Shh/Updater-B False Positive: Recovery instructions for Standalone Computers

  • N.º del artículo: 118322
  • Calificación:
  • 127 clientes puntuaron este artículo con un 2.6 sobre 6 de media.
  • Actualizado: 06 mar 2015


You may have seen alerts for the Shh/Updater-B virus. These are false alerts and there is no malware on your computers.

Click here, to read more about 'What's the problem?'

First seen in
Sophos Anti-Virus for Windows 2000+

What To Do

You must ensure that your standalone computer is up to date with the latest identity files (.IDE). To do this follow the steps below.

Enable Live Protection

To quickly fix this issue on a standalone computer, the simplest method is to enable 'Sophos Live Protection'. This can be done as follows:

  1. Launch Sophos Endpoint Security and Control from the Start Menu
  2. From the Menu bar, select 'Configure|Anti-Virus|Sophos Live Protection'
  3. Select the checkbox titled 'Enable Live Protection'
  4. Click 'OK'

After enabling Live Protection look in the system tray for the Sophos shield icon. If present, right click and select 'Update Now'.  

You should now find that Sophos is now updating correctly and the problems have been resolved.

Note: If you are still getting a large number of desktop messages (due to the alerts being queued), it is recommended that you restart the computer.

Further steps if problems remain

If you are still having problems, such as the Sophos shield icon not being present in the system tray; follow the steps below as it is likely that your Sophos installation is corrupted and we need to repair it to allow automatic updates. This can be done as follows:

  1. Open 'Sophos Endpoint Security and Control', click on 'Configure' - 'Anti-Virus' open 'On-access scanning' then select the 'Cleanup' tab and change the Cleanup option to 'Deny access only' for Viruses/Spyware.       
  2. Download the 'FixIssues' tool from here and run the 'FixIssues.exe' on the affected endpoint. 
    • This must be run as an administrator
    • You may need to specify updating credentials when you run the tool. If you are unsure of the credentials required contact your IT administrator (e.g. at your company or university, etc.).

This tool will automatically extract 'FixUpdate.vbs' and run it with the following command line options:

cscript //nologo sophos_temp\FixUpdate.vbs /fixIssues:true /useSophosCid:true > "Sophos Fix Script Log.txt"

Log files generated by the FixIssues,exe can be found in the following locations:

  • %temp%\Sophos Fix Script log.txt
  • %temp%\Sophos Fix Log_[YYYYMMDDHHMMSS].txt
  • All other logs can also be found in: '%temp%' 

Still having trouble with Sophos products?

If you have tried all of the above steps see the 'Using FixUpdate.vbs section in article 118323.

Still having trouble with third-party applications?

  1. Open the '...-AffectedProducts.txt' found in in you local temporary folder (to access select Start | Run | Type: %temp% | Press return).  This file was created when you ran the 'FixIssues.exe' tool in the the section above titled 'Further steps if problems remain'.
  2. Check the entries mentioned in this file against our list of affected applications here. This webpage will allow you associate files that have been deleted to their respective application. 


Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente