Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 9582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

error a0250026 virus cannot be cleaned due to errors

RJB

Quite possibly the most unhelpful error!

One of our PCs was hit by Ransomware. I was able to clean it (eventually) by tracking and deleteing the offending files. Sophos no longer finds any infected files if you do a full system scan, however, each morning when the PC is started, it reports the error "Virus/spyware 'Mal/ZAccConf-A' was not removed due to errors". Of course it wasn't removed...it isn't there any more! Anyone got any ideas how to stop this error being reported?

:38005


This thread was automatically locked due to age.
Parents
  • 0

    Hello RJB,

    can't say much about Mal/ZAccConf-A here. Searched for the very few a0250026 and checked the client's logs. Now in my case it was Mal/Resdro-A and it looks like there isn't an alert for the detection, instead cleanup is immediately attempted and SAV.txt just mentions the (in this case) two files which couldn't be cleaned followed by Virus/spyware Mal/Resdro-A was not removed .... The item does show in the quarantine. As far as I can tell there is actually a detection preceding the failing removal/cleanup attempt. What's common is that both threats are generic detections.

    As it occurs at startup I guess it's on-access which detects the item (there might be some detail in SAV.txt) and that whatever causes the eventual error is still present (even though a full scan doesn't find it). Support (or indirectly Labs) should know what could trigger the silent detection and subsequent failing action
    .

    Christian

    :38015
Reply
  • 0

    Hello RJB,

    can't say much about Mal/ZAccConf-A here. Searched for the very few a0250026 and checked the client's logs. Now in my case it was Mal/Resdro-A and it looks like there isn't an alert for the detection, instead cleanup is immediately attempted and SAV.txt just mentions the (in this case) two files which couldn't be cleaned followed by Virus/spyware Mal/Resdro-A was not removed .... The item does show in the quarantine. As far as I can tell there is actually a detection preceding the failing removal/cleanup attempt. What's common is that both threats are generic detections.

    As it occurs at startup I guess it's on-access which detects the item (there might be some detail in SAV.txt) and that whatever causes the eventual error is still present (even though a full scan doesn't find it). Support (or indirectly Labs) should know what could trigger the silent detection and subsequent failing action
    .

    Christian

    :38015
Children
No Data