Backdoor:WinNT/Rustock.E

Detected by Microsoft Defender Antivirus

Aliases: Backdoor:Win32/Rustock.gen!E (other) Trojan.Rootkit.Rustock.E (BitDefender) Win32/Rustock.BH (CA) Win32/Rustock.NFW (ESET) Trojan.Win32.Multis.cp (Kaspersky) W32/Nuwar.sys (McAfee) W32/Rustock.L (Norman) Troj/NtRootK-DS (Sophos) Hacktool.Rootkit (Symantec) Trojan.Multis.A (VirusBuster)

Summary

Backdoor:WinNT/Rustock.E is a generic detection for a component of Win32/Rustock. Win32/Rustock is a family of rootkit-enabled backdoor trojans that have historically been used to send large volumes of spam from infected computers. More recently, Rustock variants have been associated with Rogue Security applications.

Normally the trojan consists of 3 components which are embedded within a single binary - the dropper (which runs in user mode), the driver's installer, and the actual rootkit driver, (both of which run in kernel mode).

For more information, please see the Win32/Rustock family entry, elsewhere in our encyclopedia.

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Backdoor:WinNT/Rustock.E

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms