| Port No | 25799 |
| Service Name | FREDDY |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor program copies itself to a WINTOOL.EXE file and drops a WATCHDLL.DLL file in the Windows directory. It opens a TCP port, 25799, by default to wait for connections from the server component. |
| Reference Link | FREDDY |
| Attack | Solution: Click Start>Run, type Regedit then hit the Enter key. In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>Run In the right panel, right-click and then delete these registry values: wintool.exe = "%windir%\WINTOOL.EXE" In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft Under the registry key, Microsoft, right click and then delete this folder: General Close the Registry Editor window. Restart your computer. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_FREDDY.D, BKDR_FREDDY.E, BKDR_FREDDYDLL.D and TROJ_JOINRFRDY.D, To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.