| Port No | 21554 |
| Service Name | Freddy |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Freddy beta 2 is a German trojan. This trojan does have an edit server program, which allows an email address to be notified when the infected computer comes online. |
| Reference Link | Freddy Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Key: winapi.exe It does the following : Change data/time Disable/enable ALT-CTRL-DEL Get screen shot Hide/show desktop Hide/show task bar Monitor on/off Open/close CD-Rom Send message Send to URL Removal : 1. Remove the winapi.exe key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close winapi.exe. 3. Delete the trojan file winapi.exe in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.