Jump to content

Backdoor.Remcos detected in Intel Program folder

Recommended Posts

Hey guys,

Newbie here.

I've run a Custom Scan on my machine because it was getting a bit slow and a Backdoor.Remcos was detected in the LIBCRYPTO-1_1.DLL file in an Intel Install folder (Scan report attached below, sorry, it's in French, I can provide translations if needed)  .

Have you ever had this file detected as a malware ? Is this a false positive ? Or has my machine really been infected by something ?


I've quarantined then rebooted then deleted the file. I hope I won't suffer any consequences in the long-term..

What do you guys think about this ?







-Détails du journal-
Date de l'analyse: 27/03/2020

-Informations du logiciel-
Version de composants: 1.0.823
Version de pack de mise à jour: 1.0.21452
Licence: Gratuit

-Résumé de l'analyse-
Type d'analyse: Analyse personnalisée
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 610725
Menaces détectées: 2
Menaces mises en quarantaine: 2
Temps écoulé: 1 h, 53 min, 3 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 0
(Aucun élément malveillant détecté)

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 0
(Aucun élément malveillant détecté)

Fichier: 2
Adware.FusionCore, C:\$WINDOWS.~BT\NEWOS\USERS\UTILISATEUR\DOWNLOADS\FILEZILLA_3.47.2.1_WIN64_SPONSORED-SETUP.EXE, En quarantaine, 7449, 801535, 1.0.21452, , ame,
Backdoor.Remcos, C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\ICLS\LIBCRYPTO-1_1.DLL, En quarantaine, 2105, 796212, 1.0.21452, , ame,

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


Link to post
Share on other sites


Thanks for your quick answer. I don't really know how to do that without potentially reinfect my machine 😕

Also I've deleted the file and I'm not sure if Malwarebytes kept a copy.


Link to post
Share on other sites

Can you fetch the scan log instead? If there is more please fetch only those created on 27th March 2020.
C:\ProgramData\Malwarebytes\MBAMService\ScanResults is the location.


Edited by TwinHeadedEagle
Link to post
Share on other sites

Hi Lichew, 
Could you navigate to C:\ProgramData\Malwarebytes\MBAMService and zip/rar the logs folder and attach it here so we can have a look please?

Thank you

Link to post
Share on other sites

Thanks for those, if you do a rescan is the file still detected? If so can you please click the gear setting in Malwarebytes and then  on the general tab enable Event log data and do a new scan. Once the scan completes repeat the steps from my previous post please.


Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.