Microsoft security software detects and removes this threat.
This family of backdoor trojans can record which keys you press and send this information to a malicious hacker. They can also use your PC in distributed denial of service (DDos) attacks.

What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

When a Win32/Hacty variant runs, it can take actions such as the following:
  • Log keystrokes
  • Terminate processes
  • Run commands and programs by starting a remote command shell
  • Intercept certain Windows API calls in order to hide resources such as registry keys and values, processes, users, services, files, directories, and ports. The API calls are redirected to Win32/Hacty code that the Trojan has injected into processes running on the computer
  • Conduct distributed denial of service (DDoS) attacks on servers using ping, UDP, Syn, or mstream flooding
  • Exchange files between the infected computer and the attackers' computer
  • Communicate with attackers through a backdoor. The trojan may open a port for this purpose or use a port that is already open. The following protocols may be used:
    • User Datagram Protocol (UDP)
    • Transmission Control Protocol (TCP)
    • Internet Control Message Protocol (ICMP)


Alerts from your security software may be the only symptom.


Alert level: Severe
This entry was first published on: Jun 23, 2005
This entry was updated on: May 14, 2014

This threat is also detected as:
No known aliases