Related blog content
Decoy Microsoft Word document delivers malware through a RAT
Backdoor.Orcus is a Remote Access Trojan (RAT) that is being sold on underground forums.
Backdoor.Orcus often creates Scheduled Tasks to gain persistence. The Scheduled Tasks have names like Orcus Respawner.job or Orcus.job.
Backdoor.Orcus offers a lot of configurability options. Installing a keylogger is one of these options.
Malwarebytes protects users from Backdoor.Orcus by using real-time protection.
Malwarebytes blocks Backdoor.Orcus
Malwarebytes can removes Backdoor.Orcus without further user interaction.
Users of affected computers should take precautions against the consequences of stolen information.
Scheduled Tasks:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus
%SYSDIR%\Tasks\Orcus
%WINDIR%\Tasks\Orcus.job
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus Respawner
%SYSDIR%\Tasks\Orcus Respawner
%WINDIR%\Tasks\Orcus Respawner.job
Select your language