Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible smss32.exe infection


  • Please log in to reply
4 replies to this topic

#1 naupperlee

naupperlee

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 29 January 2010 - 11:00 AM

I've posted a similar question to the one below in the O/S forum, but I think this is the more appropriate location for my issue:

I apologize ahead of time for the limited information I will be able to provide, but I am very much a novice when it comes to computer viruses. For a couple days my computer has been running slower than normal, and I had been flooded with "nExplore" pop-ups every time I went on the internet. This morning I noticed my desktop background was changed to a blue screen, and there was a new icon in my system tray (I believe that is what it's called). A dialog balloon kept popping up about my computer being infected. Some of the infected file names it provided where win32.netsky and helper32.dll. I ignored these messages and began to research what the problem might be but with little success.

I downloaded MalwareBytes Anti-Malware, but when I went to run the program, I received an error message saying the mbam.exe file was missing. At that point I couldn't do anything more.

I came home from work this afternoon, and now I can't open Task Manager, System Restore, Command Prompt (or any other program for that matter). I also cannot access the internet from that computer anymore, so downloading cleaning software is out of the question.

I tried starting the computer in Safe Mode to see if I could access any of the programs (or the internet) that way, but it was more of the same. I was able to see my start up items by typing "msconfig" into the Run dialog box, and that's where I noticed the smss32.exe start up file. After doing some research (using a different computer), I saw where this could be a Trojan file.

Please advise me on what I can do to begin to resolve this issue.

Thank you.

BC AdBot (Login to Remove)

 


#2 naupperlee

naupperlee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 30 January 2010 - 12:40 PM

Some more information that may be useful (I forgot to state my O/S in my initial post):

I have a Dell computer running Windows XP Professional Version 2002 Service Pack 3.
After reading through some posts of people who seem to have similar problems, I recalled that the computer had been asking me to install IDS. It seemed like a scam, so I never did.
I believe most of these problems began shortly after I was prompted to update Adobe Reader. Admittedly, I didn't read the message in the pop-up because it said Adobe, and I clicked OK to download/update.

I hope this additional information proves beneficial.

Please help me... I'm really at a loss.

Thank you.

Edited by naupperlee, 30 January 2010 - 12:40 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:59 AM

Posted 31 January 2010 - 10:52 AM

Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.

If you cannot use the Internet or download any required programs to the infected machine, you are going to need access to another computer (family member, friend, library etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive. If you cannot copy files to your usb drive, make sure its not "Write Protected". Some flash drives have a switch on the side which could have accidentally been moved to write protect.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 naupperlee

naupperlee
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 31 January 2010 - 05:29 PM

I saved MBAM onto a USB drive, but I couldn't run it off that either. However, after trolling through some posts regarding similar problems I noticed most of the advice suggested running RKill. I saved that to the USB as well, and after running it, I was able to run MBAM. I had to run it 4 times before it said I was free of malware. My only question is whether or not that guarantees that I've killed off the virus. Thank you for helping.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:59 AM

Posted 31 January 2010 - 05:42 PM

after trolling through some posts regarding similar problems I noticed most of the advice suggested running RKill.

There was no need to do that as I provided instructions in the link I gave you "For those having trouble running Malwarebytes Anti-Malware."

Please post the results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
    • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
      -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Logs are saved to the following locations:
-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users