The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The TDSS family of Trojans is a new type of malware commonly encountered following a successful installation of the FakeAV and Alureon malware families. Sophos provides detection and blocking of these malware families and of TDSS. However if TDSS manages to install itself successfully, for example on a computer without up-to-date and active Sophos Anti-Virus, it can be very hard to remove. Once it installs, TDSS manages to corrupt all major anti-virus programs, including Sophos Anti-Virus. It also uses rootkit techniques to hide from the Windows file system.
Download the Sophos Anti-Rootkit, and refer to the instructions given in the knowledgebase article Sophos Anti-Rootkit: Overview to detect and remove TDSS from compromised systems.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.