English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

2 Posts

06-13-2019

US

2 Signins

30 Page Views

  • Posts: 2
  • Registered: ‎06-13-2019
  • Location: US
  • Views: 30
  • Message 1 of 5

FYI: Win 10 security finds PAU:Win32/Presenoker in bootkill32 when creating restore media for 20r1

2020-07-22, 15:06 PM

just a heads up that windows security quarantines <USB_Drive>\RECOVERY\bootkill32.exe when creating the recover media for a X1 carbon gen 7 20R1.

Restoring the file before USB creation finished seems to allow the successful creation of media.

 

Reply
Options

3855 Posts

12-02-2007

US

9040 Signins

189513 Page Views

  • Posts: 3855
  • Registered: ‎12-02-2007
  • Location: US
  • Views: 189513
  • Message 2 of 5

Re:FYI: Win 10 security finds PAU:Win32/Presenoker in bootkill32 when creating restore media for 20r1

2020-07-23, 10:33 AM

Hello,

 

My initial thought is that it could be a false positive alarm.

 

Have you tried uploading the file in question to a multi-engine scanning service like VirusTotal to see what it reports?  It aggregates the results of several dozen anti-malware engines.

 

Also, you may wish to check with Microsoft to see if they can confirm it is a false positive.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Options

2375 Posts

05-01-2010

US

12621 Signins

145598 Page Views

  • Posts: 2375
  • Registered: ‎05-01-2010
  • Location: US
  • Views: 145598
  • Message 3 of 5

Re:FYI: Win 10 security finds PAU:Win32/Presenoker in bootkill32 when creating restore media for 20r1

2020-07-24, 1:17 AM

A sample of the file in question can be submitted to the Windows Defender Security Intelligence (WDSI) research team.

 

QUOTE

"Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been incorrectly classified as malware."

 

https://www.microsoft.com/en-us/wdsi/filesubmission

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/submission-guide

 

 






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-Present
I am not employed by Microsoft or Lenovo.


Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues


Using Browser Search to Find Your Answers In Lenovo and Moto Community
Reply
Options

1 Posts

08-29-2020

US

1 Signins

10 Page Views

  • Posts: 1
  • Registered: ‎08-29-2020
  • Location: US
  • Views: 10
  • Message 4 of 5

Re:FYI: Win 10 security finds PAU:Win32/Presenoker in bootkill32 when creating restore media for 20r1

2020-08-29, 9:04 AM

I've also run into this exact issue.

 

Creating recovery media for Thinkpad T470s 20JS and windows detected bootkill32.exe as PUA:Win32/Presenoker  

 

A few other engines also appear to detect this file: https://www.virustotal.com/gui/file/54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff/detection

 

Would really like some reassurance that this is a false positive! 

Reply
Options

3 Posts

11-08-2020

GB

4 Signins

55 Page Views

  • Posts: 3
  • Registered: ‎11-08-2020
  • Location: GB
  • Views: 55
  • Message 5 of 5

Re:FYI: Win 10 security finds PAU:Win32/Presenoker in bootkill32 when creating restore media for 20r1

2020-11-08, 11:59 AM

I had the same issue myself with a P330 Tiny update.


Either it is a false positive or Lenovo have another PR issue they need to resolve. Virus Total identifies it as a number of different forms of Malware, and the Recovery Tool makes major changes to your system so not surprising it might get flagged as a virus.

 

It would be good if we could get an official response from Lenovo. They do say to disable Virus protection during the USB Key Creation process. 

 

What is also important for me is if they USB Key created correctly or not - if it is a false positive has the Bootkill32 programme been damaged/disabled by Windows Defender during the creation process it could prevent a recovery.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete