Is any one else seing this alert - Shh/Updater-B False positives

I e-mailed my account rep and he replied with the following:

We are currently engaged with SophosLabs over a false positive relating to 'Shh/Updater-B', and I want to quickly let you know of this false positive, and that you do not have an outbreak.

If you have live protection enabled, you should stop seeing these detections as the files are now marked ‘‘‘‘clean’’’’ in the cloud. If you do not have LiveProtection enabled you will stop seeing the new detections come in after the next IDE is released (releasing now in agen-xuv.ide).

There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible. Please double check your SAV policy under cleanup; You want to ensure your secondary option (when cleanup is not available or does not work) to be set to ‘‘‘‘deny access’’’’ and not delete or move. Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down.

Re: Rollback instructions: 

I'm not seeing any options for definitions other than 1.32.176 and "Recommended" -- is there something I'm missing?

But you've quarantined your own updater. How can this update be applied?

In fact, my update manager is quarantining every file from your servers as it downloads! How are you going to fix this?

It's a false positive:

http://twitter.com/SophosSupport/status/248530544328056832

-rt

I went through the steps to roll back to ver. 1.2.1.161.1, but not having any luck here. Almost like my Enterprise console is locked up....

Exactly, how will it update is the updater isn't functional?

Well they finally acknowedlged the error on thier own site at least:

http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

How does something like this happen.....

I've not had an AV vendor screw up this bad in 20+ years of being an admin. Lucky, maybe?

This wouldn't be so bad if 1) it didn't hit too quickly to disable the bits affected (100+ nodes hit in less than a few minutes) and 2) it didn't also do things like quarantine it's own bits. How am I supposed to just call this a false positive when the software is comitting suicide?

I think this means I get to re-deploy on a hundred or so systems:

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\cidsync.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\cidsync.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\cidsync.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000".

"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\swi_update_64.exe.1.000".