Jeemag Posted November 6, 2016 ID:1070733 Share Posted November 6, 2016 Good Evening, Bart.exe, the file backup programme is NOT ransomware. Clearly MWB-AR thinks it is. It's from Zhorn Software: http://www.zhornsoftware.co.uk/bart/ I've been using it for years, now all of a sudden MBW-AR thinks it's ransomware. I've restored it. It has nothing to do with the Bart ransomware. Surely it isn't a Good Idea to tag something as malware from the filename alone. Regards, Cheemag Bart.zip Link to post Share on other sites More sharing options...
pondus Posted November 6, 2016 ID:1070734 Share Posted November 6, 2016 Quote Surely it isn't a Good Idea to tag something as malware from the filename alone. I dont think there is any security software that detect from a file name Link to post Share on other sites More sharing options...
1PW Posted November 6, 2016 ID:1070757 Share Posted November 6, 2016 Hello Jeemag: Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis: "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\" "C:\ProgramData\Malwarebytes\MBAMService\logs\" "C:\ProgramData\MalwarebytesARW\" Please attach the .zip archives to your next reply. Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback. Link to post Share on other sites More sharing options...
Jeemag Posted November 7, 2016 Author ID:1070801 Share Posted November 7, 2016 14 hours ago, pondus said: I dont think there is any security software that detect from a file name Well it certainly has in this case! I've re-installed bart.exe and it's working as normal without MWB-AR complaining ... I'd used it for years before yesterday without this problem. I am aware that there is a ransomware of that name. Regards Cheemag Link to post Share on other sites More sharing options...
Jeemag Posted November 7, 2016 Author ID:1070802 Share Posted November 7, 2016 11 hours ago, 1PW said: Hello Jeemag: Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis: "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\" "C:\ProgramData\Malwarebytes\MBAMService\logs\" "C:\ProgramData\MalwarebytesARW\" Please attach the .zip archives to your next reply. Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback. The whole Anti-Ransomware directory ? Regards Cheemag Link to post Share on other sites More sharing options...
1PW Posted November 7, 2016 ID:1070810 Share Posted November 7, 2016 Hello Jeemag: If the sub-directories exist, yes. Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems. Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet. Thank you. Link to post Share on other sites More sharing options...
Jeemag Posted November 7, 2016 Author ID:1070834 Share Posted November 7, 2016 2 hours ago, 1PW said: Hello Jeemag: If the sub-directories exist, yes. Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems. Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet. Thank you. Good Afternoon, Here are the directories. 7-zip error on the last one: couldn't open the Service\Log as it was in use (despite MWB-AR having been stopped. Regards Cheemag Anti-Ransomware.zip MWB-ARW.zip MWBLogs.zip Link to post Share on other sites More sharing options...
1PW Posted November 7, 2016 ID:1070876 Share Posted November 7, 2016 Hello Jeemag: MBARW's reaction to Bart.exe was a false positive. Bart.exe is whitelisted now. Please try Bart.exe again and then update this topic with your result. Thank you again for helping beta test the MBARW project. Link to post Share on other sites More sharing options...
pondus Posted November 7, 2016 ID:1070891 Share Posted November 7, 2016 11 hours ago, Jeemag said: Well it certainly has in this case! If so any malware writer could just name there file nicefile.exe to avoid detection Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now