Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

WSSE.DLL is Rootkit Sinowal

$
0
0

Rootkit WSSE.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of WSSE.DLL may be a very difficult process.
You should use anti-rootkit software to fix the WSSE.DLL problem.

Malware Analysis of WSSE.DLL
Full path on a computer: %Common Appdata%\551\WSSE.DLL

Detected by UnHackMe:

Item Name: Copier
Author:
Related File: {118BEDCC-A901-4203-B4F2-ADCB957D1887}
Type: Shell Services DelayLoad

After first reboot detected by UnHackMe:

Item Name: AppInit_DLLs
Author: Unknown
Related File: %Common Appdata%\551\WSSE.DLL,
Type: List of Injected DLLs

Removal Results: Success
Number of reboot: 1

WSSE.DLL is known as:

Rootkit.Sinowal

WSSE.DLL hash:

  • MD5: 5e0e410305cd293310d455d7c5705ccf
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WSSE.DLL presence?
Registry:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Copier: “{118BEDCC-A901-4203-B4F2-ADCB957D1887}”
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs: 0×00000001
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs: 0×00000000
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “%Common Appdata%\551\WSSE.DLL,”
Folders:
  • %Common Appdata%\551
  • %WinDir%\Installer\830fc08c-3608-4b92-b6ed-b394b4268372
Files:
  • %Common Appdata%\551\49703.dat
  • %Common Appdata%\551\49703.dll
  • %Common Appdata%\551\ffxd.dat
  • %Common Appdata%\551\jdlr.dat
  • %Common Appdata%\551\WSSE.DLL
  • %WinDir%\Installer\255ad2be-dfc6-47c2-b4a1-0efb2bb4ec91


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>