Malware type: Backdoor

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:


Distribution potential:



A backdoor program is a Trojan specifically designed to allow malicious users to remotely manipulate affected systems. Like all Trojans, backdoors do not automatically propagate. They are either installed inadvertently by unsuspecting users or intentionally by malicious users.

Backdoors, like other Trojans, typically modify system settings to automatically start. Users may need to terminate backdoors before they can be deleted. Also, restoring affected systems may require procedures other than scanning with an antivirus program.

For additional information about this threat, see:

Description created: Oct. 14, 2009 12:57:01 AM GMT -0800


File type: SYS

Memory resident:  No

Size of malware: Varies

Initial samples received on: Sep 13, 2009


This backdoor may be dropped by other malware.

It is used by other malware for its rootkit functionalities.

It hides files, processes, and/or registry entries.

It may also be used by other malware in performing their malicious routines. However, it requires other components in order to run properly.

Updated By: Sabrina Sioting


Minimum scan engine version needed: 8.900

Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.


For Windows ME and XP users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

 Step 1: Scan your computer with your Trend Micro product to delete files detected as BKDR_RUSTOCK.SMB  

*Note: If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

 Step 2: Restart in Safe Mode  [learn how]

 Step 3: Search and delete the file detected as BKDR_RUSTOCK.SMB  [learn how]

*Note: Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files in the search result.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.