Jump to content

Backdoor.Remcos detected in Intel Program folder


Recommended Posts

Hey guys,

Newbie here.

I've run a Custom Scan on my machine because it was getting a bit slow and a Backdoor.Remcos was detected in the LIBCRYPTO-1_1.DLL file in an Intel Install folder (Scan report attached below, sorry, it's in French, I can provide translations if needed)  .

Have you ever had this file detected as a malware ? Is this a false positive ? Or has my machine really been infected by something ?

 

I've quarantined then rebooted then deleted the file. I hope I won't suffer any consequences in the long-term..

What do you guys think about this ?

 

Lichew.

 

 

 

-------------------------------------------------------------------------------------------

-Détails du journal-
Date de l'analyse: 27/03/2020
 

-Informations du logiciel-
Version: 4.0.4.49
Version de composants: 1.0.823
Version de pack de mise à jour: 1.0.21452
Licence: Gratuit

-Résumé de l'analyse-
Type d'analyse: Analyse personnalisée
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 610725
Menaces détectées: 2
Menaces mises en quarantaine: 2
Temps écoulé: 1 h, 53 min, 3 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 0
(Aucun élément malveillant détecté)

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 0
(Aucun élément malveillant détecté)

Fichier: 2
Adware.FusionCore, C:\$WINDOWS.~BT\NEWOS\USERS\UTILISATEUR\DOWNLOADS\FILEZILLA_3.47.2.1_WIN64_SPONSORED-SETUP.EXE, En quarantaine, 7449, 801535, 1.0.21452, , ame,
Backdoor.Remcos, C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\ICLS\LIBCRYPTO-1_1.DLL, En quarantaine, 2105, 796212, 1.0.21452, , ame,

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)

Link to post
Share on other sites

Hey,

Thanks for your quick answer. I don't really know how to do that without potentially reinfect my machine 😕

Also I've deleted the file and I'm not sure if Malwarebytes kept a copy.

 

Link to post
Share on other sites

Can you fetch the scan log instead? If there is more please fetch only those created on 27th March 2020.
C:\ProgramData\Malwarebytes\MBAMService\ScanResults is the location.

 

Edited by TwinHeadedEagle
Link to post
Share on other sites

Hi Lichew, 
Could you navigate to C:\ProgramData\Malwarebytes\MBAMService and zip/rar the logs folder and attach it here so we can have a look please?

Thank you

Link to post
Share on other sites

Thanks for those, if you do a rescan is the file still detected? If so can you please click the gear setting in Malwarebytes and then  on the general tab enable Event log data and do a new scan. Once the scan completes repeat the steps from my previous post please.

settings.png.1d495249d46bd867ad36ed4e62d39633.png

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.