Smss.exe (Windows Session Manager vs W32 / Ladex.Worm)

smss.exe or Windows Session Manager is a process responsible users sessions Registered on a system (the time periods in which those users are logged into that system). Specifically, the start of such sessions, smss.exe apply a series of commands that launches the login process (winlogon.exe) Plus a series of processes Win32 for the functioning of the system. Also, the process sets a series of smss.exe System variables.

Although it is a relatively important system process smss.exe is considered a process vulnerable to online attacks. It is located legitimately folder C: \Windows System32And the discovery of any file with the same name or at least similar to the process indicate the presence of a virus, trojan or spyware in your system

W32 / Ladex.Worm is a virus that spreads through open accounts or share look. It attaches particular system malicious, Including smss.exe file (the same name as a legitimate process). Then try to access Service Control Manager to install the remote, the system service attack. This service False (Lmhsvc.exe) named NtLmHosts (or TCP / IP NetBIOS Provider), creating the impression of legitimacy and thus succeeding in misleading many users. Because lmhsvc.exe places a copy in its folder System 32, the service is activated automatic at every system startup.

After installation the form of service, the worm executes files Ladex % Windir% \ smss.exe si % Windir% \ csrss.exe. When the virus is active, these two files illegitimate must ensure its continuous running through checks every 3 seconds. And every 10 seconds, add the next virus registry server:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key: 
Smss.exe %windir%\smss.exe 
Csrss.exe %windir%\csrss.exe

Also, the virus attempts, and most often successful, to block access to users registry Editor.

Careful! If you suspect irregularities about process smss.exe recommend performing a thorough system scans si disable sharing site Unused networks.

how to » Task Manager » Smss.exe (Windows Session Manager vs W32 / Ladex.Worm)

Passionate about technology, I like to test and write tutorials about operating systems macOS, Linux, Windows, about WordPress, WooCommerce and configure LEMP web servers (Linux, NGINX, MySQL and PHP). I write on since 2006, and a few years later I started writing on iHowTo.Tips tutorials and news about devices in the ecosystem Apple: iPhone, iPad, Apple Watch, HomePod, iMac, MacBook, AirPods and accessories.

Leave a Comment