Smss.exe - what is this? A virus or a useful Windows process?

Any PC user who has ever called the Windows Task Manager has faced the fact that there are a lot of incomprehensible services running in the process tree such as Rundll32.exe, Csrss.exe, Lsass.exe, Svchost.exe , etc. There are more One process, designated as Smss.exe. What kind of service is it and what does it answer for, we will now understand.

Smss.exe: what is this process?

If someone suspects that this is a virus, let's say at once: this is fundamentally wrong. The process itself is an important system service responsible for user sessions running on a single computer terminal.

If you do not go into the jungle of programming and the principles of the operation of system services, you can say that the Smss.exe file is the intermediate link of the user session, which monitors the system requests when programs and applications are not correctly terminated.

In principle, this service can run processes such as Winlogon (login to the system) and Win32 (service Csrss.exe). By and large, when the application is not properly shut down, the Smss.exe process is used. What is this in terms of the user? It's simple. This service simply does not allow the system to respond to requests for hung applications, while still maintaining the user session.

Location of the file

Let's talk at once: the system can not run more than one process Smss.exe in any user mode.

The file itself can be found in the System32 folder, which is located in the root directory of Windows (C: \ Windows). There and only there must be an original service. If the file of the same name is found elsewhere, it should be deleted immediately, as there is every reason to assume that it is a virus.

How the service works

So, we have the service Smss.exe. What process is started in this case from the user's point of view can be explained with a simple example. For example, if you crashed, the hung application will be closed, but the entire system will remain functional, even if the user is running without administrator rights. Naturally, if you change the account (log in under another user), no errors should arise. There are, of course, exceptions. But this can only be due to the fact that the original file is damaged or infected with a virus.

What should I do if errors occur or is there suspicion of a virus?

Let's take a closer look at the Smss.exe process. What is this in terms of the occurrence of permanent errors? The explanation here is the simplest. The original process of threat to the system is not (as some users say) is not. Another thing is when the file can be damaged by viruses or even replaced with the same name. It is the executable program that will be run in place of the original process.

It is also important to know that it is impossible to complete the original service in the Task Manager . If the process ends without problems, you can be sure that this is a real virus or an attempt to penetrate the computer terminal from the outside.

The simplest way to detect the Smss.exe virus can be with the help of standard anti-virus software installed in the system. Of course, it's better to use powerful software packages for this purpose, which have the function of deep (advanced) scanning in their set.

Naturally, this process can last even a few hours. But what is better, to wait and get rid of the threat or to work with a constantly flying system? That's what it is. As a rule, the virus is detected quite quickly even by portable utilities such as Kaspersky Virus Removal Tool, which scan the system area of the hard disk and all executable startup processes or running at the moment.

In extreme cases, if this does not help, you can use utilities, usually called Rescue Disc, from different developers. Their advantage lies in the fact that these packages run either from a regular CD / DVD or from a USB drive even before the start of the "operating system" itself and allow you to detect viruses and malicious codes that can be stored or launched even from RAM. However, in most cases this is not required.

It is possible to do otherwise - simply ask for files with the name Smss.exe on all hard disks and logical partitions, and after finding the copies, just delete them. Note: these viruses are not involved in self-copying to removable media.

As for viruses, these are mostly computer worms and Trojans trying to access the computer terminal for the purpose of its remote control and management. Among the most famous threats can be identified Win32.Landis, W32.Dalbug.Worm, Win32. Brontok, Adware.DreamAd, Win32 Sober and others.

They can either infect the original file, or run independently, replacing the Smss.exe process. What is it in this case? This is the start of remote access control of your terminal. By the way, for the time being the user can not even guess that the threat is present in the system until a really dangerous situation occurs. Here you should pay attention to untimely completion of applications and services, constant reboot, disabling network controllers, etc.

In some cases, you can apply system recovery, either by using the service of the same name in the Control Panel, or by using the Recovery Console. But only here there is no guarantee that after the restoration the threat will disappear. Viruses of this type are capable of masking both for system processes and for user files. As you know, the Windows recovery service does not affect user data.

The most acceptable way to remedy the situation

As you can see, the best way to get rid of the threats associated with the service Smss.exe is the use of antivirus software. Note immediately that free packages such as AVG or Avira are unable to recognize viruses of this type (tested in practice). So it's better to use at least a "cracked" version of a more powerful scanner.

At worst, you can even use versions of the Trial type, which you need to activate each month in terms of license renewal in order to update the signature base for viruses and software models. This will give the best effect. But it is best to use the means of recovery discs (Rescue Disc). It is this that will ensure that viruses can be virtually eliminated. In this case, however, you need to apply the latest versions of such software, because when you start it even with network access to the Internet, in most cases the anti-virus databases are not updated. Simply there is an error due to the fact that they have nowhere to save, because the application is launched from a removable media (this only applies to optical CD / DVDs, there are no problems with flash drives).

The result

Here, in fact, we have considered the many incomprehensible process Smss.exe. What is it, probably, is already clear. It is possible to get rid of mistakes and threats that arise sometimes from the simplest methods described above. But, as a rule, hackers or hackers of computers try to access exclusively to administrator accounts, so that the ordinary user with limited rights is not threatened.