Rootkit WSSE.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of WSSE.DLL may be a very difficult process.
You should use anti-rootkit software to fix the WSSE.DLL problem.
Malware Analysis of WSSE.DLL
Full path on a computer: %Common Appdata%\551\WSSE.DLL
Detected by UnHackMe:
Item Name: Copier
Author:
Related File: {118BEDCC-A901-4203-B4F2-ADCB957D1887}
Type: Shell Services DelayLoad
After first reboot detected by UnHackMe:
Item Name: AppInit_DLLs
Author: Unknown
Related File: %Common Appdata%\551\WSSE.DLL,
Type: List of Injected DLLs
Removal Results: Success
Number of reboot: 1
WSSE.DLL is known as:
Rootkit.Sinowal
WSSE.DLL hash:
- MD5: 5e0e410305cd293310d455d7c5705ccf
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WSSE.DLL presence?
Registry:
- HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Copier: “{118BEDCC-A901-4203-B4F2-ADCB957D1887}”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs: 0×00000001
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs: 0×00000000
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “%Common Appdata%\551\WSSE.DLL,”
Folders:
- %Common Appdata%\551
- %WinDir%\Installer\830fc08c-3608-4b92-b6ed-b394b4268372
Files:
- %Common Appdata%\551\49703.dat
- %Common Appdata%\551\49703.dll
- %Common Appdata%\551\ffxd.dat
- %Common Appdata%\551\jdlr.dat
- %Common Appdata%\551\WSSE.DLL
- %WinDir%\Installer\255ad2be-dfc6-47c2-b4a1-0efb2bb4ec91