Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 9580 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

error a0250026 virus cannot be cleaned due to errors

RJB

Quite possibly the most unhelpful error!

One of our PCs was hit by Ransomware. I was able to clean it (eventually) by tracking and deleteing the offending files. Sophos no longer finds any infected files if you do a full system scan, however, each morning when the PC is started, it reports the error "Virus/spyware 'Mal/ZAccConf-A' was not removed due to errors". Of course it wasn't removed...it isn't there any more! Anyone got any ideas how to stop this error being reported?

:38005


This thread was automatically locked due to age.
  • 0

    Hello RJB,

    can't say much about Mal/ZAccConf-A here. Searched for the very few a0250026 and checked the client's logs. Now in my case it was Mal/Resdro-A and it looks like there isn't an alert for the detection, instead cleanup is immediately attempted and SAV.txt just mentions the (in this case) two files which couldn't be cleaned followed by Virus/spyware Mal/Resdro-A was not removed .... The item does show in the quarantine. As far as I can tell there is actually a detection preceding the failing removal/cleanup attempt. What's common is that both threats are generic detections.

    As it occurs at startup I guess it's on-access which detects the item (there might be some detail in SAV.txt) and that whatever causes the eventual error is still present (even though a full scan doesn't find it). Support (or indirectly Labs) should know what could trigger the silent detection and subsequent failing action
    .

    Christian

    :38015
  • 0

    Thanks Christian, the SAV.txt shows it trying to clean two files which have already been removed and then throwing up the error . So it almost looks like Sophos is holding onto the fact that it did detect something in the past, it didn't clean it up and now it can't. This error only started appearing once I had manually removed the files myself from within the "c:\$recycle.bin" folder. The files and folders it refers to no longer exist!

    I'll pass this one onto suport and see what they say, I still think it is now a kind of false/positive

    Richard

    :38025
  • 0

    Hello Richard,

    might be that it is just the consequence of the entries in the Quarantine Manager.- SAVService seeing the entries in QM, sending the cleanup routine for a hunt which doesn't correctly deal with a "file not found" and instead of removing the entry accompanied by  Threat no longer present it throws this "error" error. As there is no associated alert in SEC you can't acknowledge it - but removing it locally from QM should get rid of it. Nevertheless you should be able to deal with this from SEC - please tell us what Support told you.

    Christian

    :38043