Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260499 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    I was able to change on-access settings and exclusions even on machines that had already started complaining.

    Still getting alerts about the flash updater and so on but I can live with that as long as Sophos can update.  I can see having a major problem if files are automatically deleted or moved though.

    :30029
  • 0

    Yes, I'm getting the same Shh/Updater-B virus/spyware alerts and it has quarantined all 4 of these items:

    • C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe
    • C:\Program Files (x86)\Sophos\AutoUpdate\SingleGUIPlugin.dll
    • C:\Program Files (x86)\Sophos\AutoUpdate\inetconn.dll
    • C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

    If it isn't a hypersensitivity issue, then perhaps something has managed to tweak Sophos to cause it to disable it's own updating capability, in preparation for a more extensive attack.

    :30031
  • 0

    Thanks for the update. Had the office worried and yelling at me to fix it and couldn't figure out what was up.  Couldn't get ahold of anyone on the phone either as others have said.  Now to calm a few nerves around here...

    :30033
  • 0

    "Beyond the alerts, as long as you don't have SAV configured to move/delete files if they fail to be cleaned it should be ok."

    Well that is the rub isn't it.  For workstations I have cleanup/delete enabled.

    Not on servers though.

    :30037
  • 0

    those on 1.3.2.176

    did you have to reboot your update manager?  Mine is telling me it is required.

    :30039
  • 0

    Guys,

    Turn off Autoupdate for now in the console and then roll back 2 definitions and then push out the policy to everyone. Worked for us until Sophos fixes there stuff...

    :30041
  • 0

    1.3.2.176

    Required reboot.

    Interestingly, this "requires reboot" happened much earlier in the day.

    :30043
  • 0

    Confirmed, we getting the same detection and alerts.

    Calling sophos tech support is unsuccessful, the line is busy since hour.

    :30045
  • 0

    My workstations reported Sophos trying to quarantine and delete files OUTSIDE the Sophos folder, including Adobe and other locations. Also, the Sophos client broke on every workstation because it was deleting files it could not quarantine. I had everyone shut down their PCs to prevent further damage. Seems to be detecting every file/path with UPDATE in it:

     Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\plug_ins\Updater.api".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\GoogleUpdate.exe".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\USERS\Me.Mycompany\APPDATA\LOCAL\GOOGLE\UPDATE\1.3.21.123\GOOPDATE.DLL".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll". Cleanup unavailable.

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".

    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Users\Me.Mycompany\AppData\Local\Google\Update\1.3.21.123\goopdate.dll".


    :30047