Hello. If you encounter mssecsvc.exe – what is this process that keeps showing up in task manager and creating a load on your system? Let me tell you right away that you are dealing with a dangerous virus that spreads very quickly. Therefore, let’s take a look at the scheme of how to remove the Trojan from your computer permanently.
Overview of the mssecsvc process
Not too long ago, millions of users around the world encountered the WannaCry encryptor blocking access to important files. Good thing that the hole in Windows security was quickly fixed by releasing updates.
But now users are facing a new problem in the form of a Trojan script launched by mssecsvc.exe. Infection paths can range from installing false software updates on your PC to opening attachments in e-mails you receive. Most often such messages come from senders known to you, which can be misleading.
As soon as the virus gets on your disk, the following happens:
- Data starts to be encrypted at an incredible speed;
- The tracking of all user actions in the browser is activated;
- A database of information about the PC owner is collected and sent to the attackers’ servers.
After a few hours (sometimes even days), Windows is completely blocked, and a notification is displayed telling the user to pay a ransom to unlock it.
I warn you right away – do not go along with the “cyber bandits”, otherwise you will spend money and not get the desired result.
So what should you do?
How to remove mssecsvc.exe?
If you notice that after every computer boot the file constantly appears in task manager (run with Ctrl + Esc + Shift ), it means we have to act urgently, because the Trojan has already activated.
Right-click on the specified item and select menu item “Open file location” (in different Windows versions it may be positioned either on the first position in the list of actions or somewhere in the middle);
When a folder with the file will be opened, then in the path line should also be right-click and “Copy address as text” (I apologize for the English-language screenshots – I can not show you personal example, I had to borrow images from a foreign resource):
- Now we start the antivirus, installed on the laptop. It can be Kaspersky, Node32, but I will use the free Avast as a demonstration. Open the “Protection” tab and then select the “Antivirus” section:
- Among the suggested scan options you should specify “Other…” to be able to set your own scanning parameters:
- Again, there are several methods. “Folder Scan” is suitable for us. Click on it:
- Next, you need to select a directory from the list, or you can write the path in the line below. Then paste there the address you have copied earlier (see the second paragraph of the instruction):
- Now you just need to wait for the completion of the thorough scan. If the security software detects a threat, but there are obstacles to removal, you should open the Task Manager again and stop the process mssecsvc.exe (terminate). Ideally, it is better to start manipulation with this very step, having previously opened the location of the object to copy the address.
Is the virus appearing again?
This is also probable. In that case you will have to enter Safe Mode. Restart the computer, at the startup press F8. This should be done quickly, so as not to miss the moment, otherwise you will have to do it all over again. Or follow the link above and see other ways.
When the menu is displayed, select the appropriate item:
Do not be alarmed when you see large desktop icons and a black background instead of the wallpaper. This is how it should be. Next, you will need to open the location of the malicious file mssecsvc.exe again via Task Manager and simply delete it manually.
Most often it is located in the Windows folder:
C / Windows /
If the Trojan has managed to encrypt some of the information, restoring the system will help (launching the in the Control Panel), which will help return the OS to an earlier state – provided this functionality was activated earlier and rollback points were created.
In the opposite case – the situation is more unfortunate, because there is no algorithm for reverse decryption. Even if you pay attackers, the information will not return to its original form.
We have understood a bit about mssecsvc.exe – what is this process that constantly appears, how to remove it correctly. Maybe you have your own story about it, know other solutions – share them in the comments, if you do not mind.
18.12.2017 10:00 5776