Troj/Netbus

Please read the instructions for removing Trojans.

Troj/Netbus is a backdoor Trojan.

In common with most other backdoors it has two components, a client and a server. Once installed the server component will run silently and listen for TCP/IP connections from remote machines.

Anyone with the client component can then connect to the machine running the server and control various functions of that machine.

Functions available via the client include the ability to take screen captures from the server, display messages and images, open and shut the CD tray, move the mouse cursor, run any program present on the server, and shutdown Windows on the server.

Later versions of Troj/Netbus also include facilities to upload and download files between the client and server machines, disable the keyboard on the server, scan ports, change passwords, and set the server to send email notifications when it is active.

All features from early versions are retained in later ones. Various registry key changes are made.