Bart.exe is NOT Ransomware

[Jeemag 0]

Good Evening,

 

  Bart.exe, the file backup programme is NOT ransomware. Clearly MWB-AR thinks it is. It's from Zhorn Software:

http://www.zhornsoftware.co.uk/bart/

 

  I've been using it for years, now all of a sudden MBW-AR thinks it's ransomware. I've restored it.

  It has nothing to do with the Bart ransomware.

  Surely it isn't a Good Idea to tag something as malware from the filename alone.

 

Regards,

 

Cheemag

 

 

Bart.zip

[pondus 4]

Quote

Surely it isn't a Good Idea to tag something as malware from the filename alone.

I dont think there is any security software that detect from a file name

 

[1PW 4]

Hello Jeemag:

Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis:

                                 "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\"
                                 "C:\ProgramData\Malwarebytes\MBAMService\logs\"
                                 "C:\ProgramData\MalwarebytesARW\"

Please attach the .zip archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

[Jeemag 0]

14 hours ago, pondus said:

I dont think there is any security software that detect from a file name

 

Well it certainly has in this case!

 

I've re-installed bart.exe and it's working as normal without MWB-AR complaining ... I'd used it for years before yesterday without this problem.

 

I am aware that there is a ransomware of that name.

 

Regards

 

Cheemag

 

[Jeemag 0]

11 hours ago, 1PW said:

Hello Jeemag:

Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis:

                                 "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\"
                                 "C:\ProgramData\Malwarebytes\MBAMService\logs\"
                                 "C:\ProgramData\MalwarebytesARW\"

Please attach the .zip archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

   The whole Anti-Ransomware directory ?

Regards

 

Cheemag

 

[1PW 4]

Hello Jeemag:

If the sub-directories exist, yes.  Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems.

Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet.

Thank you.

[Jeemag 0]

2 hours ago, 1PW said:

Hello Jeemag:

If the sub-directories exist, yes.  Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems.

Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet.

Thank you.

Good Afternoon,

Here are the directories. 7-zip error on the last one: couldn't open the Service\Log as it was in use (despite MWB-AR

having been stopped.

Regards

Cheemag

 

Anti-Ransomware.zip

MWB-ARW.zip

MWBLogs.zip

[1PW 4]

Hello Jeemag:

MBARW's reaction to Bart.exe was a false positive.  Bart.exe is whitelisted now.  Please try Bart.exe again and then update this topic with your result.

Thank you again for helping beta test the MBARW project.

[pondus 4]

11 hours ago, Jeemag said:

Well it certainly has in this case!

If so any malware writer could just name there file nicefile.exe to avoid detection