Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261170 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    Unfortuantely I tried to reinstall Sophos on some affected clients before looking into this script. Would this have deleted the required log file? After the install the clients won't update because the update client couldn't be uninstalled during the install.

    :31543
  • 0

    What do you do when you cannot get the SUM to run the update?  I have followed the advisory and nothing happens.......

    I have stopped and started the services a million times restarted my SUM server..  nothing....

    Phone is still a fast busy and no one responds to email sent to Sophos support...

    :31545
  • 0
    Jeff1527 wrote:

    What do you do when you cannot get the SUM to run the update?  I have followed the advisory and nothing happens.......

    The advisory steps should be working. When you select "update now" on the Update Manager, what happens?

    :31547
  • 0

    absolutely nothing.  The log reports show nothing new.  Just the last failed attempt 2 hrs ago before I tried following the steps laid out in the advisory.

    :31549
  • 0

    HOW I FIXED MY SUM (The slightly longer but easy way)

    1. Disable on access scanning on the server

    2. Launch the Setup.exe in here: C:\Program Files (x86)\Sophos\Enterprise Console\SUMInstaller (You will get errors)

    3. When the installer says it cant find the file search for the name here: C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    4. You will find the missing files with .000 appended to them

    5. Copy the files out of the infected folder to the path specified by the installer

    6. Hit retry, it will find your file

    7. Repeat for each file, my server needed i think 4 files restored.

    8. This will repair the SUM and start the service

    9. Use "Update Now" on your update manager in the enterprise console

    :31551
  • 0

    The SUM isn't updating for me either.  Also the KB article/advisory has disappeared for me.

    :31553
  • 0
    Jeff1527 wrote:

    What do you do when you cannot get the SUM to run the update?  I have followed the advisory and nothing happens.......

    I have stopped and started the services a million times restarted my SUM server..  nothing....

    Phone is still a fast busy and no one responds to email sent to Sophos support...

    Sorry, I was replying during your edit. The phone system has been struggling to keep up with the volume. I recommend going back through the advisory steps one by one to see where things went wrong. That should work. If not, there may be something else going on and you'll need to speak with support. If that is the case, please keep trying.

    :31555
  • 0

    Chadster you have to temporarily turn off On-Access scanning for the script to work... OR

    You can keep it on if you choose, but you must add these exclusions:

    C:\Documents and Settings\All Users\Application Data\Sophos\

    C:\Program Files\Sophos\

    C:\Program Files (x86)\Sophos\

    C:\ProgramData\sophos\

    :31557
  • 0
    Jeff1527 wrote:

    absolutely nothing.  The log reports show nothing new.  Just the last failed attempt 2 hrs ago before I tried following the steps laid out in the advisory.

    If you haven't already, physically check your update location to confirm if the javab-jd.ide is present. Directions on how to do this are in the advisory. Failing that, try performing a repair on SUM (directions for this are also in the advisory) and then try updating again.

    :31559
  • 0

    Nathan I'm back on the phone again on hold. I hope the phone queue has died down since this is still causing issues for us and the fixes have not worked.

    :31561