That is Windows malware, probably attached to an e-mail message. Do not allow Sophos, or any other anti-virus software, to remove anything from your computer automatically, as this can result in harm. In this example, if I'm right about where the malware was, removing the malware using anti-virus software will corrupt your Mail mailboxes (assuming Mail is the e-mail client you're using) and will not remove the message properly from the mail server, which could result in it being synced back to your computer again. Since Windows malware can't hurt you, it wouldn't hurt to just ignore this, but if you do want to remove it properly, see:
How to remove infected files
As for the backups, yes, it would probably be in there. However, this really isn't an issue you should worry about, since it isn't doing you any harm there, and you absolutely should NEVER allow Sophos, or any other anti-virus software, to even LOOK at your Time Machine backups! Time Machine backups have a very special structure that shouldn't be touched by anything but Time Machine. If anti-virus software interferes with these backups, it can damage the backup structure and cause problems restoring the data in the future when you really need it.
If the backup wasn't a Time Machine backup, I still don't recommend doing anything or allowing Sophos to touch it. You really don't want to risk any kind of compromise to your backups.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)