Wed 26-Sep-2012 16:42 - last edited on Wed 26-Sep-2012 23:25 by TomK
This thread will be used to gather customer experience and insight into remediation of third party applications affected by the recent Shh/Updater-B false positive.
Update: Discovering and resolving potentially impacted products
Please provide feedback on the above article within this thread.
Wed 26-Sep-2012 20:16
The Sophos fix has worked to correct Sophos Updater and it seems to now be working properly.
Unfortunately, according to my antivirus log,
I have had the following files deleted:
C:\program files\Google\Common\google updater\googleupdaterservice.exe
I am not sure how to update/correct/reinstall the deleted files or do I have to reinstall the programs?
Any suggestions would be appreciated.
Wed 26-Sep-2012 21:06 - edited Thu 27-Sep-2012 08:39
If you right click on the directory:
Click on the "Previous version" tab do you have a recent entry, i.e. "Yesterday"?
You can highlight it and click "open" to see a previous copy.
Maybe the others also. Could depend on OS and settings but worth a try.
"Previous versions" are automatically saved as part of a restore point. If system protection is turned on, Windows automatically creates previous versions of files and folders that have been modified since the last restore point was made. Typically, restore points are made once a day. If your disk is partitioned or if you have more than one hard disk on your computer, you need to turn on system protection for the other partitions or disks. Previous versions are also created by Windows Backup when you back up your files.
Also worth a try for applications that are MSI based is to try the "Repair" option if listed in "Add or Remove Programs"\"Programs and Features". Not all MSIs will support repair but it's another option.
Failing that an "undelete" application, e.g. Recuva might also do the trick but results may vary based on many factors.
Fri 12-Oct-2012 10:53
Currently need your expertise guide, usually we can access this website : https://standardchartered.ebank-services.com/ , but since the Technical Alert - Shh/Updater-B false positive, we no longer can access the website, it is official from Standard Chartered Bank, what action should i take to make this website accesible.
Fri 12-Oct-2012 19:22
That URL doesn't look correct to me. Is it from a phishing email as it's detected as "Mal/HTMLGen-A"?
The whos info for the domain ebank-services.com is:
Connecting to COM.whois-servers.net... Connecting to whois.enom.com... =-=-=-= Visit AboutUs.org for more information about EBANK-SERVICES.COM <a href="http://www.aboutus.org/EBANK-SERVICES.COM">AboutUs: EBANK-SERVICES.COM</a> Domain name: EBANK-SERVICES.COM Registrant Contact: PT. EDI INDONESIA Edwin Batra () Fax: jl. yos sudarso kav 89 wisma SMR lt 10 Jakarta Utara, DKI Jakarta 14350 ID Administrative Contact: PT. EDI INDONESIA Edwin Batra (email@example.com) 6505829 Fax: jl. yos sudarso kav 89 wisma SMR lt 10 Jakarta Utara, DKI Jakarta 14350 ID Technical Contact: PT. EDI INDONESIA Edwin Batra (firstname.lastname@example.org) 6505829 Fax: jl. yos sudarso kav 89 wisma SMR lt 10 Jakarta Utara, DKI Jakarta 14350 ID Status: Locked Name Servers: ns1.priokport.com ns2.priokport.com Creation date: 13 Mar 2008 04:30:54 Expiration date: 13 Mar 2014 04:30:54
If you're trying to get to http://www.standardchartered.com I would start there.
Tue 16-Oct-2012 05:22
Thanks Jak for the respond,
Its the same thing happen to me (warning message) when i was trying to access the website (phising, etc).
but its actually a backlink provided by the bank, without no link in http://www.standardchartered.com.
I my self have made an experiment by installing pc without having sophos as my endpoint antivirus protection and surprisingly it can be open, the link is open.
So i am still trying to have the link granted somehow in sophos console, can u suggest me the setting to grant the link access (guideline)?