Any PC user who has called the Windows Task Manager at least once has encountered a lot of obscure running services in the process tree, such as Rundll32.exe, Csrss.exe, Lsass.exe, Svchost.exe , etc. There are more One process, referred to as Smss.exe. What kind of service it is and what it is responsible for, we will now understand.
Smss.exe: what is this process?
If someone suspects that this is a virus, let's say right away: this is fundamentally wrong. The process itself is an important system service responsible for user sessions running on the same computer terminal.
If you do not get into the jungle of programming and the principles of system services, we can say that the Smss.exe file is an intermediate link in a user session that monitors system requests when programs and applications are terminated incorrectly.
Basically, this service can run processes such as Winlogon (logon) and Win32 (Csrss.exe service). By and large, the process Smss.exe is used if the application terminates incorrectly. What is this from the point of view of the user? Everything is simple. This service simply does not allow the system to respond to requests to hung applications, while maintaining a healthy user session.
File location
We will make a reservation right away: more than one Smss.exe process cannot be started in the system in any user mode.
The file itself can be found in the System32 folder, which is located in the Windows root directory (C: \ Windows). There and only there should be the original service. If the file of the same name is found somewhere else, it must be deleted immediately, since there is every reason to assume that it is a virus.
Service Principle
So, we have the Smss.exe service. What kind of process is launched in this case from the point of view of the user can be explained with a simple example. Say, if you have a crash, the hung application will be closed, but the whole system will remain operational, even if the user works without administrator rights. Naturally, if you change the account (log in as a different user), no errors should occur. Of course, there are exceptions. But this can only be due to the fact that the original file is damaged or infected with a virus.
What to do if errors occur or a virus is suspected?
Let's take a closer look at the Smss.exe process. What is this in terms of persistent errors? The explanation here is the simplest. The original process of threatening the system does not (as some users believe) does not carry. Another thing is when a file can be damaged as a result of exposure to viruses or even replaced by the same name. It is an executable program that will run instead of the original process.
It is also important to know that forcibly in the "Task Manager" the original service cannot be completed. If the process ends without problems, you can be sure that it is a real virus or an attempt to penetrate the computer terminal from the outside.
The simplest way to detect the Smss.exe virus is with the help of standard anti-virus software installed in the system. Of course, it is better to use powerful software packages for this, which have in their set the function of deep (advanced) scanning.
Naturally, such a process can even last several hours. But what is better, to wait and get rid of the threat or to work with a constantly crashing system? That's it. As a rule, a virus is detected quite quickly even by portable utilities such as the Kaspersky Virus Removal Tool, which scan the system area of the hard disk and all currently running startup processes.
In extreme cases, if this does not help, you can use utilities, usually called Rescue Disc, from different developers. Their advantage is that these packages are launched either from a regular CD / DVD or from a USB drive before the start of the “OS” itself and allow viruses and malicious codes that can be stored or run even from RAM to be detected. However, in most cases this is not required.
You can do otherwise - just search for files called Smss.exe on all hard drives and logical partitions, and after finding the copies, simply delete them. Note: such viruses are not involved in self-copying onto removable media.
As for viruses, these are mainly computer worms and trojans, trying to gain access to a computer terminal in order to remotely monitor and control it. Among the most famous threats are Win32.Landis, W32.Dalbug.Worm, Win32. Brontok, Adware.DreamAd, Win32 Sober and others.
They can either infect the original file or run on their own, replacing the Smss.exe process. What is this in this case? This is the launch of remote control access to your terminal. By the way, for the time being, the user may not even realize that the threat is present in the system until a really dangerous situation occurs. Here it is worth paying attention to the untimely completion of applications and services, a constant reboot, disconnecting network controllers, etc.
In some cases, you can apply system recovery, either using the service of the same name in the Control Panel, or using the recovery console. But there is no guarantee that after restoration the threat will disappear. Viruses of this type are capable of disguising themselves as system processes and user files. As you know, the Windows Recovery Service does not affect user data.
The most acceptable way to remedy the situation
As already clear, the best method to get rid of the threats associated with the Smss.exe service is to use anti-virus software. We note immediately that free packages such as AVG or Avira are unable to recognize viruses of this type (tested in practice). So it’s better to use at least a “cracked” version of a more powerful scanner.
At worst, you can even use versions of the Trial type, which need to be activated every month in terms of license renewal in order to update the virus signature database and program models. This will give the best effect. But it is best to use the means of recovery discs (Rescue Disc). This will be the key to the fact that viruses can be eliminated almost one hundred percent. In this case, however, you need to use the latest versions of such software, because when you run it even with network access to the Internet, in most cases the anti-virus databases are not updated. It’s just that there is an error due to the fact that they have nowhere to save, because the application is launched from removable media (this applies only to optical CD / DVD discs , there are no problems with flash drives).
Total
Here, in fact, we have considered the obscure Smss.exe process for many. What is it, probably, is already clear. In principle, it is possible to get rid of sometimes arising errors and threats by the simplest methods described above. But, as a rule, hackers or computer crackers try to gain access exclusively to administrator accounts, so this does not threaten an ordinary user with limited rights.