Backdoor.Orcus

Short Bio

Backdoor.Orcus is a Remote Access Trojan (RAT) that is being sold on underground forums.

Symptoms

Backdoor.Orcus often creates Scheduled Tasks to gain persistence. The Scheduled Tasks have names like Orcus Respawner.jobor Orcus.job.

Type and source of infection

Backdoor.Orcus offers a lot of configurability options. Installing a keyloggeris one of these options.

Protection

block Backdoor.Orcus

Malwarebytes blocks Backdoor.Orcus

Remediation

Malwarebytes can removes Backdoor.Orcus without further user interaction.

  1. Please download Malwarebytesto your desktop.
  2. Double-click MBSetup.exeand follow the prompts to install the program.
  3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
  4. Click on the Get started button.
  5. Click Scan to start a Threat Scan.
  6. Click Quarantineto remove the found threats.
  7. Reboot the system if prompted to complete the removal process.
Users of affected computers should take precautions against the consequences of stolen information.

Traces/IOCs

Scheduled Tasks:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus%SYSDIR%\Tasks\Orcus%WINDIR%\Tasks\Orcus.jobHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus Respawner%SYSDIR%\Tasks\Orcus Respawner%WINDIR%\Tasks\Orcus Respawner.job

Select your language