Skip to main content


Home Orcus

Orcus

Also known as: Orcus remote access trojan, Orcus RAT, Schnorchel

Category: Malware

Type: Remote access trojan, password-stealing virus, banking malware, spyware, backdoor

Platform: Windows

Variants: W32/Orcus.A.gen!Eldorado, A Variant Of MSIL/Orcusrat.D, MSIL.Backdoor.Orcus.A, Backdoor:MSIL/Orcus.A!bit

Damage potential: Unauthorized access to systems, exposure of sensitive data, surveillance through webcam and microphone, payloads, DDoS attacks

Overview

Orcus is a type of malicious software that enables cybercriminals to access and control computers and networks. Once on a system, Orcus can activate the webcam, take screenshots, record audio, and steal sensitive data like passwords.

Possible symptoms

Similar to other trojans, Orcus operates covertly and is difficult to detect, but you may suspect Orcus infection if you notice:

  • Unexpected system behavior or slowdowns
  • Unauthorized system changes, including new files named “Orcus”
  • Scheduled tasks with names like “Orcus Respawner.job” or “Orcus.job” running in the Task Manager
  • Suspicious network activity from unknown IP addresses
  • Software or tools appearing on the system without user installation

Sources of the infection

Orcus typically infiltrate systems as a downloadable attachment or a link in an email. Other methods of infection include:

  • Drive-by downloads (unintentional downloads triggered by clicking on a link, attachment, or pop-up) from infected websites
  • Software downloads or files bundled with Orcus

Protection

  • Make sure your operating system and software are up-to-date.
  • Use a reputable antivirus or antimalware solution.
  • Avoid downloading software from unofficial sources.
  • Use NordVPN’s Threat Protection to scan downloads for malware and block malware-ridden websites.
  • Be cautious about email attachments, especially from unknown senders.
  • Regularly back up data to a secure, offline location.

Removal

If you suspect your device might be infected with Orcus, follow these steps:

  • Disconnect the infected device from the internet.
  • Use a reliable antivirus or anti-malware tool to scan and remove Orcus and related components.
  • After removal, change all passwords, especially for online accounts and banking services.
  • If you’re still unsure about the complete removal, consider getting expert help or restoring the system from a clean backup.