Tech Problem Aggregator

smss.exe, pp10.exe, and h36kdzr.exe

Q: smss.exe, pp10.exe, and h36kdzr.exe

My laptop had a severe case of multiple smss.exe running in my process manager. Both pp10.exe and h36kdzr.exe were also on my computer. i tried removing with HJT but i am new to the program (should have consulted this forum first). Currently my computer will minimize my full screen programs almost randomly, it will play random sound files that are not on my computer overlaping with the currently playing audio and the system seems to slowly crash, losing my ability to open programs until the point when the mouse pad will not work and i have to do a forced shutdown. the one error message that always pops up is that the ihaupd32.exe has crashed, immediately after start-up.

I greatly appreciate all the hard work you fine folks do for the rest of us.
Thank you.

here is the dds.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Thomas at 22:37:23.28 on Mon 07/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1247 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WLTRAY .exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
svchost
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"C:\WINDOWS\system32\svchost.exe" 92869
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
svchost
C:\Documents and Settings\Thomas\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [pridl] "c:\documents and settings\thomas\application data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PC Security 2009] "c:\program files\pc_security2009\PC_Security2009.exe" /hide
StartupFolder: c:\documents and settings\thomas\start menu\programs\startup\ihaupd32.exe
StartupFolder: c:\docume~1\thomas\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\thomas\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\thomas\start menu\programs\startup\zqosys32.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
AppInit_DLLs: ,c:\docume~1\thomas\locals~1\temp\192009218946mxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thomas\applic~1\mozilla\firefox\profiles\12soqfp9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 LasMan;Local Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\common files\microsoft shared\speech\csvd.exe [2009-1-29 17238528]
S2 sfx;sfx;c:\windows\system32\SvchoSt.ExE -k sfx [2004-8-4 14336]

=============== Created Last 30 ================

2009-07-13 20:05 45 a------- c:\windows\system32\ca.dat
2009-07-13 19:44 1 a------- c:\windows\system32\q1.dat
2009-07-13 19:44 1 a------- c:\windows\system32\idm.dat
2009-07-13 19:44 1 a------- c:\windows\system32\ck.dat
2009-07-13 19:44 1 a------- c:\windows\system32\c2d.dat
2009-07-13 19:36 46,080 a------- c:\windows\system32\spnmld.dll
2009-07-13 19:36 142 a------- c:\windows\system32\rxf
2009-07-12 23:20 <DIR> --d----- c:\windows\pss
2009-07-12 20:44 1,096 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-12 20:41 7,848 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-12 20:40 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SITEguard
2009-07-12 20:39 <DIR> --d----- c:\program files\STOPzilla!
2009-07-12 20:39 <DIR> --d----- c:\program files\common files\iS3
2009-07-12 20:39 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2009-07-12 00:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 00:40 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 00:40 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-12 00:32 19,620 a------- c:\windows\kunisi.exe
2009-07-12 00:32 19,569 a------- c:\docume~1\alluse~1.win\applic~1\carukyfyge.pif
2009-07-12 00:32 19,299 a------- c:\windows\system32\wajagan._sy
2009-07-12 00:32 17,824 a------- c:\windows\enoluq.reg
2009-07-12 00:32 17,328 a------- c:\windows\hyxegizef.lib
2009-07-12 00:32 16,307 a------- c:\docume~1\alluse~1.win\applic~1\kivaxi.reg
2009-07-12 00:32 14,975 a------- c:\windows\system32\nekival.inf
2009-07-12 00:32 14,202 a------- c:\docume~1\thomas\applic~1\fyvidu.com
2009-07-12 00:32 13,762 a------- c:\docume~1\alluse~1.win\applic~1\ycoryxo.bin
2009-07-12 00:32 10,485 a------- c:\windows\myxuxohuwe.dll
2009-07-12 00:30 18,342 a------- c:\windows\system32\aweji.dl
2009-07-12 00:30 17,591 a------- c:\docume~1\alluse~1.win\applic~1\avekusomy.pif
2009-07-12 00:30 17,568 a------- c:\windows\system32\yxilepu.dl
2009-07-12 00:30 17,469 a------- c:\windows\icefi.sys
2009-07-12 00:30 17,206 a------- c:\program files\common files\ahip.dll
2009-07-12 00:30 17,112 a------- c:\program files\common files\ihexi.vbs
2009-07-12 00:30 16,089 a------- c:\program files\common files\nezet.bat
2009-07-12 00:30 14,313 a------- c:\windows\xazumiwy._dl
2009-07-12 00:30 14,299 a------- c:\program files\common files\nerekypese.scr
2009-07-12 00:30 13,624 a------- c:\windows\dahoduxis.com
2009-07-12 00:30 13,227 a------- c:\windows\ymatin.db
2009-07-12 00:30 12,750 a------- c:\windows\zoduz.dat
2009-07-12 00:30 12,037 a------- c:\windows\papasykuq.dl
2009-07-12 00:30 10,795 a------- c:\windows\aqevuxanul.ban
2009-07-12 00:30 10,495 a------- c:\windows\system32\qyrojo.dll
2009-07-12 00:30 10,043 a------- c:\windows\lybonyboso.vbs
2009-07-12 00:30 10,002 a------- c:\windows\bebuhyj.vbs
2009-07-12 00:29 <DIR> --d----- c:\program files\PC_Security2009
2009-07-12 00:29 238,596 a------- c:\windows\system32\wisdstr.exe
2009-07-12 00:29 <DIR> --d----- c:\program files\sFX
2009-07-12 00:29 15,360 a---h--- c:\windows\pp10 .exe
2009-07-12 00:29 25,600 a------- c:\windows\pp10.exe
2009-07-12 00:29 2 a------- c:\windows\0101120101464849.dat
2009-07-12 00:29 2 a------- c:\windows\010112010146118114.dat
2009-07-12 00:29 1 a------- c:\windows\934fdfg34fgjf23
2009-07-12 00:05 2,048 a------- C:\kpepb.exe
2009-07-12 00:05 24,576 a------- C:\egtau.exe
2009-07-12 00:05 25,600 a------- c:\windows\system32\braviax .exe
2009-07-11 21:29 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-10 00:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\98838586
2009-07-10 00:27 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\18828594
2009-07-10 00:27 91,852 a------- c:\windows\system32\drivers\19b43b3e.sys
2009-07-10 00:27 25,600 a------- C:\ciuge.exe
2009-07-10 00:27 705 a------- C:\clynbqef.exe
2009-07-10 00:27 201,016 a------- C:\lkrpk.exe
2009-07-10 00:27 56,320 a------- C:\eughafh.exe
2009-07-10 00:27 15,000 a------- c:\windows\system32\gsf83iujid.dll
2009-07-10 00:27 2 a------- C:\1009987828
2009-07-10 00:27 26,112 a------- c:\windows\ld12 .exe
2009-07-10 00:27 23,552 a------- c:\windows\ld12.exe
2009-07-09 21:12 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 00:12 <DIR> --d----- c:\docume~1\thomas\applic~1\Messenger
2009-07-09 00:11 110,619 a------- c:\windows\system32\net.net
2009-06-25 19:47 <DIR> --d----- c:\program files\Masc software
2009-06-25 19:21 533,838 a------- C:\AnalysisLog.sr0
2009-06-25 19:13 <DIR> --d----- c:\program files\Dr.Kawashima
2009-06-21 21:13 529 a------- c:\windows\eReg.dat
2009-06-19 15:30 552 a------- c:\windows\system32\d3d8caps.dat

==================== Find3M ====================

2009-07-13 22:13 167,014 a------- c:\windows\system32\nvModes.dat
2009-07-12 20:33 25,600 a------- c:\windows\system32\wltray.exe
2009-07-12 00:32 16,756 a------- c:\program files\common files\hepapexi.lib
2009-07-12 00:32 11,259 a------- c:\program files\common files\vumohaxare.lib
2009-07-12 00:30 19,902 a------- c:\program files\common files\inotitamo.dl
2009-07-12 00:05 28,672 a------- c:\windows\system32\drivers\beep.sys
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-05-17 21:40 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-17 21:40 22,328 a------- c:\docume~1\thomas\applic~1\PnkBstrK.sys
2009-05-17 21:39 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-05-17 21:39 2,337,865 a------- c:\windows\system32\pbsvc.exe
2009-05-17 21:39 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 22:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 22:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-21 16:40 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:38:10.46 ===============

A: smss.exe, pp10.exe, and h36kdzr.exe

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.NextDownload random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: MBAM log log.txt info.txtThanks

5 more replies
Answer Match 53.34%

I can not get online at all. I had the bavariax.exe according to AVG. The virus seems to be removed?? but I can't get online. Should I just restore my computer?Here is my hijack log:ogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:36:12 PM, on 7/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\sySTEM32\SvchoSt.ExEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROG... Read more

A:Bavariax/PP10

Hello bigworm,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Answer Match 52.5%

I'm getting popups that my computer is infected with instructions to go to the security center to do a full free scan. Something is also trying to access hxxp://goscanwork.com/?uid=13300, but Trend Micro is blocking. Please let me know what other detailed information might be helpful. Thank you in advance for your help. Much appreciated.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Daren Benson at 22:09:48.93 on Mon 06/08/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1170 [GMT -7:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\... Read more

A:Infected with mstre19.exe and pp10.exe

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In case you lost internet access after performing above instructions:In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > unche... Read more

6 more replies
Answer Match 52.08%

Good day,Recently after running a keygen from some no so legit software, I noticed some strange processes running on my Windows XP machine, they are as follows: SYS32DLL.exe, pp10.exe and Pqarocuvuw yfyqu.exeI have tried running the "Rogers online protection" virus and anti-spyware scan tool which I have installed but it does not detect these processes as being malicious. The steps I have taken so far are:1) Block internet access to SYS32DLL.exe which kills browsing the internet on both IE and firefox2) Download HijackThis and re-name (One of the processes won;t let you run it when it has the original name)That's about it, here is the log file that HijackThis generate, any help would be greatly appreciated.---------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:27 AM, on 26/05/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exe... Read more

A:SYS32DLL.exe, pp10.exe and Pqarocuvuw yfyqu.exe

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 51.24%

The problem:

-Virus/Trojan/Spyware/Malware (not certain which is the proper term, I'll just call it malware) which redirects my browser (IE) whenever I click on a Google search result link.
-Redirect seems to always take me to: lo-find (dot) com
-When my computer is connected to the internet, windows will open spontaneously, claiming my hard drive is full of trojans/etc., prompting me to run checks from the security center.
-task manager is frequently disabled. (I am unsure as to whether this is caused by the malware, or my computer's response to it...)

Some context and history:

Ever since my norton subscription ran out, I have been protecting my computer - or attempting to - with Spybot S&D alone. (TeaTimer thing running).
It asks me to manually allow or deny registry changes, which I habitually allow when installing updates and deny when browsing the web.
My computer caught this malware when I was simultaneously installing a microsoft-provided IDE for C++ (Microsoft Visual C++ 2008 Express Edition) and browsing the web. When a bunch of registry change requests came up, I assumed they were involved in the installation and allowed them.

Shortly afterwards, the problems began. So I disabled my internet connection and ran spybot. Spybot found two entries (something about "WindowsSecurityCenter") and claimed that it had fixed them.
I had my task manager back, as well.
But whenever I reconnected my internet, the problems would return and spybot would find the sa... Read more

A:Yet another case of the Google redirect - pp10.exe running.

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.In case you lost internet access after performing above instructions:In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > unche... Read more

4 more replies
Answer Match 41.58%
Q: SMSS??

Kaspersky keeps popping up and the description says that this is trying to gain access to passwords. Help please.

A:SMSS??

If it is in System32 path It very well could need to access passwords to function properly.This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the main system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes, and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens normally, the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang). Note: The smss.exe file is located in the folder C:\Windows\System32. In other cases, smss.exe is a virus, spyware, trojan or worm!Bold is mine.

2 more replies
Answer Match 41.58%
Q: SMSS

I keep getting a Kaspersky pop up that says an generic host application is tring to use a "trusted" app to gain access to passwords. I can't delete that .exe because Windows XP says I need it. It just started 2 days ago. Help please. Thanks

A:SMSS

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be foun... Read more

13 more replies
Answer Match 41.58%

when i open my task manager after 10 seconds it will be disappeared. i opened again in the process tab there is working "smss.exe.and also there is "killer.exe. What are these files

A:smss.exe

before starting a new thread its usually a good idea to google the processes as their are many sites that do this for you.http://www.neuber.com/taskmanager/process/smss.exe.htmlhttp://www.bleepingcomputer.com/startups/k....exe-11828.htmlKiller = trojan.Mods please move this to HiJack this forum.

3 more replies
Answer Match 41.58%

A computer at work (Win XP) was running slow so I opened the task manager to see if anything was hogging the CPU. Nothing was, and the computer went back to normal, but I saw that "smss .exe" was a loaded process.
 
Is it normal for there to be a space in between the smss and the .exe?  I know smss.exe is a legit process, and we do have multiple users logged into the computer. 
 
smss.exe is a file in WINDOWS\system32 and smss .exe is a file in WINDOWS\system32\Event Agent\Bin  It looks weird to me, but I am no expert! I am a bit paranoid though - this computer was infected with malware before. We are only running XP because of some ancient software with lost discs.
 
Thanks for the help!

More replies
Answer Match 41.58%

Hi,

I'm doing a reinstall, not a total reinstall just a reinstall of XP and I'm trying to put the SP 2 back on and it won't allow me to do that. It keeps spitting up, close down C:\\windows\System 32\smss.exe before installing SP 2.

In a search smss.exe seems to be associated with "Windows NT Session Manager". Does anyone know what this program is , how to access it and how to shut it off? I tried Task Manager and it states that smss.exe is a critical program and can not be shut down. So how do I install SP 2 now that I have this never before did I have this problem?

Anyone? Please and Thank you.

Sincerely,

John

A:Smss.exe?

I'm doing a reinstall, not a total reinstall just a reinstall of XPDo you mean you are performing a repair install...or do you have your disk partitioned?and I'm trying to put the SP 2 back on and it won't allow me to do that. It keeps spitting up, close down C:\\windows\System 32\smss.exe before installing SP 2....and that sounds like SP2 is already installed...if you do in fact have the disk partitioned, this is most likely the case.The smss.exe is a Windows Core file that manages your sessions (smss=Session Manager Subsystem). Now, if the file you mentioned was truly located elsewhere, you would indeed have a problem.

Can you post back and explain in greater detail exactly what it is that you are trying to accomplish...i.e. Repair Install or re-installing to a different partition? Thanks!

7 more replies
Answer Match 41.58%

The first noticable symptom was MicrosoftAnitispyware would pop-up a warning non-stop (about once every five seconds) about smss.exe being blocked<?> Second symptom was the Windows Installer opining (and closing)multiple windows saying it was preparing to install, over and over at no regular interval.The third symptom, IE crashes and closes, "IEXPORLER.exe has generated errors and will be closed be Windows" I'm typing and submitting this from another computer because of this. Fortunatly I already had HJT, so I ran it, and tranfered the file.The computer is Windows 2000 ProLogfile of HijackThis v1.99.1Scan saved at 1:33:22 PM, on 10/22/2005Platform: Windows 2000 SP1 (WinNT 5.00.2195)MSIE: Internet Explorer v5.00 (5.00.2920.0000)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\intnet.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINNT\system32\nvsvc32.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.exeC:\WI... Read more

A:Smss.exe?

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Answer Match 41.58%

I am running the Windows 8 Consumer Preview. I keep getting this error message about smss.exe. It appears to be a genuine Microsoft file. Even Microsoft Essentials kicks it up from time to time. Anyone else have this problem or is something wrong here. I have had to start task master to shut it down to end the errors.
 

A:smss.exe

That could be nasty. the file is part of the system, but there is only one, and that is in the Windows\System32 folder. If you have other similarly named files, they are most likely trojans.
But, before leaping into anything drastic, what do you have running on startup? Look under the startup tab in Msconfig and post back for advice.
meanwhile, it might be a good idea to download something like Malwarebytes and run it to detect any malware.
Fwiw. There is no requirement for MSE in Windows 8. MS have reinstated an improved version of the built in Windows Defender, which supersedes it.

If of interest,
smss.exe is known to hide, so far, under these trojan disguises.
W32.Sober:W32.VirkelL:w32.Sufiage:W32.Rontokbr and W32.LootSeek
 

1 more replies
Answer Match 41.58%

Sorry if there already is a thread on this, but the search doesn't seem to be working for me.

Ok, when I start the computer up, I get an error saying 'Windows couldn't find C:\WINDOWS\system32\wnfuyeg\smss.exe'.

I read up about this on the internet, and a website claimed it was the 'session manager subsystem' and it was sometimes used by viruses.

I'm just wondering why this couldn't be found, and if it might stop things from working and how can I fix it?
 

A:smss.exe

smss.exe should be located directly in the system32 folder - looks like a virus. Try running AVG ?
 

3 more replies
Answer Match 41.58%

I recently noticed a change in my running processes and found
smss.exe running although I do not recall this ever running before.

A quick search shows this is a Session Manager Subsystem
and starts the Windows Logon Process. What concerns me
is the information contained in this article and the fact
that I do not recall it running before.

.....Willy
 

A:smss.exe ?

10 more replies
Answer Match 41.58%

Found this process running. Found this about it:

smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager Subsystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated.

Note: smss.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

How do I know which it is??
 

A:smss.exe

Run a good antispyware program like AVG anti-Spyware . . it should take it out if it is a trojan.
 

2 more replies
Answer Match 41.16%

Upon a search of this program on my system i am aware it should sit in the system32 folder however i have three entries (below)for smss.exe are these all legitimate entries - any help welcomed

C:WINDOWS\$NtServicePackuninstall$ (This was highlighted in blue ink)
C:WINDOWS\system32
C:WINDOWS\ServicePackFiles\i...
 

A:smss.exe Virus?

yes they are legitimate files for Xp and w2k.

http://www.liutilities.com/products/wintaskspro/processlibrary/smss/
 

2 more replies
Answer Match 41.16%

I'm running Win2K. Every time I shut the computer down it tells me that SMSS.exe is not responding to the system. I tell that to shut it down anyway and everything's okay. This is, at most, an annoyance... but since I do shut down every day it's a constant one. Any ideas how to get this thing to shut down right?

Thanks
 

A:SMSS won't shut down

found this posted query:
possibly new backdoor trojan on a Windows
2000 computer.
This trojan acts as a proxy server, using the hacked computer as
a 'zombie' server.

The developer of the software made a great deal of effort to make it
hidden. The process is not visible in the Windows Task Manager. The
directories containing the files are not visible to the local
administrator. Parts of the 'services' registry keys are made hidden and
no TCP 'listening'-ports can be seen using the 'netstat' command.

I collected the following files:

In C:\WINNT\SYSTEM32:
25-01-2003 03:33 20.480 mspxss.exe

Contents of C:\WINNT\SYSTEM32\MUI\DISPSPEC\MSPXCOMMON\COM1\MSPX directory:

19-02-2003 14:55 <DIR> cache
24-07-1999 22:03 45.056 inuse.exe
26-02-2002 12:25 33.792 mspx-csrss.exe
10-03-2002 00:54 1.011.773 mspx-smss.exe
26-06-2000 14:07 323.072 mspx-sw.exe
26-06-2000 14:07 323.072 mspx-sw2.exe
26-06-2000 14:07 323.072 mspx-sw3.exe
25-01-2003 03:37 36 mspxmmedia_Restart.log
25-01-2003 03:37 36 mspxssext_Restart.log
25-01-2003 03:37 36 mspxss_Restart.log
30-01-2002 18:21 20.480 pv.exe
10-04-2002 03:42 107.008 reboot.exe
10-01-2003 01:45 1.243 svc-rst.reg
08-05-2002 10:50 45.056 xcacls.exe

The directory above is NOT VISIBLE on 'infected' computers. But due to a
programming flaw an empty directory C:\DEV is always created, because
somewhere in the program the output is incorrectly redirected to /dev/null.

Is this really an unkno... Read more

2 more replies
Answer Match 41.16%

Hello All,Despite using Comodo Firewall and Avast Antivirus, I seem to have a problem with smss. I've noticed that my system slows down, I lose network speed and connections, and occasionaly the keyboard locks up.I've run ProcX and found something similar to what other posters have reported:smss.exe \SystemRoot\System32\crss.exe \??\C:\Windows\System32\winlogon.exe \??\C:\Windows\System32\I'm running XP Sp2 on an AMD 2800 1.6Ghz machine with 1 gig of ram. I have an Asus K8V-MX motherboard and an NVIDIA 5200 graphics card. I have an 80GB hardrive running a litle or 50% full.Adaware found a bunch of tracking cookies that SuperAntiSpyware didn't.SpyBot found three pieces of spyware Adaware didn't.I used Housecall and it said it found and cleaned a bunch of stuff.I also ran my anti-virus (AVast!). It found nothing.I ran Stinger, and while it listed many things, it never indicated it had repaired anything.I already have a firewall and I keep Windows updated.Attached below is a current HiJackThis log.Thanks for any assistance rendered,WalterLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:34:54 PM, on 8/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\s... Read more

A:Smss Problem?

I've just run ProcX against my machine at work, and it shows the same entries for smss, csrss, and winlogon, so maybe these are okay, after all.

Walter

6 more replies
Answer Match 41.16%

I have Windows XP Pro and am currently running SP2. I have two problems. One is that I have an update for Windows XP SP3 and it won't run because smss.exe is running. That wasn't a big deal to me to have SP3. However I went to install UPS's software for shipping and it won't run either because of the smss.exe file.I can't seem to find why the file is running and have run a virus scan using Avast anti-virus. Nothing. I did a search for the smss.exe file and located it in 4 locations:C:WINDOWS$NtServicePackUninstall$C:WINDOWSSYSTEM32C:WINDOWSServicePackFiles386C:WINDOWSSoftwareDistributionDownloaddd9ab5193501484cf5e6884fa1d22f9eCan someone help?Thank you in advance.CarlOpps. I found it also in C:I386 and C:I386SYSTEM32Merged posts. ~ OB

A:Smss.exe Running?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThi... Read more

2 more replies
Answer Match 41.16%

Well this is the first time Im posting here, and I was told I probably have a worm, and was also told to post in this section so I hope it's the appropriate 1. Here are the logs I got.main.txtDeckard's System Scanner v20071014.68Run by Gebruiker on 2008-07-07 02:01:32Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --80: 2008-07-07 00:01:44 UTC - RP442 - Deckard's System Scanner Restore Point79: 2008-07-06 16:49:23 UTC - RP441 - Controlepunt van systeem78: 2008-07-04 17:41:32 UTC - RP440 - Controlepunt van systeem77: 2008-07-03 16:16:19 UTC - RP439 - Controlepunt van systeem76: 2008-07-02 09:38:10 UTC - RP438 - Controlepunt van systeem-- First Restore Point -- 1: 2008-04-09 14:21:23 UTC - RP363 - Controlepunt van systeemBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Gebruiker.exe) -------------------------------------------logfile has no content; running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-07 02:04:32Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:... Read more

A:Infected Smss.exe

Actually the title is misspelt sorry i just noticed, the thing this is about is called smsss.exe and not smss.exe.

3 more replies
Answer Match 41.16%

Noticed this file smss.exe is found in process in the hijackthis log and looked it up and your website says this should not be there. I've done all the steps in preparing for the hijack this log and here it is: Thanks in advance for any advice you may have on this topic or anything else that pops out at you. (I use Firefox as my web browser and not IE V6)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:46:04 PM, on 1/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\... Read more

A:Smss.exe On Startup

Hi,

Not sure where you have read that smss.exe shouldn't be there. It's an important Windows file and is needed for the stable and secure running of your computer and should not be terminated.
Most probably you have read the note where it says that it could be a trojan, but this is ONLY in case when the smss.exe is NOT running from your system32 folder.
In this case it runs from the correct folder.

Also, there's nothing suspicious in your log.

By the way, is there any reason why no Antivirus is installed here?

2 more replies
Answer Match 41.16%

Logfile of HijackThis v1.99.1Scan saved at 11:11:01, on 16/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\WINDOWS\System32\UAService7.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\wbem\wmiprvse.exeC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\SPYWAR~1\swdoctor.exeC:\Program Files\BHODemon 2... Read more

A:Smss.exe Virus

Hello innerspin, What problems are you seeing on this computer? Why do you think smss.exe is a virus? If your virus scanner indicate it was a virus?smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager SubSystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated. Note: smss.exe is also a process which is registered as the Win32.Ladex.a Trojan and PWSteal.Wowcraft.B Password stealer. Lets check smss.exe for viruses.Go to Jotti Online File Scanner copy and paste C:\WINDOWS\System32\smss.exe to the upload and scan it. Let me know the results. Copy and paste the output to this thread It should look something like this sample: File: GoogleToolbarInstaller.exe Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) Packers detected: CEXE AntiVir No viruses found (0.15 seconds taken) Avast No viruses found (1.51 seconds taken) BitDefender No viruses found (0.97 seconds taken) ClamAV No viruses found (0.39 seconds taken) Dr.Web No viruses found (0.52 seconds taken) F-Prot Antivirus No viruses found (0.06 seconds taken) Kaspersky... Read more

2 more replies
Answer Match 41.16%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:18 PM, on 8/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\KB905474\wgasetup.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugin-container.exe
C:\Program Files\Common Files\Bitdefender\setupinformation\setupdownloader.exe
C:\Program Files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\Installer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Micro... Read more

More replies
Answer Match 41.16%

Running XP Pro SP3 and have an infected SMSS.EXE file as determined by MBAM software - similar problem on another computer removed the SMSS file which reqd a full re-format/re-install. Please advise how to proceed.

A:SMSS.EXE Infected

So you ran MBAM on 2 PC's and on one something (what did) told you you need to reformat. What about the other and have you reformatted? Please post the MBAM logs for each.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

5 more replies
Answer Match 41.16%

Logfile of HijackThis v1.99.1Scan saved at 10:30:04 PM, on 11/18/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\brss01a.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Documents and Settings\Jared\Desktop\Archives\Programs\Hijack This\HijackThis.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Fi... Read more

A:Smss.exe And Svchost.exe

Hello bearsfan and welcome to BleepingComputer.C:\WINDOWS\System32\smss.exeFrom WinTasks Process Library:"smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager SubSystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated." C:\WINDOWS\System32 is the proper folder for this file.C:\WINDOWS\system32\lsass.exeFrom WinTasks Process Library:"lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated."C:\WINDOWS\System32 is the proper folder for this file.C:\WINDOWS\system32\svchost.exeFrom WinTasks Process Library:"svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated."C:\WINDOWS\System32 is the proper folder for this file.Please disable SpywareGuard, as it may interfere with some of our HijackThis fixes:Right click the SpywareGuard icon in the System Tray at the bottom-right corner of the screen and open the program.Then go to Menu, File, Exit. Conf... Read more

2 more replies
Answer Match 41.16%

So, I'm an idiot. I deleted smss.exe while trying to clean up my computer after a nasty spyware infection.

Now windows won't load. With every option (safe mode, last known good config etc..) it just takes me back to the blue screen of death.

What should I do?

Please, please help.

A:deleted smss.exe HELP!

You may need to do a Repair install of XPMake sure you apply reapply all critical updates once you've done the repair install.Alternative see:How to use recovery consoleRecoverying XP using Recovery Console.Could you please post what the blue screen of death string is.It will look something like this:0x00000000 (0x00000000, 0x00000000, 0x00000000, 0x00000000)

1 more replies
Answer Match 41.16%

Hi, i got this pop up saying, "Window cannot find 'C:WINDOWS\system32\uryteahwm\smss.exe" each time when i turn on my computer. Can anyone please help to solve this problem?
 

A:smss.exe error

15 more replies
Answer Match 41.16%

How can you tell if Smss is a virus or just on your computer? I know it belongs on your computer but also heard it can be a virus. How to tell?

A:Smss a virus or not?

Hello and Welcome to TSF.

You could upload the file in question here > http://www.virustotal.com/

If you think you are infected, there's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Answer Match 41.16%

Hey there people, I've had Vista business version for about 3 months now and h
ave started to experience a problem with the 'smss.exe' application. Here's the situation...
I log-on to my account and i get this error message:
"Desktop
Could not load or run 'C:/Windows/system32/srrgtw/smss.exe' specified in the registery. Make sure the file exists on your computer or remove the referance to it in the registery"
I click on OK and then it pops up for a second time, no differences. Again, I click OK.

Since I have been experiencing this problem I have also been experiencing random crashes which go to a blue screen and then to a system restart. This then goes through the normal "how do you want to start windows..." etc.

I have deleted the file 'smss' in the folder C:\Windows\system32\srrgtw and that folder itself as advised by a friend but the error message still comes up. I have also removed the key in the registry for 'smss' but nothing.

Thanks for any help
Ben
 

A:smss.exe problems

Do you have antivirus on your machine? This can be virus related. I would install an AV or go to www.trendmicro.com and run a free scan. Also, what registry key did you delete? There are some that make that run at startup and that is what is causing your error. It is trying to start the program but can't find it. You can also go to msconfig and uncheck it there.

THere is also another windows process with the same name. I can't remember where it is supposed to be located, but I really hope you didn't delete that one on accident. It controls windows sessions.
 

3 more replies
Answer Match 41.16%

I've deleted smss.exe, as it was infected, but now i have large error messages due to the fact the file is not there. i need to get the file back in place, can i get one from the interenet?? or something, cos its gone for good in the recycle bin. Any ideas???
 

A:smss.exe BIG ISSUE!!

Have you tried System Restore ?

Go to your desktop > right click on My Computer > select Properties > click the Sys. Restore tab ... and choose Restore point prior to that change..

Failing that - do you have your Win CD to carry out a Repair ?
 

1 more replies
Answer Match 41.16%

Referred from here: http://www.bleepingcomputer.com/forums/t/298038/smssexe-infected/ ~ OBAttached are reqd diagnostic files...GMER process generated a blue screen of death and an "Unknown Hard Error" message.

A:Infection (SMSS?)

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

2 more replies
Answer Match 40.74%

Gotta admit im not really sure what i am up against here, but it seems as if ive got an smss.exe with some strange behaviour after what ive tried reading around on different forums.
Anyways this is my HijackThis logfile

Logfile of HijackThis v1.99.1
Scan saved at 06:03:56, on 13.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\winhelp\smss.exe
C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Programfiler\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\Creative\MediaSource\GO\CTCMSGo.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Razer\Habu\razertra.exe
C:\Programfiler\Razer\Habu\razerofa.exe
C:\Programfiler\Fellesfiler\Log... Read more

A:Solved: Help please. qhost smss.exe?

9 more replies
Answer Match 40.74%

I get this problem everytime I try to shutdown my computer, that is running Windows XP. It says:"SMSS.exe has encountered a problem and needs to close".Therefore I have to press twice of the shutdown button everytime when i want to off the pc. I have run Adaware and spybot, but they don't help. I have also run AVG too, nothing works to fix the problem. Any help would be absolutely appreciated as it is a pain to have to try to shutdown twice every time. Thanks!!!Here is my HijackThis log:Logfile of HijackThis v1.98.2Scan saved at 6:19:55 PM, on 12/31/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\System32\DSentry.exeC:\... Read more

A:SMSS.exe problem, need help desperately

Hi Please uninstall Viewpoint Media Player from Add\Remove Programs.Removing Viewpoint Media Player may cause the program that bundled it to not function as intended.About Viewpoint Media Player. Uninstall also: PartypokerDownload System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Please print or copy these instructions because you are not able to access the Internet in SafeMode.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:O4 - HKLM\..\Run: [Debug ] C:\WINDOWS\SMSS.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dllO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dllClose all other windows and browsers, and press the Fix Checked bu... Read more

3 more replies
Answer Match 40.74%

Hello all,
I am kinda new at this so please bear with me. I think my younger sister downloaded some kind of trojan on our computer. I noticed that something was odd when our firewall "Zone Alarm" got turned off for no reason and I got locked out off getting updates for my norton and Ad-aware and then Norton antivirus caught an infected file called "smss.exe" in C:\WINDOWS\system32\xespobc\ and labelled it as a "Backdoor.Trojan" but it could not delete it, so it was put in the back-up items. But now when I turn on the computer I get an error the first thing while its loading, saying that the file smss.exe could not be located or run (so i press ok) then another error saying the smss.exe could not be located, that if it is not found any reference of it should be deleted from the registry (so i press ok again). I get each of those errors twice everytime I turn on the computer and I must keep pressing ok or the computer won't load. I had to update norton and Ad-aware manually and I dont know anything about deleting things from the registry.
I googled the problem and there wasn't much out there to help, but one suggestion was to "RUN" MSCONFIG and un-tick smss.exe if it is in there, but when I did that more errors came at loading the computer so I undid the MSCONFIG suggestion. Others suggested to search smss.exe and delete it if it is not in the system32 file...but the file is in that file as was caught by norton...I dont know a ... Read more

A:smss.exe backdoor trojan help?

16 more replies
Answer Match 40.74%

Hello All,

Despite using Comodo Firewall and Avast Antivirus, I seem to have a problem with smss. I've noticed that my system slows down, I lose network speed and connections, and occasionaly the keyboard locks up.

I've run ProcX and found something similar to what other posters have reported:
smss.exe \SystemRoot\System32\
crss.exe \??\C:\Windows\System32\
winlogon.exe \??\C:\Windows\System32\

I'm running XP Sp2 on an AMD 2800 1.6Ghz machine with 1 gig of ram. I have an Asus K8V-MX motherboard and an NVIDIA 5200 graphics card.

Attached below is a current HiJackThis log.

Thanks for any assistance rendered,

Walter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:27 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Fi... Read more

More replies
Answer Match 40.74%

I have alot of problems with my computer i have alot of pop ups coming up...when i click to get into my computer or into pictures my documents it won't open it just clears everything...when i am on the internet i get redirected to pages that have nothing to do with what i tried to open. i also have a smss.exe opening everytime i turn on the computer and also services.exe what is this i need help
 

A:smss.exe and system.exe and popups

Hi and welcome to TSG.
Best to only post in one forum.
Continue with the suggestion here.
http://forums.techguy.org/windows-nt-2000-xp/721212-i-can-t-open-any.html
And reply to that post.
 

1 more replies
Answer Match 40.74%

Both the csrss.exe and smss.exe files can be either legitimate Windows files or not. I have both processes running on a PC that I'm working on. The csrss.exe is in the \Windows\System32 folder and it's the only one. The smss.exe, I have in: \cmdcons\system32; \I386\SYSTEM32; \Windows\System32; and lastly, in \Windows\I386\SYSTEM32. I'm also showing one which shows up in blue (deleted?) in \Windows\System32\dllcache. Are there any of the "bad ones" in there somewhere? Thanks!
RTG
 

A:csrss.exe and smss.exe: good ones or bad?

run http://www.majorgeeks.com/download3155.html and post your log in here for us to check
 

2 more replies
Answer Match 40.74%

Here is a description of my problems. Immediately after booting my PC I get a Symantec QuickScan pop-up that shows the risk to be "Trojan.Adclicker" on the filename "smss.exe". I am able to clean or delete it each time but it still does not allow Firefox or IE to work once completed. When I reboot again it will immediately pop-up in the QuickScan. I am unable to open either Firefox or IE. It consistently crashes upon every attempt to open. My Symantec Antivirus will not stay in enable mode. It will allow a full scan but the auto-protect does not stay enabled.

Here is my log from HijackThis. Any help would be greatly appreciated. I am an amateur computer tech at best so step by steps would be helpful. I have been fighting this for nearly a week now.

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iPod Access for Windows\iPA... Read more

A:Tojan attached to smss.exe

My post has been viewed quite a bit but I have not received a reply yet. It has been a little over 5 days. I was wondering if I needed to provide any more information in order to resolve my problem. Thank you.
 

1 more replies
Answer Match 40.74%

every time about 20 sec or so...I get this message

C:\SYSTEM~1\RESTO-2\Smss.exe and now the same but svchost.exe

anyone?

I am sorry if I posted in the wrong place am I injected how do I get rid of it

A:command prompt and smss.exe

wrong post

3 more replies
Answer Match 40.74%

Hi all,

For the past week we have been having problems with one piece of software that is central to the running of our business.

The program is signlab 7.1, when you open this program the application immediately crashes ('this program is not responding'). after speaking to CADlink we have established this is caused by a virus which 'latches' on to frequently used software and messes things up, this virus has association to two processes, one called NVSVCD.EXE and another SMSS.EXE, we have run and run all antispyware and antivirus checks and our system is running clean.

Any ideas as without this application being only a smallish company we are losing money and customers.

Regards KARL
P.s can post log if required

A:Nvsvcd And Smss At Ends Wit.

Have you tried running ewido - Windows 2000 and XP, only.If that doesn't help, I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.Read Preparation Guide for use before posting a HijackThis Log. Please read, and follow, all directions carefully!!!Then, run a log, and post it in the HijackThis forum, >at this link<. Do not, post it in this topic.Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

1 more replies
Answer Match 40.74%

Hey

I have smss.exe in c:\windows. Deleted several times still comes back. Msconfig gives program name "TProgram". Please help.

HJT ran in safe mode. All spy and virus software ran in safe mode. I did not startup every program, just TProgram 'cause I figure that's my only problem?? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:16:35 PM, on 05/29/2006
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Searc... Read more

A:smss.exe in c:\windows.....win98

Please print the below instructions or copy them to Notepad.

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: (no name) - {4CAA455C-E747-77B6-8753-60550DA62842} -... Read more

19 more replies
Answer Match 40.74%

Hi,
Filezilla services.exe trys to access my network every 30 minutes or so and gets blocked by sygate.
I took my USB flash drive into work and when I inserted it a warning sounded saying I had a virus and to contact the IT department. They cleaned the disk and said I had some spyware on it - they didn't elaborate and I was too embarrassed to ask.
I ran avast before finding this forum. It sent 3 things to the chest:
Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 3 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\SUNEIL~1\LOCALS~1\Temp\_avast4_\unp259446096.tmp
FileID: 0000000009 Original file name: C:\System Volume Information\_restore{B65F3CA9-F710-4E89-B023-77447C4F04F4}\RP158\A0029235.exe New folder: C:\DOCUME~1\SUNEIL~1\LOCALS~1\Temp\_avast4_\unp259446096.tmp\9.exe
FileID: 0000000010 Original file name: C:\System Volume Information\_restore{B65F3CA9-F710-4E89-B023-77447C4F04F4}\RP159\A0029245.dll New folder: C:\DOCUME~1\SUNEIL~1\LOCALS~1\Temp\_avast4_\unp259446096.tmp\10.dll
FileID: 0000000008 Original file name: c:\windows\system32\drivers\etc\smss.exe New folder: C:\DOCUME~1\SUNEIL~1\LOCALS~1\Temp\_avast4_\unp259446096.tmp\8.exe

Scan files in the temporary folder: C:\DOCUME~1\SUNEIL~1\LOCALS~1\Temp\_avast4_\unp259446096.tmp
C:\DOCUME~1\SUNEIL~1\LOCALS~1\Temp\_avast4_\unp259446096.tmp\10.dll Win32:Flooder-AZ [Trj]
C:\DOCUME~1\... Read more

A:smss.exe and filezilla services.exe

BUMP

I would very much appreciate some help with this.

The services.exe continues to pop up.

Thanks!

3 more replies
Answer Match 40.74%

When there is some internet traffic, smss.exe will keep on generate some win###.tmp.exe for every 1-2 min.
I've already use Norton Anti-virus, Ad-ware, Spybot, MS antispyware to check and remove the spyware.. but it keeps going on it (Some spyware and virus(toj horse were discovered )

Prevx1 reported that is :
Date/Time :
27/2/2006 - 2:38:37
Event :
Universa Application has been blocked from starting.

Process :
C:\WINDOWS\TEMP\WINA7.TMP.EXE
Parent :
C:\WINDOWS\SYSTEM32\SMSS.EXE
Vendor :

Version :
1, 0, 0, 1
Details :
Community Information
Technical Details

Here is my Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 2:33:52, on 27/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton An... Read more

A:SMSS.exe keeps on generate win###.tmp.exe(eg winC3D.tmp.exe)

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report
Please post that log in your next reply.

I need to see if this is the Spyfalcon infection.

1 more replies
Answer Match 40.74%

I have been receiving a message from DEP when I boot up my computer about a file named Freeware Promotion by publisher PROMO Software. Since this message has been popping up the computer has been crashing about once a day which before this message it rarely ever crashed. When I looked into the error reports this is what I got.

Freeware Promotion
Error signature
EventType: BEX P1: smss.exe P2: 9.6.1.5 P3: 2a425e19
P4: unknown P5: 0.0.0.0 P6: 00000000 P7: 0013ffb8
P8: c0000005 P9: 00000008

Then when I click to view technical information about this report I am shown two file names:
C:\DOCUME~1\KELLYO~1\LOCALS~1\Temp\WERc3e9.dir00\smss.exe.mdmp
C:\DOCUME~1\KELLYO~1\LOCALS~1\Temp\WERc3e9.dir00\appcompat.txt


Can someone PLEASE help me fix this problem so the message stops popping up and hopefully helps my computer to run as it did before these messages appeared?

Thanks,
Alex

A:DEP and a 'smss.exe.mdmp' file

well i gained this one today and using your info...searched for smss and found two files that were installed today and took the gamble and deleted them!! I had noticed that it was mentioning prefetch as well.

Emptied the recyle bin and rebooted and it has not come back.
before doing this i had tried NOD32 and it got through and DEP was blocking me from using the internet.
Hope this helps you or anyone else who is trying to get rid of the program

jayne

2 more replies
Answer Match 40.74%

Every two seconds Microsoft AntiSpyware sends me "blocked application change " notice saying it has "blocked a possible Windows Trojan C:\WINDOWS\smss.exe from being running" It says it's being blocked based on my previous input.
Is this actually a trojan or a legit thing? What should I do in either case? Any help would be very much appreciated!

A:C:\WINDOWS\smss.exe blocked, why?

Hi stefr8

If that file is located there then it is adware or a virus

now there is a legit smss.exe but it is not located there

this is what i believe it is Advertisingvision adware

but there are trojans witht the same name so i can't be sure what it is but i do know it is not legit but i would delete

C:\WINDOWS\smss.exe this file notice the location because you do not want to delete the wrong one

if you do have trouble deleting it try it in safe mode

Reboot into Safe Mode (hit F8 key until menu shows up).

then i would

run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan

You should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.

Let me know how it goes


Lobos

1 more replies
Answer Match 40.74%

hi im new to this sort of thing but hopefully somebody can help me,when i boot up in xp a message appears saying smss.exe cannot be found any ideas how to stop this comming up

A:smss.exe missing at startup

ye sure all you have to do is Start<>run<>REGEDIT<>then go to software<>windowscurrent version <>and then run you will find it there just take it off

2 more replies
Answer Match 40.74%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:51 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\... Read more

More replies
Answer Match 40.74%

I was going down the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help page and when I opened the 'gmer' file , I got the dreaded BLUE SCREEN OF DEATH screen, with a warning and told me it was doing a physical memory dump. What shoud I do now? Please and THANK YOU!!
DDS (Ver_10-12-12.02) - NTFSx86
Run by Mike at 21:49:51.85 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1025 [GMT -6:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Pro... Read more

A:lsass.exe, csrss.exe, smss.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Answer Match 40.74%

kaspersky antiviurs say this appliction infected

Possibly infected: riskware Hidden object C:\WINDOWS\System32\SMSS.EXE 49.5 KB
look pic on Attach

and scan my computer by tool ComboFix
look repot ComboFix.txt
I think so file infected

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8947b313-c6ec-11dc-b188-806d6172696f}]
\Shell\AutoRun\command - F:\ibvtcgv.exe
\Shell\explore\Command - F:\ibvtcgv.exe
\Shell\open\Command - F:\ibvtcgv.exe

Whta I can do for this?

A:problem with SMSS.EXE is infected

Uppppp

1 more replies
Answer Match 40.74%

Hi,
I received an alert from McAfee Virus scan saying that the file c:\windows\system\smss.exe was infected by a Trojan Horse called New Malware .j. I scanned with Ad-Aware SE, Spybot S & D, Ewido malware, RegCleaner, Advanced System Optimizer, CWshredder, online scan with bitedefender and McAfee, then change my antivirus and scan with Avast. A lot of things were found and deleted or fixed. But I'm still infected.
My OS is Win XP SP2, installed on a toshiba laptop. I have ZoneAlarm as a firewall plus my router. I'm on WiFi in my home and University. Beside the Hijackthis log, is there any other infos needed?

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 8:24:36 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\s... Read more

A:Infected with at least New Malware .J (smss.exe)

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

If you saved the log from Ewido, it would be helpful for our review to see it. It should be named Scan Report.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.


Download CleanUp! (Alternate Link if main link doesn't work) and install it. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

---------------------------------------------------------------------------------------------


Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.


-----------------------------------------------... Read more

5 more replies
Answer Match 40.74%

Deckard's System Scanner v20071014.68Run by Tiffany Bodison on 2008-06-08 20:03:52Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --12: 2008-06-09 00:04:02 UTC - RP112 - Deckard's System Scanner Restore Point11: 2008-06-08 19:04:08 UTC - RP111 - Software Distribution Service 3.010: 2008-06-08 04:13:50 UTC - RP110 - Restore Operation9: 2008-06-07 20:21:24 UTC - RP109 - Software Distribution Service 3.08: 2008-06-06 23:59:14 UTC - RP108 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-05-28 19:38:45 UTC - RP101 - Configured Customer Experience EnhancementBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-08 20:06:45Platform: Windows XP Service Pack 3 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svch... Read more

A:C:\windows\system32\smss.exe

Hello Tiffany37,Run DSS again, using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop "%userprofile%\desktop\dss.exe" /daft Click on Scan. Tick the boxes which should appear for these entries: .cpl .exe then Click on Fix Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove, you will b... Read more

18 more replies
Answer Match 40.74%

Hello,

I have windows xp with Symantec antivirus (Symantec client security), it keeps detecting this trojan almost everytime I start the computer, it detects it and quarantines it, then it happens again and again, I do not have access to a Windows install disc or a Bot cd

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 5:43:42.09 on Fri 04/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.473 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall Pro *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Fi... Read more

A:Trojan.Gen infecting smss.exe

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise i... Read more

16 more replies
Answer Match 40.32%

How to remove these viruses?

Even Mcafee,Symantec,Nod32 etc is nt detecting the virus.

How to remove these files ? any Possible Solution?

I used Adware2007,Spybot,Hijackthis etc.

But virus stiils comes backs again and again...

I used System Mechanic 6 to kill processes but virus stills comes back again...

I need Solution without formatting drives....

??????????
 

A:smss.exe,killer.exe,Funny UST Scandal.avi.exe etc

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Answer Match 40.32%

I definitely have a little spyware on this computer. it's Windows XP Pro. It only manifests itself by either turning my master wave volume all the way down or random audio ads that come from nowhere. Also Internet Explorer windows open infrequently with ads out of nowhere.

I've run Malwarebytes Anti-Malware, rkill, SuperAntiSpyware, and Spybot Search and Destroy and they pick up nothing. Hitman is the only thing to pick up two problems in the C:\System Volume Information\Microsoft folder. I've gained access to it by changing view and security settings and tried to manually delete the two files (which are labeled as "File Loaders" and "Black Internet"). It always says 'access is denied,' even when using Unlocker. Any attempt to delete upon reboot using Unlocker hasn't worked.

Hitman finds them, says it's removing them, and then says they will be removed upon reboot. I reboot and either one or both are still there.

Incidentally, when it starts up after rebooting, Spybot picks up that 'an important registry entry has been changed' and asks if I want to allow the change to the entry "BootExecute. Old data: autocheck autochk *\bootdelete. New data: autocheck autochk *\" I've tried both allowing it and denying it, and the trojans are still there. I've also tried a System Restore to the day before the problems started with no success.

Thanks for any help.

Find my Hijack This log below:

Log... Read more

A:Smss.exe and services.exe causing problems

Hi and Welcome,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries [/QUOTE]
 

1 more replies
Answer Match 40.32%

Hi all
csrss.exe & smss.exe appear in task manager processes and will not let me end them because they are "critical system processes" when I type these into google the ladex virus is mentioned but when I run AVG, Norton or Mcafee nothing is found however when I run bazooka spyware scan blaxe virus is detected.
I have included a H/T scan
Help

Thanks
Dan

Logfile of HijackThis v1.97.7
Scan saved at 11:23:33 PM, on 11/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Daniel\Desktop\daniel\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadband.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://coolwebsearch.info
O1 - Hosts: 66.159.18.75 ww... Read more

A:csrss.exe & smss.exe = ladex virus??

6 more replies
Answer Match 40.32%

Hey guys,

Im cleaning my sisters laptop. I cleaned most spyware and erros but I think there are some left.

On startup I get the screen that asks if windows should run smss.exe or cancel it. I don't think that should happen.

Any ideas??

thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:38, on 20-9-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\expiorer.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Moniek\Desktop\HijackThis.exe

R1 - ... Read more

A:smss.exe asks to run or cancel on startup

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 40.32%

Hi

I keep having SMSS.EXE - No Disk error pop up when i load windows. When i click cancel, other program names will come up with the same error! It also takes so long to shut down the system.

Hijack This Report Log is below if someone can help that would be great, thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:12 PM, on 6/26/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Documents and Settings\Nick\Templates\O07170Z\service.exe
E:\WINDOWS\M46830\smss.exe
E:\WINDOWS\M46830\EmangEloh.exe
E:\Documents and Settings\Nick\Templates\O07170Z\winlogon.exe
E:\Program Files\uTorrent\uTorrent.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13920&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=... Read more

A:Smss.exe - no disk error and loads more!!!!!

Hi

now i have a message sayin winlogon.

Can anyone please help?????????????????
 

3 more replies
Answer Match 40.32%

hi guys,

my pc is hammered by these virus and have tried avg, norton, windows defender etc... and other anti-viruses.. but in vain... my hijackthis log is below.. please help me you are my last resort....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:36 PM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\KB905474\wgasetup.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\KB905474\wgasetup.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Documents and Settings\Dr Yasir\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\NETGEAR\WG111v3\WG111v3.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\Program Files\AVG\AVG8\avgui.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\AVG\AVG8\aAvgApi.exe
D:\Documents and Settings\Dr Yasir\Desktop\HiJackThis.exe
F2 -... Read more

More replies
Answer Match 40.32%

Hi! I'm thankful for the help you've been providing me, i have another problem :

my pc just goes all crazy,,menu opens,and mouse pointer moves all around the screen,,as well as shell comands start apearing and dissapearing ..

So could you help me please?? i'm posting a HJThis Log here:
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26:39 p.m., on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\... Read more

More replies
Answer Match 40.32%

good day guys!.. whenever I boot my computer there's this error message which says Windows could not find "C:\WINDOWS\system32\smss.exe" ... and I can't remember the rest.. this also happens when I ended EXPLORER.EXE in task manager and enabled it again with Run...

Here's my log file, please help me!..

Logfile of HijackThis v1.99.1
Scan saved at 7:55:04 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\TOTAL VIDEO CONVERTER\tvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R0 - HKCU... Read more

A:help!.. could not find C:\WINDOWS\system32\smss.exe

says its running :S maybe its just being a cow..

10 more replies
Answer Match 40.32%

Hey Guys!
I recently got the problem where my PC boots about 3-5 min to the login screen.
I did a performance analysis where I can see that multiple smss.exe processes are running and one of them takes about 100 seconds of the boot time.
I added a download link of the performance analysis (the 7z-file is 198.5 MB and the extracted file is ~5GB):
https://mega.nz/#!dA0zUTzS!FdQTkHoGf...yOKSiJMrosmTvQ

I dont know how to get rid of the second smss.exe process and I don't know what this process is actually doing.

The System I am talking about is a Windows 7 Professional x64 installation.
Components:
MSI X99A SLI Plus
Intel Xeon E5-1620 v3
Corsair Vengeance LPX schwarz DIMM Kit 16GB, DDR4-2666
Gigabyte GeForce GTX 960 WindForce 2X OC, 4GB GDDR5
Samsung SSD 850 EVO 500GB

I hope someone can help me

Greets Greg

More replies
Answer Match 40.32%

Hi, I was getting an error from smss.exe so I located 3 files with the same name (all located in different areas). I renamed all 3 to "asd" with no .exe extention. I then restarted my computer and I get a blue screen of death every time windows is about to load. I've tried safe mode, last known config, start windows normally ect, but nothing seems to work. I loaded in the Windows XP disk and hit "repair" and now i can access the harddrive where my OS is, but windows still doesn't load.

Is it possible to rename "asd" back to "smss.exe" using the command prompt so I can use my computer again? Basically smss.exe is there, but it has a different name.

Is it possible to put smss.exe back?

Is there any way to fix this problem?

Thanks

A:Renamed smss.exe and broke my computer :(

Yes, from the recovery console (where you manage to boot using the XP CD), use "dir" to list the files in a directory, "cd" to navigate in the folders and "ren" to rename a file.

try this :

cd c:\windows\system32\
ren asd smss.exe

Tell us if you have any error message or problem.

6 more replies
Answer Match 40.32%

Norton is finding a high risk trojan in [smss.exe] inside of [system32\exec2.exe]. Norton fails to remove it.Ive searched for awhile trying to learn more about this so called virus and tried steps to remove it. sadly, nothing has worked.. here is my hijackthis log file. any help is greatly appreciated, ty.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:16:21 PM, on 2/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sstray.exeC:\WINDOWS\zHotkey.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Prog... Read more

A:Smss.exe Inside Of System32\exec2.exe

sorry.. just noticed no bumping..

11 more replies
Answer Match 40.32%

Hello,

This is going to be a bit of a long post but I have followed the instructions so please see the attached zip file for my information if this post seems too lengthy.

I have Windows 7 Home Premium 64-bit operating system. I had a major virus on my computer that I couldn't get rid of using different antivirus softwares. So, I used some special software I got that does a full 7-layer Department of Defense wipe with an additional layer of just 0's. Normally (I've done this a few times with different computers) this just wipes everything but there is something left (by something I mean not the virus but a few basics) and then I install the operating system, anti-virus software, and other necessary applications. With my Asus G73SW-BST6, when I did this wipe, my computer was 100% wiped clean. There was NOTHING on my computer.

Well, after installing everything, now I'm having this problem where (most of the time it's when I'm watching videos on different websites using Mozilla Firefox & Internet Explorer but I'm assuming it'll happen with any browser and I know it's not just the videos but also when I have many tabs open). Of course, it also happens when I run a few too many softwares. Oh, by the way, what usually happens when I'm watching videos is that everything freezes, I hear an annoying noise, then I am not able to do anything (can't click on restart or do anything), and then one of 2 things happens: either the computer restarts by itself or I get... Read more

A:Odd Problem (Possibly smss.exe Related)

First, and before I even start on anything else I would get rid of Registry Mechanic. Those so called "optimizers" are just so much snake oil imho. We see more problems here from those things than I can even count. Do yourself a favor and uninstall it yesterday. The smss you are probably talking about is vital to your system. After you get rid rid of Registry Mechanic run a sfc /scannow to try and repair the damage. Run it 3 times in a row.

SFC /SCANNOW : Run in Command Prompt at Boot
www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html

After that check to make sure all your graphics/video drivers are up to date and working right, which I suspect was the problem in the first place.

2 more replies
Answer Match 40.32%

Hi, I have a few questions about smss.exe

1. Does this process always have to run? Is it critical procesa for windows 7 x64? If I try to end it, I get a warning from task manager, as if I was shutting down csrss.exe for example

2. I created a test non admin account today, and have since deleted it. I noticed that at the same time I logged out and in to log into that account, a smss.exe prefetch file was made.

No matter what, I cant make the prefetch file appear again. Im wondering is smss.exe only supposed to exist if there is more than 1 account and is that why the prefetch file was there? If so, why is it still running?

Thank you, happy new year!

A:Question about smss.exe and user accounts

Look here-
smss.exe - What is smss.exe?

2 more replies
Answer Match 40.32%

Starting this thread because I haven't seen recent posts on the subject ...

On 6/2/15 I picked up this file. I checked into it and apparently there is a virus with the same name. Properties indicates that this file is Windows Session Manager. I have found conflicting information about it. Norton shows that only 5 people in their community have it and it's reputation is unknown, which worries me. Did a search on it and some claim that it could be a virus.

I went to processlibrary.com/en/directory/files/smss/22013/ and the news is bad. However, on the same site, they say it is OK. Does anyone have a clue?

- Vet

A:smss.exe in windows/system32 directory

smss.exe is a critical system process which Windows cannot run without. If the file is found in windows\system32 then it is almost certainly legitimate. If elsewhere it is probably malicious.

2 more replies
Answer Match 40.32%

I have Windows XP Pro w/ SP1.

When I boot up, it gives me a popup error box for SMSS saying that 1.1.2002 is invalid. I have no idea why this is happening.

Anyone ever get this error?
 

A:SMSS error at bootup on Windows XP Pro SP1

Originally posted by Computer Nin:
I have Windows XP Pro w/ SP1.

When I boot up, it gives me a popup error box for SMSS saying that 1.1.2002 is invalid. I have no idea why this is happening.

Anyone ever get this error? Click to expand...

Ok I wasn't sure on this so I check into it. you need to update your SP1

Just follow the link that Microsoft give to find the updates.

http://support.microsoft.com/default.aspx?scid=kb;en-us;228994
 

2 more replies
Answer Match 40.32%

I am using Windows XP with SP2. About four weeks ago I got the "Worm.Im.Sohanad" and "Backdoor.Robobot" infections while IM'ing my daughter on MSN IM. I clicked on an URL (for photos) that I thought my daughter was sending me and BOOM got it. With some help from several people I seem to have gotten rid of the problems where they don't come up in scans anymore. I was using Spyware Doctor with/antivirus at the time. The Spyware Dr. antivirus DID NOT get rid of the worms; it would quarantine the Worms but next scan they were back. A few days later I saw the "Worm.Alcra.F" in the scans. I turned off the system restore and installed Avast Antivirus and ran that antivirus program to finally get rid of the Worms. Now I no longer use the Antivirus in Spyware Dr. I use Spyware Blaster, Spyware Doctor, Spybot Search & Destroy, Lavasoft Ad-Aware, AVG Anti-Spyware, Avast, CCleaner and Comodo Firewall Pro and do scans at least once a week, I sometimes feel I am in constant maintenance mode and certainly would rather enjoy our computers rather that "FIX them". However, now when I boot up I keep getting a messages that says "Could not load or run C:\WINDOWS\System32\luketrspyg\smss.exe" and the next box says to "make sure it exists on your computer or remove the reference to it in the Registry." I have run a searched for "luketrspyg" and "smss.exe" and also looked in the ... Read more

A:"luketrspyg\smss.exe" Problem At Startup

Hi vernacDownload SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

14 more replies
Answer Match 40.32%

As suggested in this topic here's my problem.OS: Windows XPProblems: master wave volume set all the way down, random IE windows with ads, even if I did not open any browser.Scanning the system with NOD I found a couple of files at this path: C:\System Volume Information\MicrosoftThreats detected by NOD as "variant of Win32/TrojanDownloader.Unruy.BV trojan" but no way to get rid of 'em, I tried performing a full scan in safe mode but they are still there after rebooting the machine. I tried killing the processes but it didn't work, Malwarebytes didn't find anything, I also tried with Emsisoft Anti-Malware 5.0 trial version, it detected those files but nothing changed after he attempt of removing them.Both processes start even in safe mode (minimal).Looking in the task manager they are both executed as SYSTEMI did another GMER scan (all programs closed, no network, this time not in safe mode) following the steps described in the "Preparation guide"DDS (Ver_10-03-17.01) - NTFSx86 Run by lux at 19.14.57,60 on 25/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1288 [GMT 2:00]AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\... Read more

A:Services.exe - smss.exe (Unruy.BV trojan)

Hi greystorm,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necess... Read more

16 more replies
Answer Match 40.32%

Hi,
i'm really desperate on this one:
If my pc isn't connected to the internet,
SMSS.EXE takes 99% of my cpu. If i connect,
everything's back to normal.

Anyone had this kind of trouble before?
I have NAV2004 with latest defs, performed full scan, nothing to it.
Scanned with AdAware6 also, no solution...

Someone reply please,
Thanks a lot!

My Hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 23:00:18, on 22/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
c:\winnt\microsoftdrivers\etc\FireDaemon.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
c:\winnt\microsoftdrivers\etc\FireDaemon.exe
c:\winnt\microsoftdrivers\etc\smss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\Program... Read more

More replies
Answer Match 40.32%

I've been infected with 2 trojan since i downloaded and ran an unreliable software half a year ago. I didn't know what to do after that and had run numerous scans every time I start the computer. These trojan have hidden themselves in the System Volume Information as services.exe and smss.exe which is impossible to terminate through windows task manager. I noticed that my computer performance has decreased, and the sound keeps "jumping", which is muted even though I did not make any changes. Can you guys please help me and guide me to deal with these trojans? I'm so tired of re-installing anti-viruses and downloading other softwares already.
 

A:need help removing services.exe and smss.exe trojan

1. HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:05 AM, on 12/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\System Volume Information\Microsoft\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\System Volume Information\Microsoft\smss.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WL230USB Wireless B+G Utility\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\HijackThis(2).exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\Sk... Read more

1 more replies
Answer Match 40.32%

Hi, I was getting an error from smss.exe so I located 3 files with the same name (all located in different areas). I renamed all 3 to "asd" with no .exe extention. I then restarted my computer and I get a blue screen of death every time windows is about to load. I've tried safe mode, last known config, start windows normally ect, but nothing seems to work. I loaded in the Windows XP disk and hit "repair" and now i can access the harddrive where my OS is, but windows still doesn't load.

Is it possible to rename "asd" back to "smss.exe" using the command prompt so I can use my computer again? Basically smss.exe is there, but it has a different name.

Is it possible to put smss.exe back?

Is there any way to fix this problem?

Thanks
 

A:Renamed Smss.exe and broke my computer.. :(

16 more replies
Answer Match 39.9%

I've just recently removed the GRAPS virus and all related files according to the instruction given at the Symantec website.

After scanning the system completely, it reports that I'm free of the virus or any other virus that may have existed.

However, now, each time I shutdown, logoff or change user, I get a message saying that the smss.exe file can't quit, but I hit the End anyway button and everything continues as it should. I haven't lost any functionality on anything that I can tell.

I have a SMSS.EXE file directly in my c:\winnt\system32 folder AND I have a smss.exe file in my C:\winnt\system32\Drivers\etc folder. I tried removing it and I get a different error when logging on....so I put it back. Still has the previous error.

I also applied SP4, but this didn't correct it either.

Anywone have any experience with this and able to fix it?

Thanks
 

A:smss.exe error after removing GRAPS virus

[tsg=welcome][/tsg]

Hi There!

Did you make a Win2000 ERD(Emergency Repair Disk)???

If so, then you should be able to fix the problem with that.

If not, then you'll most likely need to TRY a Repair Installation.
Good Luck!

ST
 

2 more replies
Answer Match 39.9%

Hey all I'm new here and I'm having a bit fo trouble with my pc.
Im on Win2k with service pack 3. I have noticed something that I've never noticed before.
Every now and again in task manager I notice that wowexec loads up ..coincidentally my pc usually runs very slowly around this time. I have seen on other sites that a wowexec that begins with a space might mean its a virus/spyware. I have updated pc-cillin and it says eveything is fine with the file and I have run spybot version 1.2 and it also doesnt find anything (except for c-dilla which im also sceptical about) since i have no clue as to what these do I also have no clue as to how to proceed.

Anyone got any instructions on how to deal with this problem if it is infact a problem?

thanks very much

Also SMSS and CRSS stand out in big capital letters.....i probably am being a bit paranoid at this point but i gotto check.
 

More replies
Answer Match 39.9%

Hello,

There are two problems I would like to share. I am working to clean the hid malware but unsuccessful.

(1)
Every time I start the computer and log in, NOD32 pops me two warning that smss.exe and service.exe in C:\System Volume Information\Microsoft are not safe and wanna to clean them by deleting them, but it requires me to reboot as these two files are locked.

I have checked by Unlocker; they are locked by winlogon.exe. Via Unlocker, I can delete them easily but they are regenerated after reboot.

I have scanned with NOD32 in normal mode, as well as the safe mode. Other than NOD32, Spysweeper, Avira and SuperAntispyware are used. But none of them helps. NOD32 online scanner was also user and the result was also disappointing.

BTW, no pop-up of IE is found. The default browser is Google Chrome.

(2)
Other than warning message, the computer sound setting seemed changed by another malware. All delivered sounds are of surround sound effect. Moreover, the volume setting is sometimes changed. The wave sound is sometimes in the lowest level, nearly mute.

I doubt that the malware changed the sound setting had been removed by a anti-malware programme but the setting were not changed back.

I tried to update the driver of sound card but unsuccessful.

Please give suggestions to both check whether the malware still exists and change back the sound setting.

Some more information, As I am from Hong Kong and the operating system is all in Chinese, so some folder names are als... Read more

A:smss.exe, service.exe and unneeded sound effect

16 more replies
Answer Match 39.9%

I'm not sure if this is malware related or not, I assume it is.

Computer wont boot, it gets to the screen with the windows loading bar at the bottom, after 3 or 4 of the bar loading the system is sent to a blue screen.


Computer reboots and repeats. Same thing when trying to boot into safe mode.

When I boot to windows vista CD, and go to repair. It fails and when I look at the "Startup Repair Diagnosis and repair details" everything shows as successful and then this:

Root cause found:
----------------
Bugcheck 6f. Parameters= 0xc0000020, 0x0, 0x0, 0x0.
Boot critical file c:\windows\system32\smss.exe is missing.

Repair action: File repair
Result: Failed. Error code = 0x4005
Time taken = 1888 ms

Repair action: System Restore
Result: Failed. Error code = 0x2
Time taken = 109684 ms

Repair action: System files integrity check and repair
Result: Failed. Error code = 0x4005
Time taken = 1810 ms
-----------------------
----------------------


Where do I go from here? Please help :). Thanks everyone!

A:Vista Won't Boot, Missing smss.exe file, Please Help :(

I'm not sure if this is malware related or not, I assume it is.

Computer wont boot, it gets to the screen with the windows loading bar at the bottom, after 3 or 4 of the bar loading the system is sent to a blue screen.


Computer reboots and repeats. Same thing when trying to boot into safe mode.

When I boot to windows vista CD, and go to repair. It fails and when I look at the "Startup Repair Diagnosis and repair details" everything shows as successful and then this:

Root cause found:
----------------
Bugcheck 6f. Parameters= 0xc0000020, 0x0, 0x0, 0x0.
Boot critical file c:\windows\system32\smss.exe is missing.

Repair action: File repair
Result: Failed. Error code = 0x4005
Time taken = 1888 ms

Repair action: System Restore
Result: Failed. Error code = 0x2
Time taken = 109684 ms

Repair action: System files integrity check and repair
Result: Failed. Error code = 0x4005
Time taken = 1810 ms
-----------------------
----------------------


Where do I go from here? Please help :). Thanks everyone!

19 more replies
Answer Match 39.9%

Hopefully someone will look at this , thanks.
Logfile of HijackThis v1.99.1
Scan saved at 13:45:12, on 2006/05/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\smss.exe
C:\DOCUME~1\ANBEIL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip... Read more

A:CM6 smss.exe torjan!! help!!! and wuts jslmrrix.dll and ddkszwgk.dll???

16 more replies
Answer Match 39.9%

Hello all,
My first time posting here. I have a Qhost Trojan virus.
I have searched the forum for Qhost Trojan and saw some responses, but they seem to differ from one another, so i guess these Trojan viruses are different on each system...

Your help would be greatly appreciated!
Here is my hijackthis log:

_________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 20:08:01, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\smss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mark palmos\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no n... Read more

A:Qhost Trojan event created by smss.exe - help please

16 more replies
Answer Match 39.9%

So, I started up my buddies computer today after downloading some Source Mods yesterday. Something makes me believe that one of those files wasn't safe, because now when the computer starts up, it immediately gives me a "SMSS.exe has encountered a problem and is..."etc. etc. That same night I also updated alot of Windows files for him, as well as updated NOD32 definitions. I don't know if that has anything to do with it or not.Also, I cannot access www.google.com, and yet I can access all of googles other services. Strange. After yahoo searching (Do people still do that?) a bit on the subject, I found no answers. Some people had similar symptoms, like not being able to access google-- but those same people also couldn't access avast trendmicro, eset, and symantec's websites either. I can visit all of those -- except google.Please help, I don't want to leave (It's a long drive) without fixing this problem. He's already pissed off, because I assured him that getting mods is perfectly safe. I had to talk him into it.....Damnit.Anyways, any help would be really appreciated.Thanks!Here's the HiJackThis log. I've never made one of these before, but I downloaded the latest version off this forum and saved the log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:42:23 PM, on 5/25/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Program Files (x86)\Intel\Intel Matri... Read more

A:SMSS.EXE problem on startup + can't access google??

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 39.9%

I have this computer virus that has infected both processes.

I keep getting pop-ups every now and then and my audio has been screwed up, mbam or super anti spyware. or even comodo has NOT found anything.

I was able to kill the loader process and so far it hasnt come back yet but most of the files pop right back up on reboot.

I cant beleve. how hard and deep this infection is!

I have a rouge smss.exe in my task manager under Owner that I cannot remove. or end the process.

A:Loader.exe smss.exe "Black Internet" virus

Hey. I had the exact same problem. I don't know what it's from, but tons of people have been getting it. Perhaps it's Java or Firefox related.

What I did was restore a backup, and then run Fixmbr from a boot cd.

Unfortunately, many people don't have a backup. Here's a solution someone told me about on another forum:

"You don't need to restore a previous image. You just need to fix the MBR and then reboot and disable System Restore. Then manually delete the files. Fixing security permissions on the files/folder may also be necessary since the infection may change them."

Now, if you're running vista or 7, you can run fixmbr by making a boot cd from the backup center, then rebooting and running bootrec.exe /fixmbr at the command prompt.

I would delete any suspicious exe files in your temp folder if you can. Also, try booting in safe mode if you still can't delete the files after disabling system restore.

Good luck! I know spybot and avast aren't detecting these things, so good luck to you in removing them.

2 more replies
Answer Match 39.9%

I am having exactly the same issue as described in this post. Similar Link

Both SMSS.exe and Services.exe running from the SYstem Volume Information area.

That being said, I was able to finally find a way to delete them using the Windows XP Recovery Console, but after deleting it all, and then replacing the existing files in System 32 with good files from another good XP machine, after reboot it all came back. So deleting those 2 files does not seem to be the answer.

I will monitor that post for progress, so as not to waste time on the same issue.....but if I can provide additional details from a second box, let me know!

A:IE Popup Windows and SMSS.exe and Services.exe virus

Hey, I had a similar problem on Sunday. In my case, (Running W7), the bad files were coming from Local Settings>Temp folder. My firewall caught them trying to access the internet as 'file loader'.
Basically, loader.exe and smss.exe (not the windows smss) were running in the background as "File Loader". They loaded IE invisibly and loaded ads.
I stopped the process with taskmanager then deleted the files, but to be safe, I restored a system image from a month ago. I also tried System restore, but I think my AV program was screwing with it, so I decided on the image instead.

This still left me with one problem: IE was still loading every time I booted (invisibly, in the background). So, I made a boot cd with W7, booted to it and ran bootrec.exe /fixmbr. This seemed to resolve the rest of my problems.

Btw, Spybot and avast detected nothing on my machine. This is a new problem. I'm not sure if what I had is the same as what you have, but I figure it might help.

Good luck.

2 more replies
Answer Match 39.9%

I've been infected with 2 trojan since i downloaded and ran an unreliable software half a year ago. I didn't know what to do after that and had run numerous scans every time I start the computer. These trojan have hidden themselves in the System Volume Information as services.exe and smss.exe which is impossible to terminate through windows task manager. I noticed that my computer performance has decreased, and the sound keeps "jumping", which is muted even though I did not make any changes. Can you guys please help me and guide me to deal with these trojans? I'm so tired of re-installing anti-viruses and downloading other softwares already. 1. DDS.txtDDS (Ver_10-11-27.01) - NTFSx86 Run by user at 11:12:01.10 on 12/01/2010 WedInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1013.215 [GMT 8:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe ... Read more

A:Trojan Win32 infection (as smss.exe & services.exe)

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

11 more replies
Answer Match 39.9%

Hello,
this is my first post here, hope someone can help me. Have a trojan virus on my computer since the last fortnight or so, have been trying to get rid of it for quite some time now. I sometimes get a message from my Avast Antivirus that they have stopped a Trojan in 'C:\SystemVolumeInformation\Microsoft\services.exe', also in 'C:\SystemVolumeInformation\Microsoft\smss.exe'.
They list the threat as 'Win32:Cycler-Q (trojan)'.
Earlier, when I tried to quarantine or delete it, I would get a message that the files were in use, hence I could not delete them. Lately I have been getting a message that ' the specified files cannot be found.'

Also, occasionally IE 8 has been popping up with random ads. Not that often though, hasn't happened today at all. Do not know if this is related to the trojan.

Also, since the last 2 days, the computer sometimes suddenly shuts down and restarts on its own, and I get a message that 'this computer has recovered from a serious error.' Also get the avast trojan message before the shutdown.

Also ran Malwarebytes AntiMalware, got the same results as Avast (log enclosed), the log says that the files will be deleted only on reboot, but when I reboot and run Antimalware again, they still list services.exe and smss.exe as being infected. Tried this in safe mode also.

Am attaching the HJT log also.

Can someone please help?? Need to fix this asap. I work from home, and I cannot get any work done... Read more

A:Win32 : Cycler- Q Trojan / services.exe/smss.exe

8 more replies
Answer Match 39.9%

One of my computers got a virus (I assume from a USB key that I had in an infected computer at a trade show). They most prevalent symptom is IE windows popping up whenever to some ad. Also, AVG periadically finds a trojan in either smss.exe or services.exe. I have run AVG, SuperAntiSpyware and Malwarebytes, and that did not get rid of it. I have since run ComboFix, and still nothing. In fact, at the end of combofix, the virus was trying to popup a window, and it seemed to get in a tussle wth combofix opening and losing the default browser window

Anyway, posted below is both a HijackThis and ComboFix log, if anyone can help. Thanks ahead of time.

-----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:35:10 PM, on 6/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\System Volume Information\Microsoft\smss.exe
C:\System Volume Information\Microsoft\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\Cyberlogic\Ethernet MBX Driver\embxrpcs.exe
... Read more

A:IE Popup Windows and SMSS/Services.exe virus

7 more replies
Answer Match 39.9%

Hello all, i have having a really bad problem here and non of the technical support people can help me.. Even though i have paid them my hard earned dollars for that reason

I am running Windows XP SP2, HP ZD8000, 3.4GHZ, 2GB 667 MHZ RAM, 256MB X600. The programs i am using now in an attempt to fix this are RegCure, Registry Mechanic, Spybot, SpySweeper, XofSpySE, and RegRun. None have fixed the problem!! Grr

In my processes several have appeared that i have never ever seen before. These are Alg.exe, Smss.exe, CSRSS.exe, LSASS.exe and MDNSResponder.exe I am 100% sure that one of these is the problem, at it is killing me!!!!

Everytime i open internet explorer, i am diverted towards random goods and services on an average of 5 - 8 per min. My internet speed has dropped heaps!! And it seems whenever i view a page that includes the names of the processes i listed above it either shuts off internet explorer or diverts to a different page. Other then that, a folder called Bonjour has appeared listing a dll called MDNSNSP.dll, i have never seen it before! Also, one of your tech guys on this site advised that i use AVGAntiVirus..... But whenever i try to install it, the virus shuts it down before i can install it.. in Safe and Normal mode.

I have tried everything i know... But i know when i am beaten... i need help PLEASE!!!!
 

A:Major Virus Is Killing Me! Smss? Mdnsnsp.dll?

Hi, Welcome to TSG!!
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Answer Match 39.9%

After about roughly 1-2 hours idle time (I haven't really measured), I can barely get the mouse interrupt to move the pointer in the UI (and that is jerky), keyboard interrupt is equally sluggish (5-10 seconds for response in the UI). Task mgr. shows smss.exe at 98-99 percent of CPU each time I encounter this. I must reboot (reset) at h/w level to come back to normal operation. This is NOT under stress conditions as I would define them. This happens when I have one instance of Firefox or MSIE7 up with a couple tabs (varying, dependin g on what I was doing before going idle), and Windows Live Messenger running, in addition to the background services running.

I've taken a HijackThis log, but nothing I see looks terribly suspicious, except some services I don't really need to run constantly that could be trimmed.

Although my machine profile says 4GB of DDR2, it is currently at 3GB of same, as I discovered a possible bad stick which caused POST failure, and so removed it.

Q: Is this something that a HijackThis log submitted to the appropriate forum might yield some helpful results from? Please advise.

Thanks all,
CJS

A:CPU cycles sucked up by internal component (SMSS)

Welcome to BCLet's run a couple of quick scans to help determine the best way to help you----------------------------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please ... Read more

1 more replies
Answer Match 39.48%

Hi everyone,I dont want to just delete system files and end processes on my own. I don't want to mess anything up. Norton antivirus finds it but cant fix it and housetrend antivirus doesnt detect it. I have used adware but cant install spybot. I dont understand why norton didnt pick it up because of autoprotect though. I hope to install a different antivirus after this gets fixed (after removing norton) and a firewall.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:08:40 PM, on 1/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\PowerMenu\PowerMenu.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\CyberLink\Shared files\Ric... Read more

A:Trojan Smss.exe Inside Of Windows\system32\exec2.exe

Hello viperguts and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware inthe log. It is clean. smss.exe is a valid Windows file. The one showing int he log is the correct one.Let's try a different scanner and see if that shows anything. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
Reg - Desktop Components
Reg - Disabled MS Config Items
Reg - Software Policy Settings
File - Additional Folder Scans
Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.Cheers.... Read more

19 more replies
Answer Match 39.48%

Dear All,Whenever I restart my system(XP) Norton detects the worm W32.Unruy!gen1 in below twosmss.exe & services.exe under system volume information folder.I have seen similar problems reported by other members in this site and thanks to bleepingcomputer site that mostly its resolved.I'm not sure if its right or wrong I've tried similar steps but in vein.for examplerunning combofix.exe, TFC.exe etc...But still my error is not resolved.Attached is the Combo output and it tells that the files are removed but after restart Norton detects the same worm.Kindly help.# I had contacted Norton support and they also couldn't resolve and redirecting to paid support.# I earlier had a not so good advice from them too earlier hence confused about solution.

A:W32.Unruy!gen1 detected by Norton - smss.exe & services.exe

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below a... Read more

21 more replies
Answer Match 39.06%

Pasting in additional contextual information from another post. ~ OBI have cleaned out everything on the computer with spybot, adaware, malware buytes, avg, but cannot find the source of the pop up when xp fnishes loading. smss.exe has been terminated. I look at the dedtails in the window "don;t send" box and it tells me the two hkey registry places that has not loaded. one is in the run once..... /some number......./smss.exe.dmpdhere are the hijack this logsWhat is this and is it legimate? The process logs tells me the smss.exe is runnig. Im Lost....Another Issue:Also when I am in google IE Explorer redirects to <http://74.125.67.100/> in the address bar cannjot find the reason why? and I cannot surf to any website. This may be for another forumEnd of added information. ~ OBI have followed the requirements for posting the logs generating the dds log hopefully I get a pop up microsoft telling me that the smss.exe terminated. Not sure why this pops up when windows loads cannot turn it off I thijnk it is a worm from reading forms backdoor cg2 trojan? Flood?....here are the logsDDS (Ver_09-02-01.01) - NTFSx86 Run by Anne at 14:20:03.75 on Tue 03/03/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.442 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)FW: ActiveArmor Firewall *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomL... Read more

A:smss.exe terminated Windows Popup "send report" error

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Answer Match 39.06%

Hi, and thanks in advance for any help. I definitely have a little spyware on this computer. It's Windows XP. It only manifests itself by either turning my master wave volume all the way down or random audio ads that come from nowhere. Also Internet Explorer windows open infrequently with ads out of nowhere.

I've run Malwarebytes Anti-Malware, rkill, SuperAntiSpyware, and Spybot Search and Destroy and they pick up nothing. Hitman is the only thing to pick up two problems (labeled "smss.exe" and "services.exe") in the C:\System Volume Information\Microsoft folder. I've gained access to it by changing view and security settings and tried to manually delete the two files (which are labeled as "File Loaders" and "Black Internet"). It always says 'access is denied,' even when using Unlocker. Any attempt to delete upon reboot using Unlocker hasn't worked.

Hitman finds them, says it's removing them, and then says they will be removed upon reboot. I reboot and either one or both are still there. Any ideas?

Incidentally, when it starts up after rebooting, Spybot picks up that 'an important registry entry has been changed' and asks if I want to allow the change to the entry "BootExecute. Old data: autocheck autochk *\bootdelete. New data: autocheck autochk *\" I've tried both allowing it and denying it, and the trojans are still there.

Thanks for any help!

A:How do I delete services.exe and smss.exe from my System Volume Information folder?

Hello, the C:\System Volume Information\Microsoft folder is the System Restore Point folder.Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok". Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" tab, then click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click... Read more

33 more replies
Answer Match 39.06%

My problem was perfectly described in this thread: http://www.bleepingcomputer.com/forums/topic326120-30.html although some have described random audio ad popups and opening IE windows. I'm not getting those, or haven't noticed them yet, but it is turning my Wave Volume all the way down, as reported by all with this problem.(My gf was using this computer yesterday and twice the IE window she was in closed down - no Error message - it just disappeared - perhaps another symptom?).Windows XP Home. A scan by avast revealed 6 problems. 4 of them successfully removed to the Virus Chest.But 2 cannot be Repaired nor Removed to Chest nor Deleted:C:\System Volume Information\Microsoft\services.exeSeverity:HighStatus: Threat:Win32:Cycler-F [Trj]C:\System Volume Information\Microsoft\smss.exeSeverity:HighStatus: Threat:Win32:Cycler-F [Trj]Also detected by a-squared and Malwarebytes Anti-Malware. But none are able to rid my system of these 2.A google search reveals recent posts across various anti-virus forums on this problem, but apparently its still unsolved.I followed the bleepingcomputer thread whose url I list above, and read the various split off threads from the main thread, but no clear solution.Running avast free as real time anti virus. Have also scanned with a-squared, MAB, Super Anti-Spyware and Spybot. Also have been using Spyware Blaster.Tried to remove them with any of these programs which detected them, but no success.Avast discover... Read more

A:System Volume Information Trojans - services.exe and smss.exe - cannot remove.

Hello there,Please download 7zip and install the program on your computer (we need this program in order to be able to unzip a tool).When 7zip is succesfully installed, please download bootkit_remover.rar and save the file to your desktop.Right click on the file and select "extract/unzip here".This will create two readme files and remover.exe on your desktop.Double click on remover.exe; a command window will open. Please copy/paste the text under "MBR Status" and post that in your next reply.

27 more replies