Jump to content
Jeemag

Bart.exe is NOT Ransomware

Recommended Posts

Good Evening,

 

  Bart.exe, the file backup programme is NOT ransomware. Clearly MWB-AR thinks it is. It's from Zhorn Software:

http://www.zhornsoftware.co.uk/bart/

 

  I've been using it for years, now all of a sudden MBW-AR thinks it's ransomware. I've restored it.

  It has nothing to do with the Bart ransomware.

  Surely it isn't a Good Idea to tag something as malware from the filename alone.

 

Regards,

 

Cheemag

 

 

Bart.zip

Share this post


Link to post
Share on other sites
Quote

Surely it isn't a Good Idea to tag something as malware from the filename alone.

I dont think there is any security software that detect from a file name

 

Share this post


Link to post
Share on other sites

Hello Jeemag:

Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis:

                                 "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\"
                                 "C:\ProgramData\Malwarebytes\MBAMService\logs\"
                                 "C:\ProgramData\MalwarebytesARW\"

Please attach the .zip archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

Share this post


Link to post
Share on other sites
14 hours ago, pondus said:

I dont think there is any security software that detect from a file name

 

Well it certainly has in this case!

 

I've re-installed bart.exe and it's working as normal without MWB-AR complaining ... I'd used it for years before yesterday without this problem.

 

I am aware that there is a ransomware of that name.

 

Regards

 

Cheemag

 

Share this post


Link to post
Share on other sites
11 hours ago, 1PW said:

Hello Jeemag:

Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis:

                                 "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\"
                                 "C:\ProgramData\Malwarebytes\MBAMService\logs\"
                                 "C:\ProgramData\MalwarebytesARW\"

Please attach the .zip archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

   The whole Anti-Ransomware directory ?

Regards

 

Cheemag

 

Share this post


Link to post
Share on other sites

Hello Jeemag:

If the sub-directories exist, yes.  Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems.

Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet.

Thank you.

Share this post


Link to post
Share on other sites
2 hours ago, 1PW said:

Hello Jeemag:

If the sub-directories exist, yes.  Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems.

Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet.

Thank you.

Good Afternoon,

Here are the directories. 7-zip error on the last one: couldn't open the Service\Log as it was in use (despite MWB-AR

having been stopped.

Regards

Cheemag

 

Anti-Ransomware.zip

MWB-ARW.zip

MWBLogs.zip

Share this post


Link to post
Share on other sites

Hello Jeemag:

MBARW's reaction to Bart.exe was a false positive.  Bart.exe is whitelisted now.  Please try Bart.exe again and then update this topic with your result.

Thank you again for helping beta test the MBARW project.

Share this post


Link to post
Share on other sites
11 hours ago, Jeemag said:

Well it certainly has in this case!

If so any malware writer could just name there file nicefile.exe to avoid detection

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.