Rootkit MSDR.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of MSDR.DLL may be a very difficult process.
You should use anti-rootkit software to fix the MSDR.DLL problem.
Malware Analysis of MSDR.DLL
Full path on a computer: %Common Appdata%\551\MSDR.DLL
Detected by UnHackMe:
Item Name: Copier
Author:
Related File: {118BEDCC-A901-4203-B4F2-ADCB957D1887}
Type: Shell Services DelayLoad
After first reboot detected by UnHackMe:
Item Name: AppInit_DLLs
Author: Unknown
Related File: %Common Appdata%\551\MSDR.DLL,
Type: List of Injected DLLs
Removal Results: Success
Number of reboot: 1
MSDR.DLL is known as:
Rootkit.Sinowal
MSDR.DLL hash:
- MD5: 5e0e410305cd293310d455d7c5705ccf
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect MSDR.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Copier: “{118BEDCC-A901-4203-B4F2-ADCB957D1887}”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs: 0×00000001
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs: 0×00000000
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “%Common Appdata%\551\MSDR.DLL,”
Folders:- %Common Appdata%\551
- %WinDir%\Installer\830fc08c-3608-4b92-b6ed-b394b4268372
Files:- %Common Appdata%\551\49703.dat
- %Common Appdata%\551\49703.dll
- %Common Appdata%\551\ffxd.dat
- %Common Appdata%\551\jdlr.dat
- %Common Appdata%\551\MSDR.DLL
- %WinDir%\Installer\255ad2be-dfc6-47c2-b4a1-0efb2bb4ec91