The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The Sophos Diagnostic Utility (SDU) features a malware switch that collects vital system information that could indicate malware.
The following instructions describe how to run the tool and send the results to Sophos Technical Support.
Note: The malware switch can only be used when the SDU tool is run from a command line.
cd "C:\Program Files\Sophos\Sophos Diagnostic Utility"
cd "C:\Program Files (x86)\Sophos\Sophos Diagnostic Utility"
Click on Start | Run | Type: %temp%\SDU | Press return. All the Diagnose archives will be located here, be sure to use the most recently created file
The SDU archive contains multiple XML files and text files to assist with finding malware.
In addition to the XML and text files the SDU tool also collects the Sophos Anti-Virus log SAV.txt which will show all current and previous detections on the computer. Note: Suspected items of malware should be submitted to the SophosLabs for analysis. Below is a list of some of the files that are collected by the SDU tool and a brief explanation of what each contains:
To help identify a malicious program here are some tips:
C:\Documents & Settings\[Username]\Temp
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.