What Does Netbus Mean?

Netbus is malware or, more specifically a Trojan, that was designed to remotely control Microsoft Windows applications over a network. The software is controversial because it can be used as a way to trigger unauthorized access to a remote computer for malicious purposes. Netbus was designed to work on Windows 95, Windows 98, Windows ME and Windows NT 4.0 operating systems.


Netbus has the ability to gain control of keystroke logging and injections, shut systems down, and perform screen captures. It can also be used to browse files, execute or delete file, open and close a computer’s CD tray, format drives, and even create booting issues. It functions primarily through “.exe” files.

Netbus may also be known as Patch.exe or SysEdit.exe.

Techopedia Explains Netbus

Netbus consists of a server program as well as a client program. The server version is installed on the victims’ system, while the client version is installed on the systems used by the intruders. In addition, Netbus is able to randomly locate the systems that have an active Netbus server installed on them.

Netbus was developed by Swedish computer programmer Carl-Fredrik Neikter, who claimed to have developed it primarily for pulling computer pranks. Even so, Netbus has been notoriously abused for various malicious purposes. For example, in 1999, attackers used Netbus to plant child pornography on a law scholar’s work computer at Lund University. Around 3,500 images were downloaded to the victim’s computer, which was later discovered by the system administrators. As a result, the law scholar lost his research position at the institution, and had to flee from the country. In 2004, he was exonerated when the court found out that Netbus was used to carry out these illegal downloads.

Netbus functions more or less the same way as Back Orifice, another controversial software designed for remote system administration. It emerged in the lat ’90s, when Netbus was already widely implemented.

The Netbus infection can be identified by verifying the Windows registry. If infected, Netbus can be removed either by using malware or spyware removal applications, or by manually deleting its entries in Windows registry.


Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.