This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SHH/Updater-B Fiasco Recovery Steps

Just thought a thread for just the recovery steps would be helpful as I'm sure this is a big mess for many of my IT brethren who will be burning the midnight oil on the cleanup.

Perhaps a Sophos engineer could chime in on:

- what to do about "Software Delivery failed" in Update Manager

- what to do about ALsvc.exe and ALUpdate.exe being detected / quarantined

- other steps?

This thread was automatically locked due to age.

Parents

0 markinh over 13 years ago

We disabled AutoUpdate (Server Path).
I deleted agen-xuv.ide and rebooted on one Machine. This works.
Now I deploy deletion of the agen-xuv.ide on some managed PCs (Student Labs)
Most unmanaged Clients were switched off - hopefully. The malicious Update came 22:35 here in Germany.
:30473
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 markinh over 13 years ago

We disabled AutoUpdate (Server Path).
I deleted agen-xuv.ide and rebooted on one Machine. This works.
Now I deploy deletion of the agen-xuv.ide on some managed PCs (Student Labs)
Most unmanaged Clients were switched off - hopefully. The malicious Update came 22:35 here in Germany.
:30473
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data