detection icon

Short Bio

Backdoor.Orcus is a Remote Access Trojan (RAT) that is being sold on underground forums.


Backdoor.Orcus often creates Scheduled Tasks to gain persistence. The Scheduled Tasks have names like Orcus Respawner.jobor Orcus.job.

Type and source of infection

Backdoor.Orcus offers a lot of configurability options. Installing a keyloggeris one of these options.


block Backdoor.Orcus

Malwarebytes blocks Backdoor.Orcus


Malwarebytes can removes Backdoor.Orcus without further user interaction.

  1. Please download Malwarebytesto your desktop.
  2. Double-click MBSetup.exeand follow the prompts to install the program.
  3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantineto remove the found threats.
  7. Reboot the system if prompted to complete the removal process.

Users of affected computers should take precautions against the consequences of stolen information.


Scheduled Tasks:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus%SYSDIR%\Tasks\Orcus%WINDIR%\Tasks\Orcus.jobHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus Respawner%SYSDIR%\Tasks\Orcus Respawner%WINDIR%\Tasks\Orcus Respawner.job