Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
This is utter garbage.
All my workstations are killing their software installs and now I can't uninstall sophos cause of the auto updater.
Does anyone have a tool to remove sophos.
It will be easier for me to install the control center on a new server than try and fix this mess that sophos has caused.
Bazagee wrote:
Nathan wrote:
Di-Ankh wrote:Would this be an answer for my issue? Not sure if this applies to Windows 2003 server or not...
http://www.sophos.com/en-us/support/knowledgebase/118323.aspx
Hi,
Yes, I would give that a go. Please let me know if you have any trouble with it.This script works for me if I run it locally with Admin rights but I'm having a tough time scripting it with PSExec to trigger remotely. Can anyone post up again the syntax for that please...
EDIT: I'm able to push the files out to a temp folder on remote machines but not execute the .vbs with reqiured switches..
Below is what I did. I THINK it worked, but I was unable to remove the temporary folder I put on the remote machine. (It's like something was left open- yet I'm not seeing an Open Files on the machine from managing it from my machine. This has me scratching my head. Wonder if a remote restart would resolve the issue. Anyhow... maybe somone else can chime in here about that.
ALSO... I set up a temporary Domain Admin account so I could blast it away later. Wasn't sure about the security when I'm putting in the password in plain text with PSEXEC.
_______
_______
From a command prompt running under an account with Admin rights:
psexec \\computernamehere -u Domain\DomainAdminUsernameHere -p DomainAdminPasswordHere -w c:\YourTempFolderHere c:\YourTempFolderHere\BatchFileNameHere.bat
This is all I had in the batch file which was moved to the remote machines:
cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\sophosw\sophosupdate\cids\s013\savscfxp /updateNow:true
Microsoft Fix it can help you uninstall sophos. We need to do this on about 30 computers. (106/200 computer where power up at update and get harmed with files deletion, we try different script to copy files java-... Psexec and reinstalling client over for repair because of because it was opening incorrectly or sophos logo not disapearing from screen.
You tell fixit software you have problem uninstalling software and select SAV. it clear problem for file lock, clean registry problem and unnistall SAV and it does it if the user have no right for sophos admin on computer and anti virus is protect with tamper protection.
This has been test on xp, 7, w2k3, w2k8, w2k8 R2. It not working on w2k3 R2, it give error. Our Sophos server is on w2k3 R2 and i'm stock with sophos autoupdate software not able to uninstall because it tell NoUpdateInProgress same thing happend when I try installing. All other sophos client is unistall.
We need to find solution for server. I was cleaning up our domain PDC yesterday night and after unistall sophos I reboot the server and it never camme back. I was obligated to drive to the office and find solution about pdc not able to communicate with network and itself 20min for rebooting, dns not working and bunch of errors. Do the "netsh winsock reset" do the job. On the pdc and print ftp server. i was suposed to sleep at this time.
What sophos will do for compensation for everyone that lost time and productivity.
We just renew for 40 month. What should I do ? cancel the order and get the one Bundle (kaspersky) one I can add with Kaseya software we just buy. ( not already installed Sophos take all my time.)
The "You are safer in our world" messga at opening make me laugh for the last 3 days. HA HA joking.
Hello OregonCompany,
We have released the fix for the bad IDE that was sent out on Wednesday. Late Wednesday night the new IDE to combat the issue was sent out. In terms of fixing the issue there will be some troubleshooting steps that will need to be taken. I would advise looking at our Sophos KB article 118311. This will give you all the information you will need to know about the issue and it will give you links on how to troubleshoot this and how to fix this issue. We do apologize that we have not answered your emails or have been able to answer your calls. As you may know this is a global issue and we are trying our best to get to every customer we have to help them solve this issue. Our phones have been quite packed and we have had all hands on deck for the last three days. I can assure you we are doing our best to help every single customer we have to get everything up and running again. Again please reference the KB article above. If you have any other questions please feel free to call in this weekend, we are estimating the call times to be shortended. Thank you very much for your patience!
AnthonyCarbon wrote:This is utter garbage.
All my workstations are killing their software installs and now I can't uninstall sophos cause of the auto updater.
Does anyone have a tool to remove sophos.
It will be easier for me to install the control center on a new server than try and fix this mess that sophos has caused.
Hi,
We have provided a very effective script for repairing broken Sophos installs. The script and usage information can be found in KBA 118323. Using that script should be easier and more time effective than building a new environment. Keep in mind that even from your new server, you might still have difficulty pushing the install to the endpoints again if the false positives are still being triggered on the endpoints.
OregonCompany wrote:
Two days later and issue is not resolved. Sophos support has neglected to answer my emails, and it is impossible to get through on the phone. Meanwhile our employees are unable to use Quickbooks which kind of sucks for the accounting department as a whole if you know what I mean.
Hi,
If you have a case number for those emails, please send it to me and I will see if I can figure out what happened. As for your Quickbooks issue, what cleanup action did you use? If you use the Move action, please see the script in KBA 118315 that will help restore files in their original locations.
kurbycar32 wrote:I have 3 CID folders, all have the alsvc file. Here is the command i executed:
cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\sophos-server\SophosUpdate\CIDs\S000\SAVSCFXP /updateNow:true
Per documentation i attempted to run this manually before deploying it and it hasnt been able to fix anything yet.
Is the script encountering errors? If so, please post them here and I will see if I can help. To my knowledge, any time the script has been run successfully the endpoint is resolved. Please let me know what you are seeing that isn't fixed if it is running without error for you.
Ps. Please be sure you are running the latest version of the script. Version 1.6. If not, the download link in KBA 118323 has been updated with the latest version which includes improvements and additional features. Please see the readme in the archive and the details in the KBA.
Wrong answer to my question.
All I request is the right procedure to UNINSTALL the broken Sophos leftovers from ANY MS Windows systems and a CLEAN REINSTALL since repair or remove crahses all time with giving out several information. I am not willing to post them all, waiting for specific answers on all the garbage.. Time is money, and protection can't wait for days till you guys set up an easy way to fix all the errors on each system; nevertheless you (Sophos) are responsible for your product and I figure that compensation by Sophos in a situation where our systems will be attacked and shut down or completely x-rayed by offenders will not cover the need your company might have brought to our company and employers..
So much for politics.
YOU (SOPHOS) PLEASE POST SOME FIX ASAP. Don't want to hear any question on how our systems are whatsoever. Just post the reinstall, and we're good (so far.) And I'm not going to accept some forum msg any longer that maybe on page 116 informaiton#768 might solve my problem... -You caused it all, generated sleepless nights for us customers and sysops who trusted in (and payed for) your software; the rest is a legal matter.
You have my account info, my email and all this; you better spread information on here, OBVISIOUSLY visible for everyone else who had requested the same, additionally inform me by mail; Monday we will check our legal options to sue the sh** out of Sophos for this damage.
I am sorry for my straight words. I am usually less tempered but this leak of security you have caused is way too much for some decent conversation. I guess I am talking for hundreds of companies and their sysops who cannot find time enough to solve the daily matters because of being occupied by fixing the damages you are responsible for.
liquidrubber wrote:Wrong answer to my question.
All I request is the right procedure to UNINSTALL the broken Sophos leftovers from ANY MS Windows systems and a CLEAN REINSTALL since repair or remove crahses all time with giving out several information. I am not willing to post them all, waiting for specific answers on all the garbage.. Time is money, and protection can't wait for days till you guys set up an easy way to fix all the errors on each system; nevertheless you (Sophos) are responsible for your product and I figure that compensation by Sophos in a situation where our systems will be attacked and shut down or completely x-rayed by offenders will not cover the need your company might have brought to our company and employers..
So much for politics.
YOU (SOPHOS) PLEASE POST SOME FIX ASAP. Don't want to hear any question on how our systems are whatsoever. Just post the reinstall, and we're good (so far.) And I'm not going to accept some forum msg any longer that maybe on page 116 informaiton#768 might solve my problem... -You caused it all, generated sleepless nights for us customers and sysops who trusted in (and payed for) your software; the rest is a legal matter.
You have my account info, my email and all this; you better spread information on here, OBVISIOUSLY visible for everyone else who had requested the same, additionally inform me by mail; Monday we will check our legal options to sue the sh** out of Sophos for this damage.
I am sorry for my straight words. I am usually less tempered but this leak of security you have caused is way too much for some decent conversation. I guess I am talking for hundreds of companies and their sysops who cannot find time enough to solve the daily matters because of being occupied by fixing the damages you are responsible for.
Hi,
If you feel you must uninstall Sophos to resolve this issue, then tools like the Microsoft FixIt utility may be able to help. Before you pursue that option though, I would strongly recommend that you try one of the scripts we've provided to assist with remediation. Using these scripts will be much easier than trying to uninstall and reinstall. Please run through the advisory KBA if you haven't already (or again if you haven't looked at it in a while as we are regularly updating it), and be sure to look at the tools in KBA 118323, KBA 118324, KBA 118315 as well as several others that you can get to through the advisory KBA. If you hit a snag, please post here to see if myself or someone else can offer advice specific to your situation that can get you going again. In the case of more complex issues, the normal support channels are your best bet, though due to the volume it may take a little time to get through. I truly hope that helps.
