Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261644 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    The only fix I have found is to sign on to the PC with an admin account.

    Run MicrosoftFixit.ProgramInstallUninstall.FISC.135271592702497964.1.2.Run.exe from Microsoft and remove everything related to Sophos.

    After that, the system can be protected again from the SEC.

    Now I just need to do this on 100+ systems...

    EDIT BELOW

    Upon further review. After running Protect Computers... in SEC. The system never goes back online in SEC. It just sits with the down arrow, looking like it is doing something.

    On the system itself, there are two items listed in Quarantine.

    Shh/Updater-B C:\Program Files (x86)\Sophos\AutoUpdate\swlocale.dll

    Shh/Updater-B C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api

    Is there a way to tell when these were added to the QM?

    Can I move or delete them?

    EDIT II

    How is it possible to have two of the same system in the SEC?

    The system I mentioned previously in this post had two. One was normal, one was not after running the Microsoft fix. I had not resorted, so they were not next to each other in the PC list.

     EDIT Final

    OK

    If I follow all of my previous steps and then remove the items from quaratine and rerun Protect Computers from SEC, it appears to work.

    The issue is I have over 100 systems that are still in this state.  Is there no other way to get them up and running again?

    :33295
Reply
  • 0

    The only fix I have found is to sign on to the PC with an admin account.

    Run MicrosoftFixit.ProgramInstallUninstall.FISC.135271592702497964.1.2.Run.exe from Microsoft and remove everything related to Sophos.

    After that, the system can be protected again from the SEC.

    Now I just need to do this on 100+ systems...

    EDIT BELOW

    Upon further review. After running Protect Computers... in SEC. The system never goes back online in SEC. It just sits with the down arrow, looking like it is doing something.

    On the system itself, there are two items listed in Quarantine.

    Shh/Updater-B C:\Program Files (x86)\Sophos\AutoUpdate\swlocale.dll

    Shh/Updater-B C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api

    Is there a way to tell when these were added to the QM?

    Can I move or delete them?

    EDIT II

    How is it possible to have two of the same system in the SEC?

    The system I mentioned previously in this post had two. One was normal, one was not after running the Microsoft fix. I had not resorted, so they were not next to each other in the PC list.

     EDIT Final

    OK

    If I follow all of my previous steps and then remove the items from quaratine and rerun Protect Computers from SEC, it appears to work.

    The issue is I have over 100 systems that are still in this state.  Is there no other way to get them up and running again?

    :33295
Children
No Data