This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Shh/Updater-B: remediating third party applications

This thread will be used to gather customer experience and insight into remediation of third party applications affected by the recent Shh/Updater-B false positive.

Update: Discovering and resolving potentially impacted products

 

http://www.sophos.com/en-us/support/knowledgebase/118348.aspx

Please provide feedback on the above article within this thread.

Best regards,

spike.

:33149


This thread was automatically locked due to age.
  • The Sophos fix has worked to correct Sophos Updater and it seems to now be working properly.

    Unfortunately, according to my antivirus log,

    I have had the following files deleted:

    C:\Program Files\PC-Doctor\updater\appupdater.exe

    C:\WINDOWS\system32\Macromed\Flash\flashplayerupdateservice.exe

    C:\program files\Google\Common\google updater\googleupdaterservice.exe

    I am not sure how to update/correct/reinstall the deleted files or do I have to reinstall the programs?

    Any suggestions would be appreciated.

    :33177
  • HI,

    If you right click on the directory:

    "C:\Program Files\PC-Doctor\updater\"

    Click on the "Previous version" tab do you have a recent entry, i.e. "Yesterday"?

    You can highlight it and click "open" to see a previous copy.

    Maybe the others also.  Could depend on OS and settings but worth a try.

    "Previous versions" are automatically saved as part of a restore point. If system protection is turned on, Windows automatically creates previous versions of files and folders that have been modified since the last restore point was made. Typically, restore points are made once a day. If your disk is partitioned or if you have more than one hard disk on your computer, you need to turn on system protection for the other partitions or disks. Previous versions are also created by Windows Backup when you back up your files.

    Also worth a try for applications that are MSI based is to try the "Repair" option if listed in "Add or Remove Programs"\"Programs and Features".  Not all MSIs will support repair but it's another option.

    Failing that an "undelete" application, e.g. Recuva might also do the trick but results may vary based on many factors.

    Regards,

    Jak

    :33185
  • Hi Folks,

    Currently need your expertise guide, usually we can access this website : https://standardchartered.ebank-services.com/ , but since the Technical Alert - Shh/Updater-B false positive, we no longer can access the website, it is official from Standard Chartered Bank, what action should i take to make this website accesible.

    Cheers,

    Donsius

    :34033
  • Hi,

    That URL doesn't look correct to me.  Is it from a phishing email as it's detected as "Mal/HTMLGen-A"?

    The whos info for the domain ebank-services.com is:

    Connecting to COM.whois-servers.net...
    Connecting to whois.enom.com...
    
    =-=-=-=
    Visit AboutUs.org for more information about EBANK-SERVICES.COM
    <a href="http://www.aboutus.org/EBANK-SERVICES.COM">AboutUs: EBANK-SERVICES.COM</a>
    
    
    Domain name: EBANK-SERVICES.COM
    
    Registrant Contact:
       PT. EDI INDONESIA
       Edwin Batra ()
    
       Fax:
       jl. yos sudarso kav 89
       wisma SMR lt 10
       Jakarta Utara, DKI Jakarta 14350
       ID
    
    Administrative Contact:
       PT. EDI INDONESIA
       Edwin Batra (edwin@edi-indonesia.co.id)
       6505829
       Fax:
       jl. yos sudarso kav 89
       wisma SMR lt 10
       Jakarta Utara, DKI Jakarta 14350
       ID
    
    Technical Contact:
       PT. EDI INDONESIA
       Edwin Batra (edwin@edi-indonesia.co.id)
       6505829
       Fax:
       jl. yos sudarso kav 89
       wisma SMR lt 10
       Jakarta Utara, DKI Jakarta 14350
       ID
    
    Status: Locked
    
    Name Servers:
       ns1.priokport.com
       ns2.priokport.com
    
    Creation date: 13 Mar 2008 04:30:54
    Expiration date: 13 Mar 2014 04:30:54

     If you're trying to get to http://www.standardchartered.com I would start there.

    Regards,

    Jak

    :34067
  • Thanks Jak for the respond,


    Its the same thing happen to me (warning message) when i was trying to access the website (phising, etc).

    but its actually a backlink provided by the bank, without no link in http://www.standardchartered.com.

    I my self have made an experiment by installing pc without having sophos as my endpoint antivirus protection and surprisingly it can be open, the link is open.

    So i am still trying to have the link granted somehow in sophos console, can u suggest me the setting to grant the link access (guideline)?

    Best regards,

    Donsius U

    :34153