1. Home >
  2. Computers & Internet >
  3. Security >
  4. Resolved Question
TheTotalStud_StudTotal TheTotal...
Member since:
August 23, 2006
Total points:
2186 (Level 3)

Resolved Question

Show me another »

Where does Win32.Trojan.Yspy come from and how seriously have I been compromised?

If this trojan is placed by Y! Messenger, then am I dealing with a low(er) risk situation? I don't know where this infection came from and I'm afraid I've been fully compromised. What are the chances the trojan has phoned home?

Go ahead and assume the worst because it happened: Earlier I just finished doing my financials when ZoneAlarm spyware scan kicked off and identified the trojan. I quarantined and deleted immediately, but maybe I'm too late. How screwed am I and what are my next steps?

Thanks in advance.


Background:
I'm an above average PC user and this is my first breach in five years and not exactly sure how to handle it.

* I stay plugged into the router, but generally shut down nightly (although a few times I've left the system in sleep mode).
* I leverage ZoneAlarm Security Suite with weekly scans and firewall settings on high.
* Immunize and run Spybot S&D weekly.
* IE security and privacy are both at Medium High.
* Run CCleaner at least weekly.
  • 2 years ago

Additional Details

P.S. The trojan has been removed just fine. Do I have go to on serious lockdown to ensure my bank accounts are cleaned out or what?

2 years ago

Report Abuse

jibbarjabar by jibbarja...
Member since:
November 18, 2006
Total points:
67558 (Level 7)

Best Answer - Chosen by Asker

I am betting on it being a false-positive. A fast "googling" shows me that it is only being detected in the last couple days AND it is mostly being detected by ZoneAlarm. That combination often means false positive coming from a very recent ZA update.

False-positive detections are the anti-malware industry's dirty little secret. They happen a lot.

Unfortunately, you have deleted the "trojan" from quarantine (bad, bad, bad). Otherwise you could have submitted the file to ZA as a suspected false-positive for further analysis.

Always remember...A file in quarantine is totally 100% safe. It can do no harm.

You should quarantine everything for a month or so, then if all is OK with your computer and all of your programs, then you can delete.

Good luck.
  • 2 years ago
Asker's Rating:
4 out of 5
Asker's Comment:
Thanks everyone for the good answers and for not sweeping me under the rug.
2Smoove 2Smoove
This is not limited to Zone Alarm... I'm not running ZA and when logging in to some local WiFi hotspots (like one at a local community college) the server runs a scan of your pc and won't let you in, refering to the presence of Win32.Trojan.Yspy on your system, as the reason for denial...

Report Abuse

Other Answers (3)

  • ssmindia by ssmindia
    Member since:
    April 19, 2006
    Total points:
    12598 (Level 6)
    Just download and install the trojanremover ( trial version) and run the same and your problem is solved. If it is a virus then you could also download pctools personal version which is free and scan your system
    • 2 years ago
  • Kelly Wright by Kelly Wright
    Member since:
    April 04, 2008
    Total points:
    3505 (Level 4)
    I vote for false positive as well.
    The problem is related to ZoneAlarm only, while other security software seem to be silent about this 'threat'.
    It's unbelievable that Yahoo! would include malware in its IM.
    • 2 years ago
  • B T by B T
    Member since:
    June 10, 2008
    Total points:
    105 (Level 1)
    Well for those of you who don’t believe that your IM programs are not collecting user information on your activities are lying to yourselves. Data grams are being sent by many software programs on your activities without your knowledge, from many programs. How do you think companies track what people like to buy, what activities they enjoy, time spent online, etc… its endless, what programs are used more. Even your operating systems send info to BIG brother. I blocked over 40 programs in my Zone alarm that constantly want to send info out to the internet even when I am not using them. “WAKE UP PEOPLE!”
    • 2 years ago

Open questions in Security

Resolved questions in Security

This question about "Where does Win32.Tro…" was originally asked in Yahoo! Answers United States

Answers International

Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Canada Answers content. Click here for the Full Disclaimer.

Help us improve Yahoo! Canada Answers. Tell us what you think.

Copyright © 2010 Yahoo! All Rights Reserved.