C:WINDOWSsmss.exe

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

pcPitstop has analyzed my system and says that the following file is a virus:
Full Path C:\WINDOWS\smss.exe
Vendor JAJSoft
Product ClientServerRuntimeSubSystem
Version 1.01
File Size 49152 bytes

Description
Dalbug/Ladex worm
Recommendation

DISABLE AND REMOVE IMMEDIATELY. This file is most likely a virus or trojan.
--------------------------------------------------------------------------

I see that smss.exe is currently running and am sceptical about this
warning. Aluria/Ad-aware/NAV do not pick it up. Can anyone tell me if I
should take this seriously and try to remove it? If so, how? Thanks.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Smss.exe is a process which is a part of the Microsoft Windows Operating System.
It is called the Session Manager SubSystem and is responsible for handling sessions
on your system. This program is important for the stable and secure running of your
computer and should not be terminated.
Ref: http://www.liutilities.com/products/wintaskspro/processlibrary/smss/

What is smss.exe? Is smss.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/smss.exe.html

Check this with Security Task Manager
http://www.neuber.com/taskmanager/

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

-------------------------------------------------------------------------------

"Victor" wrote:

| pcPitstop has analyzed my system and says that the following file is a virus:
| Full Path C:\WINDOWS\smss.exe
| Vendor JAJSoft
| Product ClientServerRuntimeSubSystem
| Version 1.01
| File Size 49152 bytes
|
| Description
| Dalbug/Ladex worm
| Recommendation
|
| DISABLE AND REMOVE IMMEDIATELY. This file is most likely a virus or trojan.
| --------------------------------------------------------------------------
|
| I see that smss.exe is currently running and am sceptical about this
| warning. Aluria/Ad-aware/NAV do not pick it up. Can anyone tell me if I
| should take this seriously and try to remove it? If so, how? Thanks.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Did you try their forums?
http://support.pcpitstop.com

If it's real they should have more info. If it's a false positive they
would want to know that too.

I always look with suspicion at any application file that is installed
in the Windows or Windows\System(32) directory. That's not a good
place for applications to place their files.

victord66 <victord66@discussions.microsoft.com> wrote in message news:<C4A5D13F-42C2-4B4F-8D3C-D5F62CC5EEB5@microsoft.com>...
> pcPitstop has analyzed my system and says that the following file is a virus:
> Full Path C:\WINDOWS\smss.exe
> Vendor JAJSoft
> Product ClientServerRuntimeSubSystem
> Version 1.01
> File Size 49152 bytes
>
> Description
> Dalbug/Ladex worm
> Recommendation
>
> DISABLE AND REMOVE IMMEDIATELY. This file is most likely a virus or trojan.
> --------------------------------------------------------------------------
>
> I see that smss.exe is currently running and am sceptical about this
> warning. Aluria/Ad-aware/NAV do not pick it up. Can anyone tell me if I
> should take this seriously and try to remove it? If so, how? Thanks.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Carey, are you concerned in any way that this particular SMSS.EXE is
in the Windows directory and not the Windows System32 directory? Is it
possible you missed that detail? For example, this trojan uses a
program named SMSS.EXE in the Windows directory; I don't think it's
legitimate.
http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_NETZZAK.B

"Carey Frisch [MVP]" <cnfrisch@nospamgmail.com> wrote in message news:<eQkL5OetEHA.2516@TK2MSFTNGP11.phx.gbl>...
> Smss.exe is a process which is a part of the Microsoft Windows Operating System.
> It is called the Session Manager SubSystem and is responsible for handling sessions
> on your system. This program is important for the stable and secure running of your
> computer and should not be terminated.
> Ref: http://www.liutilities.com/products/wintaskspro/processlibrary/smss/
>
> What is smss.exe? Is smss.exe spyware or a virus?
> http://www.neuber.com/taskmanager/process/smss.exe.html
>
> Check this with Security Task Manager
> http://www.neuber.com/taskmanager/
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Thanks for all of your help guys. This file was in fact a virus, or a
leftover of a virus. When I checked the properties of the file it was "Sun
Microsystems" and not Microsoft like the others. And it was the one in my
startup file which was checked off. I unchecked it, rebooted and deleted the
file then ran a virus scan and pcPitstop again and all seems fine. But why
would Sun Microsystems install such a file? It really didn't seem to be
doing anything.....


"Bad Zymosis" wrote:

> Did you try their forums?
> http://support.pcpitstop.com
>
> If it's real they should have more info. If it's a false positive they
> would want to know that too.
>
> I always look with suspicion at any application file that is installed
> in the Windows or Windows\System(32) directory. That's not a good
> place for applications to place their files.
>
> victord66 <victord66@discussions.microsoft.com> wrote in message news:<C4A5D13F-42C2-4B4F-8D3C-D5F62CC5EEB5@microsoft.com>...
> > pcPitstop has analyzed my system and says that the following file is a virus:
> > Full Path C:\WINDOWS\smss.exe
> > Vendor JAJSoft
> > Product ClientServerRuntimeSubSystem
> > Version 1.01
> > File Size 49152 bytes
> >
> > Description
> > Dalbug/Ladex worm
> > Recommendation
> >
> > DISABLE AND REMOVE IMMEDIATELY. This file is most likely a virus or trojan.
> > --------------------------------------------------------------------------
> >
> > I see that smss.exe is currently running and am sceptical about this
> > warning. Aluria/Ad-aware/NAV do not pick it up. Can anyone tell me if I
> > should take this seriously and try to remove it? If so, how? Thanks.
>