection over HTTP.
    Trace(2012-Sep-23 04:13:50): Read file master.upd (Remote).
    Trace(2012-Sep-23 04:13:50): Synchronised file root.upd (Local).
    Trace(2012-Sep-23 04:13:50): Synchronised file escdp.dat (Local).
    Trace(2012-Sep-23 04:13:50): ParseCustomerIDFile: completed: 0
    Trace(2012-Sep-23 04:13:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2012-Sep-23 04:13:50): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
    Trace(2012-Sep-23 04:13:50): CIDUpdate(SyncProduct.Start): SAVXP, http://avupdate.xx.xxx.xx/SophosAtHome/CIDs/S000/xxxxxxxx/
    Trace(2012-Sep-23 04:13:50): Checksum found in master.upd matches cached cidsync.upd : 275ccb28. Skipping download
    Trace(2012-Sep-23 04:13:50): CIDUpdate(PrimarySuccess):
    Trace(2012-Sep-23 04:13:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
    Trace(2012-Sep-23 04:13:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
    Trace(2012-Sep-23 04:13:50): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2012-Sep-23 04:13:50): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
    Trace(2012-Sep-23 04:13:50): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, http://avupdate.xx.xxx.xx/SophosAtHome/CIDs/S000/xxxxxxxx/
    Trace(2012-Sep-23 04:13:50): Checksum found in master.upd matches cached cidsync.upd : bf9b3c06. Skipping download
    Trace(2012-Sep-23 04:13:50): CIDUpdate(PrimarySuccess):
    Trace(2012-Sep-23 04:13:51): ALUpdate(DownloadEnded):
    Trace(2012-Sep-23 04:13:51): UpdateCoordinator::UpdateNow: About to Action list of products
    Trace(2012-Sep-23 04:13:51): ALUpdate(Action.Skipped): SAVXP
    Trace(2012-Sep-23 04:13:51): ALUpdate(Action.Skipped): Sophos AutoUpdate
    Trace(2012-Sep-23 04:13:52): RMSMessageHandler: ALUpdateEnd
    Trace(2012-Sep-23 04:13:52): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2012-Sep-23 04:13:52): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2012-Sep-23 04:13:52): IPCSender::ProcessSend: Listener not ready starting to wait
    Trace(2012-Sep-23 04:13:53): IPCSender::ProcessSend exiting

    :32559
Reply
  • 0

    I keep trying to follow the instructions here: http://www.sophos.com/en-us/support/knowledgebase/118327.aspx and can't get past the first part. I can't download javab-jd.ide at all. I've tried everything I've looked up, and followed the instructions listed but it won't download. When I try to update, it says no updates are required and so nothing comes through, but I've checked \Program Files (x86)\Sophos\Sophos Anti-Virus and it isn't there.

    I've disabled indexing, I've enabled Live Protection, I've added the exceptions...

    I'm not really that tech savvy (I'm a home user who gets Sophos through my university), so I need really plain instructions.

    My most recent trace log:

    Trace(2012-Sep-23 04:13:48): ALUpdate started: -ManualUpdate  -NoGUI -RootPath "C:\Program Files (x86)\Sophos\AutoUpdate"
    Trace(2012-Sep-23 04:13:48): Product subscription is disabled: iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} action value is:0
    Trace(2012-Sep-23 04:13:48): Product iProductData.{390DCDC2-10A9-4ef3-B8D8-0CA7F0E7EB92} has not been added.
    Trace(2012-Sep-23 04:13:48): Product subscription is disabled: iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} action value is:0
    Trace(2012-Sep-23 04:13:48): Product iProductData.{D752FAB9-5883-4b36-8740-61565B6BAD29} has not been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} has been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is  available from Sophos.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{E17FE03B-0501-4aaa-BC69-0129D965F311} is not  the Spam Rules package.
    Trace(2012-Sep-23 04:13:48): Product subscription is disabled: iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} action value is:0
    Trace(2012-Sep-23 04:13:48): Product iProductData.{7998C326-2CA5-4830-B7D2-B792D2460975} has not been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{3B758ED7-87C1-4e89-BDE1-F49DFF1249F6} has not been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} has been added.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  available from Sophos.
    Trace(2012-Sep-23 04:13:48): Product iProductData.{B5E7E2A7-3B64-437D-801F-21CC9D67CC6D} is  the Spam Rules package.
    Trace(2012-Sep-23 04:13:48): Computer is a not possible cluster
    Trace(2012-Sep-23 04:13:48): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2012-Sep-23 04:13:48): ConfigurationImpl, considering PMSR 2.6: PureMessage not installed, PMSR package will not be updated without a subscription
    Trace(2012-Sep-23 04:13:48): Considering subscribed products.
    Trace(2012-Sep-23 04:13:48): Considering product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8}
    Trace(2012-Sep-23 04:13:48): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} is not already subscribed.
    Trace(2012-Sep-23 04:13:48): Product {9BF40A4E-23AE-48be-9974-5A1F261DBEE8} was added to the list.
    Trace(2012-Sep-23 04:13:48): Could not read registry entry containing Sophos address - using hardcoded value.
    Trace(2012-Sep-23 04:13:48): GenerateCustomerID: complete
    Trace(2012-Sep-23 04:13:48): Computer is a not possible cluster
    Trace(2012-Sep-23 04:13:48): PureMessageDetector::AreSpamRulesRequired - Could not open registry on Software\Sophos\MMEx\Config\Global
    Trace(2012-Sep-23 04:13:49): IPCBase::IPCBase: Initialising shared memory A32951C539924a12B3C8F2FDA5A268E4
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend started
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2012-Sep-23 04:13:49): RMSMessageHandler: ALUpdateStart
    Trace(2012-Sep-23 04:13:49): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend: Send message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSStartUpdate" />
    Trace(2012-Sep-23 04:13:49): IPCSender::ProcessSend: No messages in queue, starting to wait
    Trace(2012-Sep-23 04:13:49): ALUpdate(AutoUpdate.Started):
    Trace(2012-Sep-23 04:13:49): UpdateCoordinator::UpdateNow: Entering
    Trace(2012-Sep-23 04:13:49): PopulateCache: Entering
    Trace(2012-Sep-23 04:13:49): UpdateCoordinator::UpdateNow: About to Sync list of products
    Trace(2012-Sep-23 04:13:49): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2012-Sep-23 04:13:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Started:
    Trace(2012-Sep-23 04:13:49): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, creating update location
    Trace(2012-Sep-23 04:13:49): Calling package_source_init
    Trace(2012-Sep-23 04:13:49): TrySyncProduct, Calling BeginSync
    Trace(2012-Sep-23 04:13:49): CalculateChecksum. Processing file C:\ProgramData\Sophos\AutoUpdate\cache\escdp.dat
    Trace(2012-Sep-23 04:13:49): Remote connection over HTTP.
    Trace(2012-Sep-23 04:13:50): Read file master.upd (Remote).
    Trace(2012-Sep-23 04:13:50): Synchronised file root.upd (Local).
    Trace(2012-Sep-23 04:13:50): Synchronised file escdp.dat (Local).
    Trace(2012-Sep-23 04:13:50): ParseCustomerIDFile: completed: 0
    Trace(2012-Sep-23 04:13:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Calling SyncProduct with {E17FE03B-0501-4aaa-BC69-0129D965F311}
    Trace(2012-Sep-23 04:13:50): CIDUpdateLocation::SyncProduct - Updating Product: SAVXP
    Trace(2012-Sep-23 04:13:50): CIDUpdate(SyncProduct.Start): SAVXP, http://avupdate.xx.xxx.xx/SophosAtHome/CIDs/S000/xxxxxxxx/
    Trace(2012-Sep-23 04:13:50): Checksum found in master.upd matches cached cidsync.upd : 275ccb28. Skipping download
    Trace(2012-Sep-23 04:13:50): CIDUpdate(PrimarySuccess):
    Trace(2012-Sep-23 04:13:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, SyncProduct returned - 1
    Trace(2012-Sep-23 04:13:50): TrySyncProduct<class AutoUpdate::CIDUpdateLocation>, Ended - 1
    Trace(2012-Sep-23 04:13:50): UpdateLocationFacade::SyncProduct: Last Update Mechanism = CID
    Trace(2012-Sep-23 04:13:50): CIDUpdateLocation::SyncProduct - Updating Product: Sophos AutoUpdate
    Trace(2012-Sep-23 04:13:50): CIDUpdate(SyncProduct.Start): Sophos AutoUpdate, http://avupdate.xx.xxx.xx/SophosAtHome/CIDs/S000/xxxxxxxx/
    Trace(2012-Sep-23 04:13:50): Checksum found in master.upd matches cached cidsync.upd : bf9b3c06. Skipping download
    Trace(2012-Sep-23 04:13:50): CIDUpdate(PrimarySuccess):
    Trace(2012-Sep-23 04:13:51): ALUpdate(DownloadEnded):
    Trace(2012-Sep-23 04:13:51): UpdateCoordinator::UpdateNow: About to Action list of products
    Trace(2012-Sep-23 04:13:51): ALUpdate(Action.Skipped): SAVXP
    Trace(2012-Sep-23 04:13:51): ALUpdate(Action.Skipped): Sophos AutoUpdate
    Trace(2012-Sep-23 04:13:52): RMSMessageHandler: ALUpdateEnd
    Trace(2012-Sep-23 04:13:52): Sending message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2012-Sep-23 04:13:52): IPCSender::Write: Writing message: <?xml version="1.0" encoding="utf-8" ?><Config type="RMSEndUpdate" />
    Trace(2012-Sep-23 04:13:52): IPCSender::ProcessSend: Listener not ready starting to wait
    Trace(2012-Sep-23 04:13:53): IPCSender::ProcessSend exiting

    :32559
Children
No Data