Jeemag #1 Posted November 6, 2016 Good Evening, Bart.exe, the file backup programme is NOT ransomware. Clearly MWB-AR thinks it is. It's from Zhorn Software: http://www.zhornsoftware.co.uk/bart/ I've been using it for years, now all of a sudden MBW-AR thinks it's ransomware. I've restored it. It has nothing to do with the Bart ransomware. Surely it isn't a Good Idea to tag something as malware from the filename alone. Regards, Cheemag Bart.zip Share this post Link to post Share on other sites
pondus #2 Posted November 6, 2016 Quote Surely it isn't a Good Idea to tag something as malware from the filename alone. I dont think there is any security software that detect from a file name Share this post Link to post Share on other sites
1PW #3 Posted November 6, 2016 Hello Jeemag: Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis: "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\" "C:\ProgramData\Malwarebytes\MBAMService\logs\" "C:\ProgramData\MalwarebytesARW\" Please attach the .zip archives to your next reply. Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback. Share this post Link to post Share on other sites
Jeemag #4 Posted November 7, 2016 14 hours ago, pondus said: I dont think there is any security software that detect from a file name Well it certainly has in this case! I've re-installed bart.exe and it's working as normal without MWB-AR complaining ... I'd used it for years before yesterday without this problem. I am aware that there is a ransomware of that name. Regards Cheemag Share this post Link to post Share on other sites
Jeemag #5 Posted November 7, 2016 11 hours ago, 1PW said: Hello Jeemag: Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis: "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\" "C:\ProgramData\Malwarebytes\MBAMService\logs\" "C:\ProgramData\MalwarebytesARW\" Please attach the .zip archives to your next reply. Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback. The whole Anti-Ransomware directory ? Regards Cheemag Share this post Link to post Share on other sites
1PW #6 Posted November 7, 2016 Hello Jeemag: If the sub-directories exist, yes. Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems. Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet. Thank you. Share this post Link to post Share on other sites
Jeemag #7 Posted November 7, 2016 2 hours ago, 1PW said: Hello Jeemag: If the sub-directories exist, yes. Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems. Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet. Thank you. Good Afternoon, Here are the directories. 7-zip error on the last one: couldn't open the Service\Log as it was in use (despite MWB-AR having been stopped. Regards Cheemag Anti-Ransomware.zip MWB-ARW.zip MWBLogs.zip Share this post Link to post Share on other sites
1PW #8 Posted November 7, 2016 Hello Jeemag: MBARW's reaction to Bart.exe was a false positive. Bart.exe is whitelisted now. Please try Bart.exe again and then update this topic with your result. Thank you again for helping beta test the MBARW project. Share this post Link to post Share on other sites
pondus #9 Posted November 7, 2016 11 hours ago, Jeemag said: Well it certainly has in this case! If so any malware writer could just name there file nicefile.exe to avoid detection Share this post Link to post Share on other sites
