1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Backdoor.Hugly Activity

System Infected: Backdoor.Hugly Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects Backdoor Hugly activity on the compromised computer.

Additional Information

When the Trojan is executed, it creates a mutex to ensure it is the only copy of itself running on the compromised computer.

Then it drops and executes the following files:

%ProgramFiles%\[CHINESE CHARACTERS].hwp
%ProgramFiles%\Common Files\config.exe

Next, the Trojan injects code into the following file before executing it:

The Trojan then deletes the following file:

It then drops the following file:
%ProgramFiles%\Windows NT\hyper.dll


  • Windows 2000, Windows 7, Windows NT, Windows Vista, Windows XP
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube