Backdoor.Win32.Remcos.npo removal

The Backdoor.Win32.Remcos.npo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Backdoor.Win32.Remcos.npo virus can do?

Executable code extraction
Creates RWX memory
Network activity detected but not expressed in API logs
Anomalous binary characteristics

How to determine Backdoor.Win32.Remcos.npo?


File Info:
crc32: AA07CBE4
md5: 1372e98fe6dd202c1e7ddc14e53fdb55
name: try.exe
sha1: 2ebec7dd9705b58dab416b01f8c850ab7119d7c0
sha256: 857b1912b489d86762a432547e28f16aa5b17a00db0e51b55eed5d0d8bed3381
sha512: f0db4e5efa758ce7d86ffa3d75a7db8f2203c9f3d52bb1a17271aa3560f5c48999acac8d66b3823a25d0f0aefd3a2c5511486e0272aec148d1bc7117b63d2e66
ssdeep: 1536:C3yT+6IvFIAJNvAbCAMsN4YL6DXIeXOpq3VvTN19PP/3Uu7hR4:I6OTxvbUTpqtX9n/v7f4
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0409 0x04b0
InternalName: REFLOWSSIGTE
FileVersion: 1.00
CompanyName: ubisoFT
Comments: ubisoFT
ProductName: Oleande3
ProductVersion: 1.00
FileDescription: frartriga
OriginalFilename: REFLOWSSIGTE.exe

Backdoor.Win32.Remcos.npo also known as:

McAfee	Artemis!1372E98FE6DD
Cylance	Unsafe
Sangfor	Malware
K7GW	Trojan ( 00562fc61 )
CrowdStrike	win/malicious_confidence_100% (W)
F-Prot	W32/Injector.AAM.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	Backdoor.Win32.Remcos.npo
Alibaba	Trojan:Win32/vbcrypt.ali2000008
AegisLab	Trojan.Win32.Remcos.m!c
Rising	Backdoor.Remcos!8.B89E (CLOUD)
Endgame	malicious (high confidence)
F-Secure	Heuristic.HEUR/AGEN.1028407
McAfee-GW-Edition	BehavesLike.Win32.Trojan.cm
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.VB.Crypt
Cyren	W32/Injector.AAM.gen!Eldorado
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1028407
eGambit	Unsafe.AI_Score_97%
ZoneAlarm	Backdoor.Win32.Remcos.npo
Microsoft	Trojan:Win32/Azden.B!cl
Malwarebytes	Trojan.GuLoader
ESET-NOD32	a variant of Win32/Injector.ELDA
TrendMicro-HouseCall	TROJ_GEN.R057H0CCJ20
Tencent	Win32.Backdoor.Remcos.Dwte
SentinelOne	DFI – Suspicious PE
Fortinet	W32/GuLoader.VHHT!tr
BitDefenderTheta	Gen:NN.ZevbaF.34100.hm0@aSv7JCei
AVG	Win32:Trojan-gen
Cybereason	malicious.d9705b
Qihoo-360	HEUR/QVM03.0.FF61.Malware.Gen

How to remove Backdoor.Win32.Remcos.npo?

Backdoor.Win32.Remcos.npo removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X