smss.exe or Windows Session Manager is a process responsible users sessions Registered on a system (the time periods in which those users are logged into that system). Specifically, the start of such sessions, smss.exe apply a series of commands that launches the login process (winlogon.exe) Plus a series of processes Win32 for the functioning of the system. Also, the process sets a series of smss.exe System variables.
Although it is a relatively important system process smss.exe is considered a process vulnerable to online attacks. It is located legitimately folder C: \ Windows System32And the discovery of any file with the same name or at least similar to the process indicate the presence of a virus, trojan or spyware in your system
W32 / Ladex.Worm is a virus that spreads through open accounts or share look. It attaches particular system malicious, Including smss.exe file (the same name as a legitimate process). Then try to access Service Control Manager to install the remote, the system service attack. This service False (Lmhsvc.exe) named NtLmHosts (or TCP / IP NetBIOS Provider), Creating the impression of legitimacy and thus succeeded in misleading many users. Lmhsvc.exe because he places a copy in your System folder 32, the service is activated automatic at every system startup.
After installation the form of service, the worm executes files Ladex % Windir% \ smss.exe si % Windir% \ csrss.exe. When the virus is active, these two files illegitimate must ensure its continuous running through checks every 3 seconds. And every 10 seconds, add the next virus registry server:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run registry key:
Smss.exe% windir% \ smss.exe
Csrss.exe% windir% \ csrss.exe
Also, the virus attempts, and most often successful, to block access to users registry Editor.
Careful! If you suspect irregularities about process smss.exe recommend performing a thorough system scans si disable sharing site Unused networks.