Event ID - 21554

Port No21554
Service NameFREDDY
RFC Doc0
ProtocolTCP
DescriptionThis backdoor program copies itself to a WINTOOL.EXE file and drops a WATCHDLL.DLL file in the Windows directory. It opens a TCP port, 25799, by default to wait for connections from the server component.
Reference LinkFREDDY
AttackSolution:

Click Start>Run, type Regedit then hit the Enter key.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows
>CurrentVersion>Run
In the right panel, right-click and then delete these registry values:
wintool.exe = "%windir%\WINTOOL.EXE"
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft
Under the registry key, Microsoft, right click and then delete this folder:
General
Close the Registry Editor window.
Restart your computer.
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_FREDDY.D, BKDR_FREDDY.E, BKDR_FREDDYDLL.D and TROJ_JOINRFRDY.D, To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.