Skip to main content
Microsoft Security Intelligence
Published Jan 18, 2007 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: Spam-Mailbot.c!Rootkit (McAfee) Backdoor.Rustock (Sunbelt Software) Backdoor.Rustock.B (Symantec)


Backdoor:Win32/Rustock is a rootkit-enabled proxy trojan used to send large volumes of spam from infected computers. The trojan consists of a user mode installer and a kernel mode rootkit driver. The rootkit driver hides registry keys, files, TCP ports and memory objects and also hides itself from applications containing the following strings: RootkitReveller, BlackLight, Rkdetector, Gmer, Endoscope, DarkSpy, Anti-rootkit.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see
Follow us