smss.exe or Windows Session Manager is a process responsible users sessions Registered on a system (the time periods in which those users are logged into that system). Specifically, the start of such sessions, smss.exe apply a series of commands that launches the login process (winlogon.exe) Plus a series of processes Win32 for the functioning of the system. Also, the process sets a series of smss.exe System variables.
Although it is a relatively important system process smss.exe is considered a process vulnerable to online attacks. It is located legitimately folder C: \Windows System32And the discovery of any file with the same name or at least similar to the process indicate the presence of a virus, trojan or spyware in your system
W32 / Ladex.Worm is a virus that spreads through open accounts or share look. It attaches particular system malicious, Including smss.exe file (the same name as a legitimate process). Then try to access Service Control Manager to install the remote, the system service attack. This service False (Lmhsvc.exe) named NtLmHosts (or TCP / IP NetBIOS Provider), creating the impression of legitimacy and thus succeeding in misleading many users. Because lmhsvc.exe places a copy in its folder System 32, the service is activated automatic at every system startup.
After installation the form of service, the worm executes files Ladex % Windir% \ smss.exe si % Windir% \ csrss.exe. When the virus is active, these two files illegitimate must ensure its continuous running through checks every 3 seconds. And every 10 seconds, add the next virus registry server:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key:
Smss.exe %windir%\smss.exe
Csrss.exe %windir%\csrss.exeAlso, the virus attempts, and most often successful, to block access to users registry Editor.
Careful! If you suspect irregularities about process smss.exe recommend performing a thorough system scans si disable sharing site Unused networks.
