"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Malware has been detected in the Recycle Bin and the Sophos Endpoint is unable to remove/Clean up the detection. You may see the following actions when attempting to clean up the Malware: 'Clean up failed' or 'No actions, reboot required' A reboot and a full system scan will still not allow you to clean up the infection.
The Sophos Endpoint may have problems cleaning Malware from the recycle bin for another logged on user account
The following set of instructions will allow you to locate the username where the Malware resides
C:\Documents and Settings\All Users\ApplicationData\Sophos\Sophos Anti-Virus\Logs\SAV.txt
C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt Here is an example detection: 20121207 004312 Virus/spyware 'Mal/Sirefef-AA' has been detected in "C:\RECYCLER\S-1-5-21-1726743747-1974153486-9522986-20761\$b4b3dd3457bfa52d1a820a60f56e9aa9\n\FILE:0000"
20121207 004312 Virus/spyware 'Mal/Sirefef-AA' has been detected in "C:\RECYCLER\S-1-5-21-1726743747-1974153486-9522986-20761\$b4b3dd3457bfa52d1a820a60f56e9aa9\n\FILE:0000"
wmic useraccount get name,sid
For Windows 2000/2003/XP type: rd /s c:\recycler For Windows Vista and above: rd /s c:\$Recycle.Bin
rd /s c:\recycler
rd /s c:\$Recycle.Bin
More information can be found in the following article: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379649%28v=vs.85%29.aspx
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.