Re: Is any one else seing this alert

blixco · ‎Thu 19-Jan-2012

I've not had an AV vendor screw up this bad in 20+ years of being an admin. Lucky, maybe?

This wouldn't be so bad if 1) it didn't hit too quickly to disable the bits affected (100+ nodes hit in less than a few minutes) and 2) it didn't also do things like quarantine it's own bits. How am I supposed to just call this a false positive when the software is comitting suicide?

I think this means I get to re-deploy on a hundred or so systems:

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\cidsync.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\cidsync.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\cidsync.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe". Cleanup unavailable.

Infected file "C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000".

"C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe" has been moved to "C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED\swi_update_64.exe.1.000".

JaeyongSONG · ‎Wed 19-Sep-2012

we are getting this in alarming level.

just started from 11:38AM (MST)

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe".

APangF1 · ‎Wed 19-Sep-2012

You can temporarily Disable your Desktop Messaging in your sophos policies

tmasad · ‎Fri 27-Aug-2010

any update? Sophos pushed another update around 5:30. im still seeing alerts. nearly 1000 alerts so far. this is bs

CurtisF · ‎Wed 19-Sep-2012

What happens if the antivirus has already cleaned and deleted all 197 of my "supposed" viruses? Do I need these files that were deleted? What affects will this have on my system?

michael_restid · ‎Wed 19-Sep-2012

Everytime i push the update i watch as my PC in front of me just re-quarantines the update.

namezero111111 · ‎Tue 28-Feb-2012

How do we deal with a quarantined sophos updater??

Art_62 · ‎Tue 07-Aug-2012

Ok, according to Sophos, this "issue" is resolved: "This issue is resolved with javab-jd.ide which was released at Wed, 19 Sep 2012 18:48:35 +0000."

However, I can't get my server to update because of the original problem... so what's the fix????

rtooone · ‎Wed 19-Sep-2012

now on 1.2.1.161

ITGal1967 · ‎Wed 19-Sep-2012

We are getting it as well. Just wanted to pile on

Sophos EndUser Protection

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert

Re: Is any one else seing this alert