Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260664 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    So what does a person do to get these machines to quit reporting they have a virus?  I've got the supposed update fix (agen-xuv.ide) on my SUM, and it's been pushed to every client that's connected.

    When I turn realtime scanning back on, however, machines keep showing in the console & reporting they have a virus, even though I've turned off all messaging for the clients.

    :30367
  • 0

    I would contact support if they would answer the phones, all numbers are busy

    :30371
  • 0

    There is no agen-xuv.exe file in that folder dude.

    :30373
  • 0

    Looks like it deleted ALsvc.exe, the service is running but it won't be for long :)   I moved it out of my infected folder and restarted the service.   System updated while it was missing...it seems fine and didn't delete it.   I'd run an update on your machines before they reboot for the night to see if they fix themselves before that service shuts down

    :30375
  • 0

    Hmmm ... anyone looked at jobscout for "Senior Technician, former employed at a big Antivirus Company, is looking for a new job" :smileyvery-happy:

    Sorry, but at the moment the only thing to do is keep smiling ...

    Thank god it is night here in Germany (0am) ...

    Now trying to update Enterprise Console with disabled live protection ...

    :30377
  • 0

    What do we do to get our Sophos Server to download the fix?  When I tell my server to Update Now in the Update manager, it says Software Delivery Failed. Looking at the log I see this..

    Delivery Failed for software Subscription "Recommended". Access to the source update location is denied or hte locaiton is otherwise unavailable

    :30379
  • 0

    ccgits, agen-xuv.ide is the problem IDE. You need javab-jd.IDE.

    As I mentioned, you can delete agen-xuv.ide and restart savservice if your updating is failing but have not deleted any files. I would not recommend disabling OnAccess scanning as a whole as it opens a bigger security hole then necessary, but that would work as well.

    :30381
  • 0

    Inconvenient and annoying is just a bit of an understatement for this disaster.

    Sophos: I want a 1 Year extension for all of my subscription as compensation for the time and expense it will take to reprotect our computers.  You caused this mess, now you should pay for it.

    :30383
  • 0

    We too are receiving alerts (close to 5000 ). I have disabled the email messaging. Please ensure that if there are any scheduled scans configured to delete if cleanup fails are disabled temporarily

    :30385