Event ID - 56565

Port No56565
Service NameOSIRIS
RFC Doc0
ProtocolTCP
DescriptionThis is the set of components (server, client) of a backdoor malware. It uses a server component to infect a target computer and uses a client component to access and control the infected computer. It compromises security. It allows hackers access to and control over its infected computer. The server program opens a default port 56565 where it waits for commands to execute from the user of the client component.
Reference LinkOSIRIS
AttackSolution

Click Start>Run, type Regedit then hit the Enter key.
In the left panel, double click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows
>CurrentVersion>Run
In the right panel, look for and then delete this registry entry:
”kernel32=%SYSTEM%\KERNEL32.EXE”
Close the Registry.
Click Start>Run, type Sysedit then hit the Enter key.
Choose the AUTOEXEC.BAT window, look for and then delete this line:
%SYSTEM%\KERNEL32.EXE
Save the modification.
Choose the WIN.INI window, look for and then delete this entry under the [windows] section:
%SYSTEM%\KERNEL32.EXE
Save and close the System editor window.
Reboot your system.
Go to your %System% directory usually located at C:\Windows\system and delete this file:
KERNEL32.EXE.
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_OSIRIS.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro's free online virus scanner.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.