Rootkit WSSE.DLL is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of WSSE.DLL may be a very difficult process.
You should use anti-rootkit software to fix the WSSE.DLL problem.
Malware Analysis of WSSE.DLL
Full path on a computer: %Common Appdata%\551\WSSE.DLL
Detected by UnHackMe:
Item Name: Copier
Author:
Related File: {118BEDCC-A901-4203-B4F2-ADCB957D1887}
Type: Shell Services DelayLoad
After first reboot detected by UnHackMe:
Item Name: AppInit_DLLs
Author: Unknown
Related File: %Common Appdata%\551\WSSE.DLL,
Type: List of Injected DLLs
Removal Results: Success
Number of reboot: 1
WSSE.DLL is known as:
Rootkit.Sinowal
WSSE.DLL hash:
- MD5: 5e0e410305cd293310d455d7c5705ccf
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WSSE.DLL presence?
Image may be NSFW.
Clik here to view.
Registry:
Clik here to view.
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Copier: “{118BEDCC-A901-4203-B4F2-ADCB957D1887}”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs: 0×00000001
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\RequireSignedAppInit_DLLs: 0×00000000
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “%Common Appdata%\551\WSSE.DLL,”
Image may be NSFW.
Clik here to view.Folders:
Clik here to view.
Folders:- %Common Appdata%\551
- %WinDir%\Installer\830fc08c-3608-4b92-b6ed-b394b4268372
Image may be NSFW.
Clik here to view.Files:
Clik here to view.
Files:- %Common Appdata%\551\49703.dat
- %Common Appdata%\551\49703.dll
- %Common Appdata%\551\ffxd.dat
- %Common Appdata%\551\jdlr.dat
- %Common Appdata%\551\WSSE.DLL
- %WinDir%\Installer\255ad2be-dfc6-47c2-b4a1-0efb2bb4ec91
