Darren, please go to the bleepingcomputer.com *directly* rather than following an old link, if that is in fact what you did. Please also ensure you're downloading the correct version for Windows, ie, download the 64-bit version if your machine is 64bit, etc. I use FRST constantly--I could not live w/o it--& it is not a virus. Having thus said, Windows Defender has never given me a message like that, although SmartScreen did pop up last time & said it was an unrecognized app, yada, yada, yada. I'm like shut the firetruck up already! Lol. It is a perfectly legitimate tool in the hands of someone who knows what they're doing, &, if downloaded from a clean site & the right version is used, contains no threats. On 1/11/20, Darren Brewer via Blind-sysadmins wrote:

Hi list

After looking  through some old sys admin emails I came across a mention of this tool and decided to have a look at what it could do. Both malwarebytes and bleeping computer had download links so decided to download the 32 bit version from the latter. I mostly use my Lenovo thinkpad, but thought I would give the tool a try on an old Asus laptop which I recently upgraded to windows 10. The downloaded file was called FRST.exe. Was just about to rename the file when windows defender popped up with an alert that the file was infected with a ransom ware trojan. Namely. Win32/Bomitag.D!ml. Obviously i immediately removed the threat, but am not sure if this was a false positive as the tool is supposed to recognise ransomware so I am wondering if it contained signatures of ransomware which windows defender may have mistakenly identified. The Asus laptop has nothing on it as it was a clean install of windows 10, however I was using my Lenovo thinkpad when I downloaded this alleged infected file and it has access to my i cloud drive and WD my cloud NAS. Thanks to windows Defender I did not execute the tool or god knows what it might have encrypted.

Have googled to see if there are any reports of this tool being infected, but could find nothing, which makes me wonder if it was a real trojan or a false positive. Has anyone else encountered this kind of behaviour from windows defender? This is the first time I have ever encountered ransomware or indeed any kind of trojan for many many years.

Thanks

Darren.

Any sufficiently advanced technology is indistinguishable from magic. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

-- Subscribe to a WordPress for Newbies Mailing List by sending a message to: wp4newbs-request@freelists.org with 'subscribe' in the Subject field OR by visiting the list page at http://www.freelists.org/list/wp4newbs & check out my sites at www.brighter-vision.com & www.mysitesbeenhacked.com

Hi jackie Oh trust me I am always careful and check a URL before downloading something. the link was the second result in a google search and took me here https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ My Lenovo is a 64 bit machine ,but I downloaded the 32 bit version as was going to try it on the Asus 32 bit laptop another time. Perhaps windows Defender did not like it being a 32 bit version. will download it directly to the Asus laptop next time. If it did encrypt the drive it would not matter as could easily reinstall, might even be fun to see what happpens. BTW.Love that line. shut the fire truck up .. will have to remember that one :) Darren. On 11/01/2020 21:47, Jackie McBride wrote:

Darren, please go to the bleepingcomputer.com *directly* rather than following an old link, if that is in fact what you did. Please also ensure you're downloading the correct version for Windows, ie, download the 64-bit version if your machine is 64bit, etc. I use FRST constantly--I could not live w/o it--& it is not a virus. Having thus said, Windows Defender has never given me a message like that, although SmartScreen did pop up last time & said it was an unrecognized app, yada, yada, yada. I'm like shut the firetruck up already! Lol. It is a perfectly legitimate tool in the hands of someone who knows what they're doing, &, if downloaded from a clean site & the right version is used, contains no threats.

On 1/11/20, Darren Brewer via Blind-sysadmins wrote:

...

Hi list

After looking  through some old sys admin emails I came across a mention of this tool and decided to have a look at what it could do. Both malwarebytes and bleeping computer had download links so decided to download the 32 bit version from the latter. I mostly use my Lenovo thinkpad, but thought I would give the tool a try on an old Asus laptop which I recently upgraded to windows 10. The downloaded file was called FRST.exe. Was just about to rename the file when windows defender popped up with an alert that the file was infected with a ransom ware trojan. Namely. Win32/Bomitag.D!ml. Obviously i immediately removed the threat, but am not sure if this was a false positive as the tool is supposed to recognise ransomware so I am wondering if it contained signatures of ransomware which windows defender may have mistakenly identified. The Asus laptop has nothing on it as it was a clean install of windows 10, however I was using my Lenovo thinkpad when I downloaded this alleged infected file and it has access to my i cloud drive and WD my cloud NAS. Thanks to windows Defender I did not execute the tool or god knows what it might have encrypted.

Have googled to see if there are any reports of this tool being infected, but could find nothing, which makes me wonder if it was a real trojan or a false positive. Has anyone else encountered this kind of behaviour from windows defender? This is the first time I have ever encountered ransomware or indeed any kind of trojan for many many years.

Thanks

Darren.

Any sufficiently advanced technology is indistinguishable from magic. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org

-- Any sufficiently advanced technology is indistinguishable from magic.