Freddy64.exe (Freddy64) Worm Virus File Information

Danger Freddy64.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Threat Name: Koobface Worm (Click Here To Learn More)
Type: Computer Worm (Click Here To Learn More)
Location: C:\WINDOWS\Freddy64.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Freddy64.exe is another variant of the koobface worm. The koobface worm is spread through social networks online. The koobface worm has the ability to send information to a remote location on the web. Below is our recommended removal tool for Freddy64.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

Manual Removal – Freddy64.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Freddy64.exe File Details -
File Type – EXE – Freddy64.exe is a executable file
First Identified – Sep 16 2023
Possible Future Variants – Freddy65.exe Freddy66.exe Freddy67.exe Freddy68.exe Freddy69.exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)
5. What is the koobface worm? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Malware Removal |

This entry was posted on Wednesday, September 16th, 2023 at 12:49 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Freddy64.exe (Freddy64) Worm Virus File Information”

bill September 18th, 2023 at 10:41 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:33 AM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\pp12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\freddy65.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\sYSteM32\SvchOst.eXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://roadrunner.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 – BHO: MSN Toolbar Helper – {d2ce3e00-f94a-4740-988e-03dc2f38c34f} – C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: MSN Toolbar – {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} – C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 – HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nmctxth] “C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
O4 – HKLM\..\Run: [nmapp] “C:\Program Files\Pure Networks\Network Magic\nmapp.exe” -autorun -nosplash
O4 – HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [Microsoft Default Manager] “C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe” -resume
O4 – HKLM\..\Run: [sysldtray] C:\windows\ld14.exe
O4 – HKLM\..\Run: [sysfbtray] c:\windows\freddy65.exe
O4 – HKLM\..\Run: [pp] C:\windows\pp12.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 – Global Startup: AutorunsDisabled
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) – https://support.asus.com/common/asusTek_sys_ctrl.cab
O16 – DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) – https://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 – DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) – https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252171875796
O16 – DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) – https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 – DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) – https://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} –
O23 – Service: CaCCProvSP – CA, Inc. – C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 – Service: CAISafe – Computer Associates International, Inc. – C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 – Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) – CA, Inc. – C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Pure Networks Platform Service (nmservice) – Cisco Systems, Inc. – C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 – Service: Performance Service (nTuneService) – NVIDIA – C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: PnkBstrA – Unknown owner – C:\WINDOWS\system32\PnkBstrA.exe
O23 – Service: PnkBstrB – Unknown owner – C:\WINDOWS\system32\PnkBstrB.exe
O23 – Service: PPCtlPriv – CA, Inc. – C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 – Service: HIPS Event Manager (UmxAgent) – CA – C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 – Service: HIPS Configuration Interpreter (UmxCfg) – CA – C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 – Service: HIPS Firewall Helper (UmxFwHlp) – CA – C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 – Service: HIPS Policy Manager (UmxPol) – CA – C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 – Service: Update Center Service (UpdateCenterService) – NVIDIA – C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 – Service: VET Message Service (VETMSGNT) – CA, Inc. – C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe


End of file – 8322 bytes

Leave a Reply