Freddy62.exe (Freddy62) Worm Virus File Information

Danger Freddy62.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Threat Name: Koobface Worm (Click Here To Learn More)
Type: Computer Worm (Click Here To Learn More)
Location: C:\WINDOWS\freddy62.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Freddy62.exe is another variant of the koobface worm. The koobface worm is spread through social networks online. The koobface worm has the ability to send information to a remote location on the web. Below is our recommended removal tool for Freddy62.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

Manual Removal – Freddy62.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Freddy62.exe File Details -
File Type – EXE – Freddy62.exe is a executable file
First Identified – Sep 2 2023

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)
5. What is the koobface worm? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Malware Removal

This entry was posted on Wednesday, September 2nd, 2023 at 1:43 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Freddy62.exe (Freddy62) Worm Virus File Information”

Carol Nyffenegger September 2nd, 2023 at 9:24 pm

I have spyware doctor already but it neglected to identify the freddy62.exe virus.

Guru September 3rd, 2023 at 1:46 am

Carol,

Can you please submit the file here

https://www.pctools.com/mrc/submit/

Kind Regards,
Guru

Tim September 9th, 2023 at 5:19 pm

Here is a copy of our HijackThis logfile. Please tell me what I need to do to rid myself of Freddy62.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:17 PM, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ruth\Desktop\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell4me.com/myway
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://bfc.myway.com/search/de_srchlft.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.suntrust.com/portal/server.pt?space=CommunityPage&cached=true&parentname=CommunityPage&parentid=0&in_hi_userid=2&control=SetCommunity&CommunityID=766&PageID=0
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 – URLSearchHook: (no name) – *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} – (no file)
R3 – URLSearchHook: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 – BHO: (no name) – AutorunsDisabled – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: Spybot-S&D IE Protection – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: DriveLetterAccess – {5CA3D70E-1895-11CF-8E15-001234567890} – C:\WINDOWS\system32\dla\tfswshx.dll
O2 – BHO: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: (no name) – {BA52B914-B692-46c4-B683-905236F6F655} – (no file)
O3 – Toolbar: AVG Security Toolbar – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 – HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 – HKLM\..\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe”
O4 – HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [dellsupportcenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P dellsupportcenter
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [sysfbtray] c:\windows\freddy62.exe
O4 – HKCU\..\Run: [DellSupport] “C:\Program Files\DellSupport\DSAgnt.exe” /startup
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 – HKUS\S-1-5-21-2364390362-2415058723-1815735988-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘QBDataServiceUser’)
O4 – HKUS\S-1-5-21-2364390362-2415058723-1815735988-1010\..\Run: [DellSupport] “C:\Program Files\Dell Support\DSAgnt.exe” /startup (User ‘QBDataServiceUser’)
O4 – Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – AutorunsDisabled – (no file)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\system32\Shdocvw.dll
O9 – Extra button: (no name) – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra ‘Tools’ menuitem: Spybot – Search & Destroy Configuration – {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) – https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – https://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) – https://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
O16 – DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) – https://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 – DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) – https://www.adobe.com/products/acrobat/nos/gp.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 – Protocol: intu-help-qb1 – {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} – C:\Program Files\Intuit\QuickBooks 2023\HelpAsyncPluggableProtocol.dll
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O18 – Protocol: qbwc – {FC598A64-626C-4447-85B8-53150405FD57} – mscoree.dll (file missing)
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: DSBrokerService – Unknown owner – C:\Program Files\DellSupport\brkrsvc.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Intel NCS NetService (NetSvc) – Intel(R) Corporation – C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: QBCFMonitorService – Intuit – C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 – Service: Intuit QuickBooks FCS (QBFCService) – Intuit Inc. – C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 – Service: QuickBooksDB – Intuit, Inc. – C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 – Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) – SupportSoft, Inc. – C:\Program Files\Dell Support Center\bin\sprtsvc.exe


End of file – 9051 bytes

Leave a Reply