Smss.exe - what is it?

click fraud protection

any PC user, once Called the "Task Manager" Windows, faced with the fact that in the process tree has many obscure running services such as Rundll32.exe, Csrss.exe, Lsass.exe, Svchost.exe, and so on. D.There is another process, referred to as Smss.exe.What is this service and that it is responsible, we now face it.

Smss.exe: what is this process?

If someone is suspected that this virus, say at once: it is fundamentally wrong.The process itself is an important system service responsible for user sessions running on a single computer terminal.

If not to go into the jungle of programming and principles of the system services, we can say that the file Smss.exe is the intermediate link of the user session, which controls the system queries when incorrect completion of programs and applications.

In principle, this service can run processes such as Winlogon (login) and Win32 (Service Csrss.exe).By and large, if not properly shut down or that the application process is used Smss.exe.What is it with the user's perspective?It's simple.This service gives the system simply does not respond to requests for frozen applications, while maintaining the performance of a user session.

File Locations

outset that the system can not run more than one process Smss.exe in any user mode.

file itself can be found in the folder System32, which is located in the root directory of Windows (C: \ Windows).There, and only there must be the original service.If the same name is found the file somewhere else, it must be removed immediately, as there is every reason to believe that it is a virus.

principle of the service

So, we have service Smss.exe.What the process is started in this case from the point of view of the user, can be illustrated by a simple example.For example, if you failed, frozen applications will be closed, but the entire system will remain operational even if the user is running without administrator rights.Of course, if you change the account (login as a different user), no errors should not occur.There are, of course, exceptions.But this can only be attributed to the fact that the original file is corrupted or infected with a virus.

What to do if an error occurs or there is a suspicion of the virus?

Let's a closer look at the process Smss.exe.What is it in terms of occurrence of permanent errors?The explanation is very simple.The original process of the system is not a threat (according to some users) can not be held.Another thing, when the file may be damaged by exposure to viruses or even replaced by the same name.He also has a executable program that will be run instead of the original process.

important to know also that the force in the "Task Manager" to complete the service can not be original.If the process is completed without any problems, you can be pretty sure that this is a real virus, or attempt to penetrate the computer terminal from the outside.

The simplest way to detect the virus Smss.exe is possible by means of regular anti-virus software installed in the system.Of course, it is better to use for this powerful software packages that contain a set of features deep (extended) scan.

Naturally, this process can take even a few hours.But it's better to wait and get rid of the threat or flew over to work with the system?Here's what it is.As a rule, the virus is detected quickly enough even portable utilities such as Kaspersky Virus Removal Tool, which scans the system area of ​​the hard disk, and all running processes and startup currently running.

As a last resort, if all else fails, you can use the utilities, commonly called Rescue Disc, from different developers.Their advantage is that these packages start with either a conventional disc CD / DVD, or a USB-drive before the start of the "OSes" and allow you to detect viruses and malicious code, which can be stored or even run out of RAM.However, in most cases this is not required.

can do anything else - just ask the search files Smss.exe called on all hard disks and logical partitions, and after finding copies simply delete them.Note: copying itself to removable media such viruses are not engaged.

As for viruses, it is mainly computer worms and Trojan horses that try to gain access to a computer terminal with a view to a remote monitoring and control them.Among the most known threats can be identified Win32.Landis, W32.Dalbug.Worm, Win32.Brontok, Adware.DreamAd, Win32 Sober and others.

They can either infect the original file, or run independently, a process of replacing the Smss.exe.What is it in this case?This is the launch of a remote access control your terminal.Incidentally, the time the user may not even realize that a threat is present in the system until a really dangerous situation.It is worth to pay attention to the delay in the completion of applications and services, constant rebooting, disabling network controllers, and so on. D.

In some cases, you can use System Restore, or using the same name service in Control Panel, or by usingRecovery Console.Here only there is no guarantee that the threat will disappear after the restoration.Viruses of this type are able to disguise and under the system processes and the user's files.As you know, service is the Windows Recovery does not affect user data.

most appropriate way to remedy the situation

As is clear, the best method of getting rid of the threats associated with the service Smss.exe, is to use antivirus software.We note immediately that free packages such as AVG or Avira are unable to detect viruses of this type (tested in practice).So it is better to use at least "kreknutuyu" a more powerful version of the scanner.

At worst, you can even use the version of the type Trial, which must be activated every month in terms of extending the license to update the virus signature database and program models.This will give the best effect.But the best means to use recovery discs (Rescue Disc).That is what will guarantee that the virus will be to get rid of almost one hundred percent.In this case, however, it is necessary to use the latest versions of such software, because even when you start with network access to the Internet, most of the anti-virus databases are not updated.Just an error occurs due to the fact that they have nowhere to save, because the application is run from removable media (this applies only to optical discs CD / DVD, flash drives with no problem).

Total

Here, actually, we have considered many strange process Smss.exe.What it is probably already clear.Basically to get rid of bugs and occasionally emerging threats may be the simplest method described above.But as a rule, hackers or attackers are trying to get access to computers only to administrative accounts, so that the ordinary user with limited rights are not threatened.