Mssecsvc.exe is a part of notorious WannaCry - delete it immediately

Mssecsvc.exe is a malicious executable that is created by WannaCry ransomware

Mssecsvc.exe is an executable that is running in the background and can be seen in the Task Manager during the operation of the PC. The process can be found in Windows XP, 7, 8, and 10 and is usually located in C: \Windows, although cases, where the malicious executable was placed in C:\ subfolder, were also observed.

Mssecsvc.exe is not a safe file and is used to hijack service sector (it loads mssecsvc2.0 service under the name Microsoft Security Center (2.0) Service) in Windows operating system – these programs load at the system boot. It is a part of the malware family called WannaCry – a ransomware virus that enters machines by using tricky infiltration techniques and encrypts all files on the computer, as well as all the connected networks.

Name Mssecsvc.exe
Type Malicious file
Belongs to WannaCry ransomware
Location  C:\WINDOWS\mssecsvc.exe
Affected systems Windows XP, 7, 8, and 10
Related service mssecsvc2.0
Related service name Microsoft Security Center (2.0) Service
Termination Use anti-malware software to remove WannaCry along with the malicious Mssecsvc.exe file

After encrypting files, WannaCry ransomware loads a pop-up window under the name of Wana Decrypt0r 2.0, which is essentially a message from hackers. It explains that to unlock files, victims need to transfer $300 worth of Bitcoin into a provided wallet. Nevertheless, users should rather focus on WannaCry and Mssecsvc.exe removal, as hackers themselves are unable to decrypt the locked files.

WannaCry – the ransomware that shocked the world

WannaCry is the name that became known thanks to multiple media articles when the virus struck numerous high-profile organizations and governmental institutions in Russia, Ukraine, UK, USA, Brazil, Australia, Japan, France, and others.

The attack began in May 2017, and within the first day of its reign, managed to infect more than 230,000 computers around the world. The impacted organizations include Honda, FedEx, NHS, Russian Railways, São Paulo Court of Justice, O2, Nissan, Hitachi, etc.

WannaCry caused approximately $4 billion worth of damages and put multiple organizations at the stall for a certain period of time. Nevertheless, such a high rate of the infections is due to simple negligence, as only computers there were not patched with Windows April updates, which fixed the EternalBlue flaw, initially snatched from the NSA.

Nevertheless, after a few days of propagation, WannaCry was contained with a kill switch[1], which was accidentally discovered by security researcher Marcus Hutchins. It prevented the virus from spreading laterally and infecting all the devices connected to the same network. 

Nevertheless, WannaCry keeps infecting victims even today, and users can find Mssecsvc.exe process running right after the infiltration.

Mssecsvc.exe mostly gets in due to outdated operating systems

There are several ways Mssecsvc.exe can get into your computer, including:

  • Spam email attachments or hyperlinks
  • Exploit kits
  • Botnets
  • Fake updates
  • Pirated software and its cracks
  • Web injects
  • Unprotected RDP, etc.

Nevertheless, Mssecsvc.exe virus was proliferated with the help of the EternalBlue exploit,[2] so users who have old and unpatched systems are at the highest risk. Nevertheless, comprehensive security solutions would be able to prevent most of malware's entry.

To ensure that you do not get infected with threats like ransomware, you should always make sure you patch your system (the SMB flaw was patched with MS17-010 update),[3] along with all the installed software. Additionally, being attentive and staying away from pirated software sites and its cracks would stop a lot of malware from accessing your device.

Remove Mssecsvc.exe virus and only then proceed with file recovery

To remove Mssecsvc.exe virus, you will have to terminate WannaCry ransomware from your machine. To do that, you should access Safe Mode with Networking, as malware might interfere with the proper operation of the anti-malware software. We suggest using FortectIntego or SpyHunter 5Combo Cleaner for the job, although many other tools should be able to delete the infection.

After WannaCry and Mssecsvc.exe removal, you can connect your backups and copy all your personal files over (it is crucial to delete the virus first, otherwise all the recovered data will be encrypted once again). If you did not have backups prepared, you could try alternative solutions, such as running third-party recovery software or using decryption tools crafted explicitly for WannaCry-encrypted files. You can find all the instructions at the bottom of this article.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions