Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
Pablo-Setting wrote:Hi everybody,
I'm having a lot of installed Sophos products on Spanish operating systems, and the scripts are not working. I have updated the scripts with the Spanish OS variables but still with code errors. I have hours trying without success. Can somebody try the scripts for other languages?. I can help to work on it.
Which scripts are you using?
Do you have any ideas on how to fix my bat file?
@ECHO ON REM --- Fix for sophos xcopy \\dbqwsus\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\*.* "C:\ProgramData\Sophos\AutoUpdate\" /s /y pushd \\dbqlnx\ZENAPPS\sophos\Agen-xuvIssue cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\dbqwsus\SophosUpdate\CIDs\S000\SAVSCFXP /updateNow:true popd
Nathan wrote:
SLCIT wrote:I am having a go at resolving this issue that we are having, but I am getting stuck at a certain point...
We have the Clean Up set to "deny access and move to default location" but when looking in C:\Program Files\Sophos\Sophos Anti-Virus there is no "INFECTED" folder, there are only two folders in this directory "Web Control" and "Web Intelligence".
Files have deffinately been move to this location, as I am seeing this in email from the console. "Infected file "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000"."
I have checked several machines that are affected, and all are the same having no "INFECTED" folder. So I am kind of stuck with not knowing which path to take to get this issue resolved on my machines. Is there a 1 fix for all scenarios that I can try?
Also... We are seeing more than just the Sophos Update files that are effected by this, will the "fix" that is run also restore all other files that were effected?
Hi, I think I see the problem. The INFECTED folder is in ProgramDATA, not Program Files. At any rate, if Autoupdate is broken you'll have better luck using the script from 118323 first, then use the script in KB 118315. The advisory has been updated with this recommendation as well.
This may be the case on Win7 machines, but I am looking at WinXP as well. Is there another location I should be looking on WinXP machines other than Program Files?
Hi, we have been working with different scripts, we have almost every OS in our country (Colombia, South America) and we have solver our issues with this 3 scripts (they have been modified from their original, and we have changed the QuarantineESP.vbs to work with Spanish OS Versions)
You will have to execute them in this order, and then reboot your machine: SophosFIX2(1).bat, then QuarantineESP(2).vbs if your OS is ins Spanish, or QuarantineENG(2).vbs if the OS is in enlgish and at last, the Script1(3).bat, then reboot.
This procedure will ONLY work if you had or have previously placed your Cleanup Options to Quarantine if the Cleanup does nto work, if you put in Cleanup options to Delete, you will have to reprotect.
SophosFIX2(1).bat:
Net Stop SAVService
If Exist "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo File Deleted)
If Exist "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" (Del "C:\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide"&Echo File Dleted)
If Exist "C:\Sophos\Update Manager\CIDs\S000\SAVSCFXP\SAVXP\agen-xuv.ide" (Del "C:\Sophos\Update Manager\CIDs\S000\SAVSCFXP\SAVXP\agen-xuv.ide"&Echo File Deleted)
If Exist "C:\Sophos\Update Manager\CIDs\S001\SAVSCFXP\SAVXP\agen-xuv.ide" (Del "C:\Sophos\Update Manager\CIDs\S001\SAVSCFXP\SAVXP\agen-xuv.ide"&Echo File Deleted)
If Exist "C:\Sophos\Update Manager\CIDs\S002\SAVSCFXP\SAVXP\agen-xuv.ide" (Del "C:\Sophos\Update Manager\CIDs\S002\SAVSCFXP\SAVXP\agen-xuv.ide"&Echo File Deleted)
If Exist "C:\Sophos\Update Manager\CIDs\S003\SAVSCFXP\SAVXP\agen-xuv.ide" (Del "C:\Sophos\Update Manager\CIDs\S003\SAVSCFXP\SAVXP\agen-xuv.ide"&Echo File Deleted)
Net Start SAVService
QuarantineESP(2).vbs:
' Script to copy back files identified as infected using the SAV log files.
' It will parse all files called SAV* in the SAV log directory for copy actions
' by default logs to: "\Users\[User]\AppData\Local\Temp\CopyPDFBack.txt" or
' \documents and settings\[User]\Local Settings\Temp\CopyPDFBack.txt" depending on OS.
const WOW_KEY = "Wow6432Node"
const FOR_READING = 1
const MESSAGE_STRING = "Se ha movido el archivo infectado"
const SAV_LOG_PRE_FIX = "SAV"
const VIRUS_NAME = "Virus/spyware 'Shh/Updater-B' ha sido detectado en"
dim strWow6432Node, strLogPath, objFSO, objFile, strLogFileName
dim strSAVLogLocation, strSAVLogLocationDir, strRes, objLogFile, strRegPath
strLogFileName = "CopyFilesBack.txt" 'Lines contain the text in the constant "MESSAGE_STRING"
'Setup global objects
set objFSO = CreateObject("Scripting.FileSystemObject")
'Get script log file location to write to
strLogPath = GetLogLocation() & "\" & strLogFileName
set objLogFile = objFSO.CreateTextFile(strLogPath, true)
WriteToLog 0, "Starting script to recover quarantined files where: log contains the line: '" & MESSAGE_STRING
strWow6432Node = "\"
if Is64(".") then
strWow6432Node = "\" & WOW_KEY & "\"
WriteToLog 0, "64-bit machine."
else
strWow6432Node = "\"
WriteToLog 0, "32-bit machine."
end if
strRegPath = "HKEY_LOCAL_MACHINE\SOFTWARE" & strWow6432Node & "Sophos\SAVService\Application\LogDir"
strRes = GetKey(strRegPath)
if strRes = "0" then
WriteToLog 1, "Failed to get SAV log location from registry."
WriteToLog 1, "Exiting script."
wscript.quit (1)
else
WriteToLog 0, "Read the SAV log location from registry."
end if
strSAVLogLocationDir = strRes
WriteToLog 0, "Location of log directory: " & strSAVLogLocationDir
'For each file starts with 'SAV_LOG_PRE_FIX'
WriteToLog 0, "For each file in the directory that starts '" & SAV_LOG_PRE_FIX & "'."
set objFolder = objFSO.GetFolder(strSAVLogLocationDir).files
intFound = 0
for each SAVFile in objFolder
if instr(SAVFile.name, SAV_LOG_PRE_FIX) > 0 then
set objFile = objFSO.OpenTextFile (strSAVLogLocationDir & "\" & SAVFile.name, FOR_READING, false, -1)
WriteToLog 0, "=================Processing: '" & SAVFile.name & "'========================"
do While objFile.AtEndOfStream <> true
strLineIn = trim(objFile.ReadLine)
if instr(strLineIn, VIRUS_NAME) > 0 then
intFound=1
WriteToLog 0, "The next line will have info on " & VIRUS_NAME
End if
if intFound = 1 then
strLineIn = trim(objFile.ReadLine)
WriteToLog 0, strLineIn
intFound=0
if (instr (strLineIn, MESSAGE_STRING) > 0) then
'Interested in the lines as it matches our requirements.
arrOfLine = split(strLineIn, """")
strOrigFilePath = trim (arrOfLine(1))
strNewFilePath = trim (arrOfLine(3))
WriteToLog 0, strOrigFilePath & " -> " & strNewFilePath
if CopyFileBack (strNewFilePath, strOrigFilePath) then
WriteToLog 0, "File restored."
else
WriteToLog 0, "File restore failed."
end if
end if
end if
loop
end if
next
'***********************************************************************************************************
WriteToLog 0, "Script finished."
set objFolder = nothing
set objLogFile = nothing
set objFSO = nothing
'***********************************************************************************************************
'Functions
'***********************************************************************************************************
Function GetLogLocation()
on error resume next
Set objTempFolder = objFSO.GetSpecialFolder(2)
if objTempFolder = "" then
GetLogLocation = "C:\windows\temp\" 'Set to Windows temp if can't get the dir.
else
GetLogLocation = objTempFolder
end if
Set objTempFolder = nothing
End function
'***********************************************************************************************************
'***********************************************************************************************************
Function CopyFileBack (strCurrentLocation, srcOrigLocation)
WriteToLog 0, "-->CopyFileBack()"
on error resume next
err.clear
If objFSO.FileExists(strCurrentLocation) Then
WriteToLog 0, "File exists: " & strCurrentLocation & " attempt to copy back to: " & srcOrigLocation
objFSO.moveFile strCurrentLocation, srcOrigLocation
if err.number <> 0 then
WriteToLog 1, "Failed to copy file: " & err.number & " : " & err.description
CopyFileBack = false
else
CopyFileBack = true
end if
else
WriteToLog 1, "Copying file back failed as file " & strCurrentLocation & " doesn't exist."
CopyFileBack = false
End If
WriteToLog 0, "<--CopyFileBack()"
End Function
'***********************************************************************************************************
'***********************************************************************************************************
Function Is64(strMachineName)
WriteToLog 0, "-->Is64(" & strMachineName & ")"
on error resume next
err.clear
dim objWMIService, objColSettings, strDesc, objProcessor
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strMachineName & "\root\cimv2")
Set objColSettings = objWMIService.ExecQuery ("SELECT AddressWidth FROM Win32_Processor")
if err.number <> 0 then
WriteToLog 1, "Error Number: " & err.number & " Error Description: " & err.description, 1
wscript.quit(1)
end if
For Each objProcessor In objColSettings
strDesc = objProcessor.AddressWidth
Next
if strDesc = "32" then
Is64 = false
end if
if strDesc = "64" then
Is64 = true
end if
Set objWMIService = nothing
set objColSettings = nothing
WriteToLog 0, "<--Is64()"
End Function
'***********************************************************************************************************
'***********************************************************************************************************
Function WriteToLog (strSev, strLogLine)
dim strToWrite
strToWrite = ""
select case strSev
case 0
strToWrite = "INF: "
case 1
strToWrite = "ERR: "
case else
strToWrite = "UNKNOWN: "
end select
objLogFile.WriteLine Date() & " " & Time() & " " & strToWrite & " " & strLogLine
End Function
'***********************************************************************************************************
'***********************************************************************************************************
Function GetKey(strPath)
on error resume next
dim strPathToLog
dim objReg
set objReg = wscript.createobject("wscript.shell")
err.clear
strPathToLog = objReg.RegRead (strPath)
if err.number = 0 then
GetKey = strPathToLog
else
GetKey = 0
end if
set objReg = nothing
End Function
QuarantineENG(2).vbs:
' Script to copy back files identified as infected using the SAV log files.
' It will parse all files called SAV* in the SAV log directory for copy actions
' by default logs to: "\Users\[User]\AppData\Local\Temp\CopyPDFBack.txt" or
' \documents and settings\[User]\Local Settings\Temp\CopyPDFBack.txt" depending on OS.
const WOW_KEY = "Wow6432Node"
const FOR_READING = 1
const MESSAGE_STRING = "has been moved to"
const SAV_LOG_PRE_FIX = "SAV"
const VIRUS_NAME = "Virus/spyware 'Shh/"
dim strWow6432Node, strLogPath, objFSO, objFile, strLogFileName
dim strSAVLogLocation, strSAVLogLocationDir, strRes, objLogFile, strRegPath
strLogFileName = "CopyFilesBack.txt" 'Lines contain the text in the constant "MESSAGE_STRING"
'Setup global objects
set objFSO = CreateObject("Scripting.FileSystemObject")
'Get script log file location to write to
strLogPath = GetLogLocation() & "\" & strLogFileName
set objLogFile = objFSO.CreateTextFile(strLogPath, true)
WriteToLog 0, "Starting script to recover quarantined files where: log contains the line: '" & MESSAGE_STRING
strWow6432Node = "\"
if Is64(".") then
strWow6432Node = "\" & WOW_KEY & "\"
WriteToLog 0, "64-bit machine."
else
strWow6432Node = "\"
WriteToLog 0, "32-bit machine."
end if
strRegPath = "HKEY_LOCAL_MACHINE\SOFTWARE" & strWow6432Node & "Sophos\SAVService\Application\LogDir"
strRes = GetKey(strRegPath)
if strRes = "0" then
WriteToLog 1, "Failed to get SAV log location from registry."
WriteToLog 1, "Exiting script."
wscript.quit (1)
else
WriteToLog 0, "Read the SAV log location from registry."
end if
strSAVLogLocationDir = strRes
WriteToLog 0, "Location of log directory: " & strSAVLogLocationDir
'For each file starts with 'SAV_LOG_PRE_FIX'
WriteToLog 0, "For each file in the directory that starts '" & SAV_LOG_PRE_FIX & "'."
set objFolder = objFSO.GetFolder(strSAVLogLocationDir).files
intFound = 0
for each SAVFile in objFolder
if instr(SAVFile.name, SAV_LOG_PRE_FIX) > 0 then
set objFile = objFSO.OpenTextFile (strSAVLogLocationDir & "\" & SAVFile.name, FOR_READING, false, -1)
WriteToLog 0, "=================Processing: '" & SAVFile.name & "'========================"
do While objFile.AtEndOfStream <> true
strLineIn = trim(objFile.ReadLine)
if instr(strLineIn, VIRUS_NAME) > 0 then
intFound=1
WriteToLog 0, "The next line will have info on " & VIRUS_NAME
End if
if intFound = 1 then
strLineIn = trim(objFile.ReadLine)
WriteToLog 0, strLineIn
intFound=0
if (instr (strLineIn, MESSAGE_STRING) > 0) then
'Interested in the lines as it matches our requirements.
arrOfLine = split(strLineIn, """")
strOrigFilePath = trim (arrOfLine(1))
strNewFilePath = trim (arrOfLine(3))
WriteToLog 0, strOrigFilePath & " -> " & strNewFilePath
if CopyFileBack (strNewFilePath, strOrigFilePath) then
WriteToLog 0, "File restored."
else
WriteToLog 0, "File restore failed."
end if
end if
end if
loop
end if
next
'***********************************************************************************************************
WriteToLog 0, "Script finished."
set objFolder = nothing
set objLogFile = nothing
set objFSO = nothing
'***********************************************************************************************************
'Functions
'***********************************************************************************************************
Function GetLogLocation()
on error resume next
Set objTempFolder = objFSO.GetSpecialFolder(2)
if objTempFolder = "" then
GetLogLocation = "C:\windows\temp\" 'Set to Windows temp if can't get the dir.
else
GetLogLocation = objTempFolder
end if
Set objTempFolder = nothing
End function
'***********************************************************************************************************
'***********************************************************************************************************
Function CopyFileBack (strCurrentLocation, srcOrigLocation)
WriteToLog 0, "-->CopyFileBack()"
on error resume next
err.clear
If objFSO.FileExists(strCurrentLocation) Then
WriteToLog 0, "File exists: " & strCurrentLocation & " attempt to copy back to: " & srcOrigLocation
objFSO.moveFile strCurrentLocation, srcOrigLocation
if err.number <> 0 then
WriteToLog 1, "Failed to copy file: " & err.number & " : " & err.description
CopyFileBack = false
else
CopyFileBack = true
end if
else
WriteToLog 1, "Copying file back failed as file " & strCurrentLocation & " doesn't exist."
CopyFileBack = false
End If
WriteToLog 0, "<--CopyFileBack()"
End Function
'***********************************************************************************************************
'***********************************************************************************************************
Function Is64(strMachineName)
WriteToLog 0, "-->Is64(" & strMachineName & ")"
on error resume next
err.clear
dim objWMIService, objColSettings, strDesc, objProcessor
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strMachineName & "\root\cimv2")
Set objColSettings = objWMIService.ExecQuery ("SELECT AddressWidth FROM Win32_Processor")
if err.number <> 0 then
WriteToLog 1, "Error Number: " & err.number & " Error Description: " & err.description, 1
wscript.quit(1)
end if
For Each objProcessor In objColSettings
strDesc = objProcessor.AddressWidth
Next
if strDesc = "32" then
Is64 = false
end if
if strDesc = "64" then
Is64 = true
end if
Set objWMIService = nothing
set objColSettings = nothing
WriteToLog 0, "<--Is64()"
End Function
'***********************************************************************************************************
'***********************************************************************************************************
Function WriteToLog (strSev, strLogLine)
dim strToWrite
strToWrite = ""
select case strSev
case 0
strToWrite = "INF: "
case 1
strToWrite = "ERR: "
case else
strToWrite = "UNKNOWN: "
end select
objLogFile.WriteLine Date() & " " & Time() & " " & strToWrite & " " & strLogLine
End Function
'***********************************************************************************************************
'***********************************************************************************************************
Function GetKey(strPath)
on error resume next
dim strPathToLog
dim objReg
set objReg = wscript.createobject("wscript.shell")
err.clear
strPathToLog = objReg.RegRead (strPath)
if err.number = 0 then
GetKey = strPathToLog
else
GetKey = 0
end if
set objReg = nothing
End Function
Script1(3).bat:
@echo off
echo.
echo --------------------------------------------------?------------------
ECHO Sophos Bad-Update Fixer Batch File -
ECHO removes bad definition and rebuilds the auto-updater
ECHO Written by Stewart Moss from Accumulo Consulting (Pty) Ltd.
Echo Version 1.0.1 - 20-Sept-2012 - Fixed for 32bit and 64bit detection
echo --------------------------------------------------?------------------
echo.
REM This script is for Sophos, Sophos Agents and their customers only and is to be used at your own RISK.
REM Neither Accumulo Consulting (Pty) Ltd nor the Author will take any responsibility to
REM any damages done by this script
REM
REM Please change the paths which say "\\MyServer\Staging\AutoUpdate\" to point to a copy of the
REM autoupdater which you have placed into a staging area.
REM
REM The autoupdater folder in the staging area is the entire folder copied from the CIDs
REM "\\MyServer\SophosUpdate\CIDs\S000\SAVSCFXP\s?au\program files\Sophos\AutoUpdate"
REM
REM History: 1.0.1 Fixed the script because it thought all Windows 7 machines were 64 bit!
REM
REM Copyright 2012 by Accumulo Conuslting (Pty) Ltd. All rights reserved.
REM All copyright information needs to remain as it is.
Echo Stopping Services
NET STOP "Sophos Agent"
NET STOP "Sophos Anti-Virus"
NET STOP "Sophos Anti-Virus status reporter"
NET STOP "Sophos AutoUpdate Service"
NET STOP "Sophos Message Router"
NET STOP "Sophos Web Control Service"
NET STOP "Sophos Web Intelligence Service"
REM Operating System Detection to copy to the right location
REM Windows 5.1 is Windows XP
ver | findstr /i "5\.1\." > nul
IF %ERRORLEVEL% EQU 0 goto WindowsXp
REM Server 2003 has the same paths as Windows XP
REM Windows 5.2 is Windows 2003 server
ver | findstr /i "5\.2\." > nul
IF %ERRORLEVEL% EQU 0 goto WindowsXp
REM Ok so only Windows Vista, Windows 7 and Server 2008 have made it to here
REM Now we need to work out if we are 32 bit or 64 bit Windows. We use the registry and read the
REM attributes of the first logical CPU. If it contains the characters "x86" it is 32 bit.
REG.exe Query "HKLM\Hardware\Description\System\CentralProc?essor\0" | Find /i "x86" > nul
If %ERRORLEVEL% == 0 Goto Windows732Bit
goto Windows764bit
:Windows732Bit
:WindowsXp
echo Processing for 32bit operating systems or Windows XP
echo Deleting offending definition
cd \"program files\Sophos\sophos anti-virus"
del /f "agen-xuv.ide"
xcopy "\\192.168.100.10\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\*.*" "C:\program files\sophos\AutoUpdate\" /S /E /Y /H /R /K /C
Echo Starting 32bit Services
NET START "Sophos Agent"
NET START "Sophos Anti-Virus"
NET START "Sophos Anti-Virus status reporter"
NET START "Sophos AutoUpdate Service"
NET START "Sophos Message Router"
NET START "Sophos Web Control Service"
NET START "Sophos Web Intelligence Service"
Echo Starting ALMON.EXE to bring shield back
Echo If the batch file hangs here, check the shield is loaded and you can close this batch file.
echo Our work is done.
echo.
"C:\program files\sophos\AutoUpdate\ALMON.EXE"
goto DoneStartServices
:Windows764bit
echo Processing for 64bit operating systems (Windows Vista, Windows 7 and Server 2008)
echo Deleting offending definition
cd \"program files (x86)\Sophos\sophos anti-virus"
del /f "agen-xuv.ide"
xcopy "\\192.168.100.10\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\*.*" "C:\program files (x86)\sophos\AutoUpdate\" /S /E /C /Y /H /R /K
Echo Starting 64bit Services
NET START "Sophos Agent"
NET START "Sophos Anti-Virus"
NET START "Sophos Anti-Virus status reporter"
NET START "Sophos AutoUpdate Service"
NET START "Sophos Message Router"
NET START "Sophos Web Control Service"
NET START "Sophos Web Intelligence Service"
Echo Starting ALMON.EXE to bring shield back
Echo If the batch file hangs here, check the shield is loaded and you can close this batch file.
echo Our work is done.
echo.
start /d "C:\program files (x86)\sophos\AutoUpdate\" ALMON.EXE
pause
exit
Have in maind that each file has to be created via Notepad and the extension must be the same as I placed it here. This procedure must be done on each Endpoint and on each SUM.
I cannot get through to tech support. I have gotten hung up on MANY times. When I add my name to be called back, the calls never come. I have been trying since 8am today to talk to someone in support.
Can I just create a new Sophos server and push out the current client? Will the new client and settings replace any of the clients that are broken?
Perhaps instead of installing a new server, you CAN and you MUST at the end of this horrible tunnel, to re-protect your machines. This is the final soution. I just posted 3 scripts that will work for slving your SUM and Endpoints Solution, the scripts and all the files are in english also. Hope it helps
SLCIT wrote:
Nathan wrote:
SLCIT wrote:I am having a go at resolving this issue that we are having, but I am getting stuck at a certain point...
We have the Clean Up set to "deny access and move to default location" but when looking in C:\Program Files\Sophos\Sophos Anti-Virus there is no "INFECTED" folder, there are only two folders in this directory "Web Control" and "Web Intelligence".
Files have deffinately been move to this location, as I am seeing this in email from the console. "Infected file "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000"."
I have checked several machines that are affected, and all are the same having no "INFECTED" folder. So I am kind of stuck with not knowing which path to take to get this issue resolved on my machines. Is there a 1 fix for all scenarios that I can try?
Also... We are seeing more than just the Sophos Update files that are effected by this, will the "fix" that is run also restore all other files that were effected?
Hi, I think I see the problem. The INFECTED folder is in ProgramDATA, not Program Files. At any rate, if Autoupdate is broken you'll have better luck using the script from 118323 first, then use the script in KB 118315. The advisory has been updated with this recommendation as well.
This may be the case on Win7 machines, but I am looking at WinXP as well. Is there another location I should be looking on WinXP machines other than Program Files?
Yes, on WinXP it's in %allusersprofile%\Application Data\Sophos\.
al04 wrote:Do you have any ideas on how to fix my bat file?
@ECHO ON REM --- Fix for sophos xcopy \\dbqwsus\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\*.* "C:\ProgramData\Sophos\AutoUpdate\" /s /y pushd \\dbqlnx\ZENAPPS\sophos\Agen-xuvIssue cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\dbqwsus\SophosUpdate\CIDs\S000\SAVSCFXP /updateNow:true popd
I'm not familiar with the pushd and popd options, but I can't get pushd to work with a network path.
