This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

This thread was automatically locked due to age.

Parents

0 LINCK over 13 years ago

Hello Sophos

The steps to use psexec in this KB

http://www.sophos.com/en-us/support/knowledgebase/118337.aspx

fail!!

C:\SophosFix>psexec \\1806974-S -u DOMSDP\sophos -p ****** -h -w %temp% -d cscript.exe //nologo \\1.1.194.40\SophosUpdate\FixUpdate.vbs /fixIssues:true /updateNow:true /clearQuarantine:true
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

PsExec could not start cscript.exe on 1806974-S:
The system cannot find the file specified.

In this time we are using this code :

File: ExecuteFixRemote.bat


@echo off

Set CID=1.1.194.40
Set USERNAME=DOMSDP\Sophos
Set PASSWORD=*******


net use o: \\%CID%\SophosUpdate /User:%USERNAME% %PASSWORD% /persistent:no
xcopy "o:\FixUpdate.vbs" "%systemRoot%\system32"  /Y /H /R /K /C

cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\%CID%\SophosUpdate\CIDs\S000\SAVSCFXP /updateNow:true /clearQuarantine:true

net use o: /Delete

Lauch the script with psexec.

C:\SophosFix>psexec @FpWithoutFix.txt -c -v executefixremote.bat -d

Check the KB.

Regards

Linck Tello Flores

www.innovare.pe

Reply