| Port No | 56565 |
| Service Name | OSIRIS |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is the set of components (server, client) of a backdoor malware. It uses a server component to infect a target computer and uses a client component to access and control the infected computer. It compromises security. It allows hackers access to and control over its infected computer. The server program opens a default port 56565 where it waits for commands to execute from the user of the client component. |
| Reference Link | OSIRIS |
| Attack | Solution Click Start>Run, type Regedit then hit the Enter key. In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>Windows >CurrentVersion>Run In the right panel, look for and then delete this registry entry: ”kernel32=%SYSTEM%\KERNEL32.EXE” Close the Registry. Click Start>Run, type Sysedit then hit the Enter key. Choose the AUTOEXEC.BAT window, look for and then delete this line: %SYSTEM%\KERNEL32.EXE Save the modification. Choose the WIN.INI window, look for and then delete this entry under the [windows] section: %SYSTEM%\KERNEL32.EXE Save and close the System editor window. Reboot your system. Go to your %System% directory usually located at C:\Windows\system and delete this file: KERNEL32.EXE. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_OSIRIS.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.