« previous next »
Pages: [1]   Go Down

Author Topic: Old Yankee  (Read 3273 times)

0 Members and 2 Guests are viewing this topic.

kimotheraphy

  • Guest
Old Yankee
« on: March 13, 2010, 03:47:57 PM »
I use Avast Free 4.8 on my Thinkpad laptop with 32bit Windows Vista Business SP1.

Last night, I ran an Avast scan on my Thinkpad X61 laptop that was connected to an external USB Maxtor 1TB HDD.  I had just restored my system from an image taken with Paragon Backup & Recovery 10 software that was stored on the external USB drive and decided to run the Avast scan after the image restoration process...

Avast first scanned my laptop's C:\ and came up clean. Then it scanned my external USB Maxtor drive and threw out this warning message:

Sign of "Old Yankee" has been found in E:\ParagonBackup&Recovery10Free\arc_1902xxxx...."

The partition in question is the Paragon image that I had just restored from..

The funny thing is: running an Avast scan on my actual restored system yields a clean result with no infected files found.. In addition, I remember I had run Avast scans regularly before I took the system image with Paragon Backup & Recovery and had always come up "clean."

I am now not sure what to do.. Why would Avast find my Paragon image archive "having signs of Old Yankee" when scans on my system before the Paragon image was taken all  came up clean? It also came up clean when I scanned my system after using the image to restore my system.. It is the Paragon image file on my Maxtor external USB drive that is being flagged.

Should I now restore my whole system to factory settings using my Thinkpad Recovery Discs? Also is USB External HDD infected and do I need to wipe it with a quick (re)format

Grateful for any advice.. Thank you
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37699
Re: Old Yankee
« Reply #1 on: March 13, 2010, 03:59:24 PM »
Virus info
DOS.YanShort.1624
 
also known as: YanShort.1624 (Kaspersky Lab), Oldyank.1624 (McAfee),   Old Yankee.2 (Symantec),   OldYankee.2051 (Doctor Web),   Yanshort-1624 (Sophos),   Old_Yankee.1624 (RAV),   OLD_YANKE.1624 (Trend Micro),   Old Yankee #1 (H+BEDV),   Old_Yankee.1624 (FRISK),   Old (ALWIL),   Old_Yankee (Grisoft),   Old_Yankee.1624 (SOFTWIN),   Oldyank.2 (Eset)

http://www.viruslist.com/en/viruses/encyclopedia?virusid=12606

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=O
« Last Edit: March 13, 2010, 10:14:25 PM by Pondus »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34060
  • malware fighter
Re: Old Yankee
« Reply #2 on: March 13, 2010, 08:36:10 PM »
Kill the following processes
old_ya~2.exe, oy-2.exe
Remove the following files
old_ya~2.exe, oy-2.exe, y-yank2.com.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4871
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Old Yankee
« Reply #3 on: March 14, 2010, 09:59:51 AM »
False positive detections of decade-old viruses are common for some reason in hyberfile and pagefile files which are normally excluded from a scan.

Your backup program probably copied one ot these to an archive, or maybe the archive itself is generating the false positive.

Either way, nothing to worry about.
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

kimotheraphy

  • Guest
Re: Old Yankee
« Reply #4 on: March 15, 2010, 03:47:08 AM »
Thank you very much for the guidance..

I scanned my recently restored system again with Avast, Asquared and Malwarebytes.. Scans came up clean..  I will take the "Old Yankee" alert on the image archive as a false positive and get on with life..  :)
Logged
Pages: [1]   Go Up
« previous next »