Old Yankee

I use Avast Free 4.8 on my Thinkpad laptop with 32bit Windows Vista Business SP1.

Last night, I ran an Avast scan on my Thinkpad X61 laptop that was connected to an external USB Maxtor 1TB HDD. I had just restored my system from an image taken with Paragon Backup & Recovery 10 software that was stored on the external USB drive and decided to run the Avast scan after the image restoration process…

Avast first scanned my laptop’s C:\ and came up clean. Then it scanned my external USB Maxtor drive and threw out this warning message:

Sign of “Old Yankee” has been found in E:\ParagonBackup&Recovery10Free\arc_1902xxxx…"

The partition in question is the Paragon image that I had just restored from…

The funny thing is: running an Avast scan on my actual restored system yields a clean result with no infected files found… In addition, I remember I had run Avast scans regularly before I took the system image with Paragon Backup & Recovery and had always come up “clean.”

I am now not sure what to do… Why would Avast find my Paragon image archive “having signs of Old Yankee” when scans on my system before the Paragon image was taken all came up clean? It also came up clean when I scanned my system after using the image to restore my system… It is the Paragon image file on my Maxtor external USB drive that is being flagged.

Should I now restore my whole system to factory settings using my Thinkpad Recovery Discs? Also is USB External HDD infected and do I need to wipe it with a quick (re)format

Grateful for any advice… Thank you

Virus info
DOS.YanShort.1624

also known as: YanShort.1624 (Kaspersky Lab), Oldyank.1624 (McAfee), Old Yankee.2 (Symantec), OldYankee.2051 (Doctor Web), Yanshort-1624 (Sophos), Old_Yankee.1624 (RAV), OLD_YANKE.1624 (Trend Micro), Old Yankee #1 (H+BEDV), Old_Yankee.1624 (FRISK), Old (ALWIL), Old_Yankee (Grisoft), Old_Yankee.1624 (SOFTWIN), Oldyank.2 (Eset)

http://www.viruslist.com/en/viruses/encyclopedia?virusid=12606

http://threatinfo.trendmicro.com/vinfo/virusencyclo/alphalisting.asp?NAV=15&ltr=O

Kill the following processes
old_ya~2.exe, oy-2.exe
Remove the following files
old_ya~2.exe, oy-2.exe, y-yank2.com.

polonus

False positive detections of decade-old viruses are common for some reason in hyberfile and pagefile files which are normally excluded from a scan.

Your backup program probably copied one ot these to an archive, or maybe the archive itself is generating the false positive.

Either way, nothing to worry about.

Thank you very much for the guidance…

I scanned my recently restored system again with Avast, Asquared and Malwarebytes… Scans came up clean… I will take the “Old Yankee” alert on the image archive as a false positive and get on with life… :slight_smile: