This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

This thread was automatically locked due to age.

0 NikolaFBA over 13 years ago

Did anyone try to reinstall Sophos after almon error?
:31253
Cancel
Vote Up 0 Vote Down

Cancel
0 TTM over 13 years ago

all valid points!!!
1. Update managers keeps failing.
2. Clients are not getting updates since 5pm yesterday.
3. Calling support is futile because your phone connection will be disconnected within 30 seconds.
We have so much invested in Sophos and is it time to reconsider that?
:31261
Cancel
Vote Up 0 Vote Down

Cancel
0 kturner over 13 years ago

What is the solution for those of that had delete set for files that couldn't be cleaned? I have 50+ workstations, potentially many more, that deleted not just ALmon.exe, but also inetconn.dll, sharedres.dll, ilogres.dll, and many many more from the Sophos AutoUpdate folder.
I have tried uninstalling Sophos completely, including using the Microsoft Fix IT Uninstaller to remove Sophos AutoUpdate, which will not remove via the usual uninstaller anymore. I then tried restarting the PC and reinstalling Sophos, but this does not seem to work either. For some reason the install seems to hang from the console point of view, and on the client it seems to not want to update still. Is there a tool that can be used to reinstall/fix just the AutoUpdater and replace all the missing files?
:31265
Cancel
Vote Up 0 Vote Down

Cancel
0 woopdeedoo over 13 years ago

Copying the contents of a working C:\Program Files\Sophos\Sophos AutoUpdate folder to the same folder on an affected machine resolved the updating issue for many of my clients. This is obviously only effective once the offending IDE has been removed.
:31271
Cancel
Vote Up 0 Vote Down

Cancel
0 nf over 13 years ago

after the various almon errors.. i was able to reprotect it and it solved it
:31277
Cancel
Vote Up 0 Vote Down

Cancel
0 Roar over 13 years ago

Besides the Sophos auto update files and almon.exe, Sophos AV also deleted the update and system files for our FW-GUI, Google Chrome, Java and Flash Player. Not possible to start/update those before I reinstalled them...
:31283
Cancel
Vote Up 0 Vote Down

Cancel
0 SophUhOh over 13 years ago

Where do I send my bill to at Sophos?
:31285
Cancel
Vote Up 0 Vote Down

Cancel
0 Deepfat over 13 years ago

About a third of our estate was resolved using the Sophos published solution.
We've had to manually uninstall and re-install the rest which is mighty time consuming (about 200 PCs).
Uninstall all 3 Sophos Components from add remove programs
Delete Agen-xuv.ide file if still present
Reboot
Protect from Console
Reboot
Don't suppose we'll see a 3 month licence extension for all the inconvenience????
:31287
Cancel
Vote Up 0 Vote Down

Cancel
0 Zatol over 13 years ago

I have over 22,000 client machines and the number reporting this as a virus continues to rise. I've fixed policies not to delete, but at this point I have no clue what's going on because I don't trust the software. I'm at 2% reporting which is up over 500 computers. If I have to touch all of these by hand this will be absolutely the most assanine thing an anti-virus company has ever produced. Identify yourselves as a virus, novel idea.
:31289
Cancel
Vote Up 0 Vote Down

Cancel
0 Nik_Nak2 over 13 years ago

If anyone hasn't tried the below already give it a try - thankfully I had a back up.
The Shh/Updater B deleted some files and then I couldn't get the update files working.
1) Remove agen-xuv.ide from "C:\Program Files\Sophos\Sophos Anti-Virus"
2) Disable on access scanning in Sophos control centre
3) Under Anti-Virus Hips in the "Endpoint Security" module add - the aforementioned exceptions:
C:\Documents and Settings\All Users\Application Data\Sophos\
C:\Program Files\Sophos\
C:\Program Files (x86)\Sophos\
C:\programdata\sophos\
4) run "services.msc" from server - Start>Run command
5) Find the following 2 services: Sophos AutoUpdate Service & Sophos Update Manager
6) Right click and select properties and each service and write down the path to the executable files. They should be something like Program files\sophos\auto update & Program files\sophos\scc\sum
7) Locate these folders - these are where there are likely to be files missing! If you have a back up then locate the archived folders - then compare.
I was missing ALUpdate.exe and ALsvc.exe from the suto update folder and SophosUpdateMgr.exe, SUMservice.exe and UpdateSUMConfig.exe from the SUM folder. Providing you have the backups - and have disabled on access scanning you should be able to copy in the missing files.
8) Once you have done this restart the above mentioned services
9) Choose update now from the Sophos Control Center
10) Hey presto that should have fixed it - you may then need to either update all workstations manually or centrally from the server
Good luck
CB
Make sure that your two folders SUM & Sophos Auto Update files have the same files in as before - my sophos deleted a few and I had to go into a backup to get them back!
:31293
Cancel
Vote Up 0 Vote Down

Cancel