Reply
VIP
spike
Posts: 97
Registered: ‎Fri 13-Nov-2009
0

Shh/Updater-B: remediating third party applications

[ Edited ]

 

This thread will be used to gather customer experience and insight into remediation of third party applications affected by the recent Shh/Updater-B false positive.

 

Update: Discovering and resolving potentially impacted products

 

http://www.sophos.com/en-us/support/knowledgebase/118348.aspx

 

Please provide feedback on the above article within this thread.

 

Best regards,

 

spike.

 

- - - - - - - - - - - -
SophosTalk community manager, SOPHOS
Knowledgebase  |  @SophosSupport  |  Video tutorials
If a post solves your question use the Accept as Solution button and award kudos.
Occasional Visitor
Aesclepius
Posts: 1
Registered: ‎Wed 26-Sep-2012
0

Re: Shh/Updater-B: remediating third party applications

The Sophos fix has worked to correct Sophos Updater and it seems to now be working properly.

 

Unfortunately, according to my antivirus log,

I have had the following files deleted:

 

C:\Program Files\PC-Doctor\updater\appupdater.exe

C:\WINDOWS\system32\Macromed\Flash\flashplayerupdateservice.exe

C:\program files\Google\Common\google updater\googleupdaterservice.exe

 

I am not sure how to update/correct/reinstall the deleted files or do I have to reinstall the programs?

 

Any suggestions would be appreciated.

Executive VIP
jak
Posts: 1,853
Registered: ‎Sat 19-Dec-2009
0

Re: Shh/Updater-B: remediating third party applications

[ Edited ]

HI,

 

If you right click on the directory:

"C:\Program Files\PC-Doctor\updater\"

 

Click on the "Previous version" tab do you have a recent entry, i.e. "Yesterday"?

You can highlight it and click "open" to see a previous copy.

 

Maybe the others also.  Could depend on OS and settings but worth a try.

 

"Previous versions" are automatically saved as part of a restore point. If system protection is turned on, Windows automatically creates previous versions of files and folders that have been modified since the last restore point was made. Typically, restore points are made once a day. If your disk is partitioned or if you have more than one hard disk on your computer, you need to turn on system protection for the other partitions or disks. Previous versions are also created by Windows Backup when you back up your files.

 

Also worth a try for applications that are MSI based is to try the "Repair" option if listed in "Add or Remove Programs"\"Programs and Features".  Not all MSIs will support repair but it's another option.

 

Failing that an "undelete" application, e.g. Recuva might also do the trick but results may vary based on many factors.

 

Regards,

Jak

 

 

Occasional Advisor
dontshoes
Posts: 8
Registered: ‎Fri 12-Oct-2012
0

Re: Shh/Updater-B: remediating third party applications

Hi Folks,

 

Currently need your expertise guide, usually we can access this website : https://standardchartered.ebank-services.com/ , but since the Technical Alert - Shh/Updater-B false positive, we no longer can access the website, it is official from Standard Chartered Bank, what action should i take to make this website accesible.

 

Cheers,

Donsius

Executive VIP
jak
Posts: 1,853
Registered: ‎Sat 19-Dec-2009
0

Re: Shh/Updater-B: remediating third party applications

Hi,

 

That URL doesn't look correct to me.  Is it from a phishing email as it's detected as "Mal/HTMLGen-A"?

 

The whos info for the domain ebank-services.com is:

 

Connecting to COM.whois-servers.net...
Connecting to whois.enom.com...

=-=-=-=
Visit AboutUs.org for more information about EBANK-SERVICES.COM
<a href="http://www.aboutus.org/EBANK-SERVICES.COM">AboutUs: EBANK-SERVICES.COM</a>


Domain name: EBANK-SERVICES.COM

Registrant Contact:
   PT. EDI INDONESIA
   Edwin Batra ()

   Fax:
   jl. yos sudarso kav 89
   wisma SMR lt 10
   Jakarta Utara, DKI Jakarta 14350
   ID

Administrative Contact:
   PT. EDI INDONESIA
   Edwin Batra (edwin@edi-indonesia.co.id)
   6505829
   Fax:
   jl. yos sudarso kav 89
   wisma SMR lt 10
   Jakarta Utara, DKI Jakarta 14350
   ID

Technical Contact:
   PT. EDI INDONESIA
   Edwin Batra (edwin@edi-indonesia.co.id)
   6505829
   Fax:
   jl. yos sudarso kav 89
   wisma SMR lt 10
   Jakarta Utara, DKI Jakarta 14350
   ID

Status: Locked

Name Servers:
   ns1.priokport.com
   ns2.priokport.com

Creation date: 13 Mar 2008 04:30:54
Expiration date: 13 Mar 2014 04:30:54

 If you're trying to get to http://www.standardchartered.com I would start there.

 

Regards,

Jak

Occasional Advisor
dontshoes
Posts: 8
Registered: ‎Fri 12-Oct-2012
0

Re: Shh/Updater-B: remediating third party applications

Thanks Jak for the respond,


Its the same thing happen to me (warning message) when i was trying to access the website (phising, etc).

but its actually a backlink provided by the bank, without no link in http://www.standardchartered.com.

I my self have made an experiment by installing pc without having sophos as my endpoint antivirus protection and surprisingly it can be open, the link is open.

So i am still trying to have the link granted somehow in sophos console, can u suggest me the setting to grant the link access (guideline)?

 

Best regards,

 

Donsius U