Short Bio

Backdoor.Orcus is a Remote Access Trojan (RAT)  that is being sold on underground forums.


Backdoor.Orcus often creates Scheduled Tasks to gain persistence. The Scheduled Tasks have names like Orcus Respawner.job or Orcus.job.

Type and source of infection

Backdoor.Orcus offers a lot of configurability options. Installing a keylogger is one of these options.


Malwarebytes protects users from Backdoor.Orcus by using real-time protection.

block Backdoor.Orcus

Malwarebytes blocks Backdoor.Orcus


Malwarebytes can removes Backdoor.Orcus without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Users of affected computers should take precautions against the consequences of stolen information.


Scheduled Tasks:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus



HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Orcus Respawner

%SYSDIR%\Tasks\Orcus Respawner

%WINDIR%\Tasks\Orcus Respawner.job

Select your language