Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


XP-Pro SP2

  • Please log in to reply
4 replies to this topic

#1 kathirteen


  • Members
  • 3 posts
  • Local time:06:04 PM

Posted 01 July 2005 - 09:00 PM

Is anyone familiar with files like smss.exe running in the task manager? I have read that if it comes from the Windows System32 folder it's legit, but if not, it's a virus. I have it there but I also see it in my SP2 files and uninstall files. Should I delete the files that are not from the System32 folder?

BC AdBot (Login to Remove)


#2 rigel



  • Members
  • 12,944 posts
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:04 PM

Posted 01 July 2005 - 11:16 PM

Hi kathirteen,

Here is the listing I found for that file.
There are many versions of smss.exe. Compare where your files are to where the files are found in the examples.

Take a look at the bottom of my post and run the two online virus scans. They do a good job of checking your system. You can also load AdAware and Spybot Search and Destroy - link also at bottom of my post - and run those. They check for the spyware/adware/malware.

I hope this helps,


"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith

#3 Herk


  • Members
  • 1,609 posts
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:07:04 PM

Posted 02 July 2005 - 10:34 AM

I think those files are OK. If they were malware, they'd be in something like C:\Windows or in one of the temp folders. It's highly unlikely they'd be in SP2 install files. It is likely that the one in the SP2 install files is legit. After all, the file has to be installed from somewhere. Since SP2 can be uninstalled, it makes sense that it would also be in your uninstall folder.

Also, if they were malware, they'd be actually running.

#4 kathirteen

  • Topic Starter

  • Members
  • 3 posts
  • Local time:06:04 PM

Posted 09 July 2005 - 11:37 AM

Thanks for your replies!! I've gotten distracted from my original question! I was looking at files that didn't look right and came across smssa.exe, and sure enough it's a virus (a bad one too). I had reformatted and connected to the internet before I put up my firewall and AV. Very Dumb!! Anyway, I had to reformat again because the file kept popping back up every time I deleted it. I do use Ad-Aware and Spybot. I had Ad-Aware installed but not Spybot yet. I had installed the new Spy-Ware detecter from Microsoft (at the download page) and the file did show up on that scan. (I do like that product). Anyway I did reformat and protect myself first before connecting to the internet. (Note - I have DSL and had forgotten to unplug it while I was setting up.) You can forget you're online when you're using DSL!

#5 Enthusiast


  • Members
  • 5,898 posts
  • Location:Florida, USA
  • Local time:06:04 PM

Posted 09 July 2005 - 11:54 AM

Freeware AntiSpyware and Security Programs

Software firewalls with freeware versions
Zone Alarm SE: http://www.zonealarm.com/
Sygate: http://www.sygate.com/

Antivirus programs - freeware (you can only use one resident anti-virus program on your computer. Both of these are better than the one that comes with Win XP because, unlike the XP firewall, they offer both incoming and outgoing protection - XP does not. More than one will conflict, so if you use one of these turn the Windows firewall off after you set up the one you choose to replace it)

AVG: http://www.grisoft.com/us/us_index.php

Avast Anti-virus freeware

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

AdAware: http://www.lavasoftusa.com/software/adaware/
Microsoft Antispyware Beta: http://www.microsoft.com/athome/security/s...re/default.mspx
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
Spybot S&D: http://www.safer-networking.org/en/index.html
Microsoft Malicious Software Removal Tool (Win XP and Win 2000):

AČ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

CWShredder from InterMute
CW Shredder removes some variants of spyware known as the Coolwebsearch Trojan. The Trojan takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites. Run CWShredder after installing, and have it look for updates. Then click the "Fix" button, and the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.
Cost: Free

Hijack This and a variety of other tools for malware and pestware or

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these.)

Panda Activescan (IE only)

Trend Micro antivirus and malware scan:

Etrust Anti-virus web scanner

Kaspersky Anti-Virus Web Scanner

online trojan scans here -

Winsock XP Fix (should you ever need it)

How to submit a Hijack This log


Microsoft Baseline Security Analyzer (MBSA)
MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users