Smss.exe – Is It A Safe Process Or A Virus?

Smss.exe – What is it?

The smss.exe (Session Manager Subsystem) process is a part of the Windows Operating System and is responsible for creating environment variables, starting the Win32 subsystem, creating paging files, establishing DOS device mappings, and initializing Windows Logon Manager. On a Windows computer, the smss.exe process is responsible for handling user sessions.

Smss.exe – File Information

By default, smss.exe is located in C:\Windows\System32 folder. The most common size of the smss.exe file is 50,688 bytes. Other known file sizes of this file are – 45,568 bytes, 62,976 bytes, 64,000 bytes, and 47,616 bytes.

Can you terminate the smss.exe process via the Windows Task Manager?

As smss.exe is a critical Windows process, you cannot terminate it through the Windows Task Manger.

Smss.exe is required for the smooth and stable functioning of a Windows computer. In case you disable smss.exe, your Windows computer will not boot.

Other instances of smss.exe

The genuine smss.exe is a Windows file that is required for the stable functioning of your Windows computer. However, other instances of smss.exe that are malware-related are also known. The rouge smss.exe process is used by attackers to steal your personal information, such as email password or Internet banking details.

The smss.exe virus:

  • Deletes other processes from disk.
  • Is polymorphic and has the ability to change its structure.
  • It modifies the registry to have programs auto start on Windows startup.
  • Disables inbuilt Windows file protection system.
  • Disables access to Registry Editor.
  • Disables the built-in Firewall, thus enabling malicious processes to gain entry into your computer without your knowledge or consent.
  • Adds, as well as deletes links in the Start Menu.
  • Disables the Windows Security Center’s Notification balloon.
  • Disables access to the Windows Task Manager.
  • Changes the settings of your firewall to allow itself and other programs to communicate over the Internet.
  • Changes the Windows Security Centre to stop Antivirus status, Firewall status, Firewall override from being displayed.
  • Changes Windows Security Centre to prevent from being displayed when automatic Windows Updates feature is disabled.
  • Disables Safe Mode on your computer and changes the firewall settings to allow itself unlimited access to Internet.
  • Uses rootkit techniques to hide its presence and resists interrogation by security programs.
  • Can communicate with other computers on your network using HTTP protocols.
  • Reads details saved in your email and phone books.

Shared below is a list of malicious programs that are known to be associated with the rouge smss.exe file:

Email-Worm.Win32.Brontok.n [Kaspersky Lab]
Virus.Win32.Xorer.dt [Ikarus]
Virus.Win32.Xorer.dt [Kaspersky Lab]
Virus:Win32/Xorer.O [Microsoft]
W32.Pagipef [Symantec]
W32.Rontokbro.U@mm [Symantec]
W32/Rontokbro.gen@MM [McAfee]
W32/Xorer [McAfee]
W32/Xorer-B [Sophos]
Win32.Xorer.D [PC Tools]
Worm.Brontok.BA [PC Tools]
Worm.Brontok.BK [PC Tools]
Worm.Brontok.Gen!Pac.3 [PC Tools]
Trojan:Win32/Xorer.O [Microsoft]
Worm.Rungbu.B [PC Tools]
Win-Trojan/Agent.40960.KA [AhnLab]
W32.Rungbu [Symantec]
W32.Rontokbro@mm [Symantec]
W32.Rontokbro.X@mm [Symantec]
Virus.Xorer!ct [PC Tools] [Kaspersky Lab]
PE_RUNGBU.C-O [Trend Micro]
Packed/FSG [PC Tools]
I-Worm.Brontok.AY [PC Tools]
Generic.dx [McAfee]
Generic VB.c [McAfee]
Worm.Win32.VB.du [Kaspersky Lab]
PE_RUNGBU.B-O [Trend Micro]
Bloodhound.Unknown [Symantec]
Email-Worm.Win32.Brontok.N [Ikarus]
Email-Worm.Win32.Brontok.q [Kaspersky Lab]
Gen.Packed [Ikarus]
I-Worm.Brontok.BM [PC Tools]
Mal/EncPk-KP [Sophos]
PE_PARITE.A [Trend Micro]
TROJ_PAGIPEF.R [Trend Micro]
Virus.Win32.Parite.b [Kaspersky Lab]
Virus:Win32/Xorer.O!dll [Microsoft]
W32.Pagipef.B [Symantec]
W32.Pagipef.I [Symantec]
W32.SillyDC [Symantec]
W32/Pate.b [McAfee]
W32/Rontokbr-A [Sophos]
Win32.Parite.B [PC Tools]
Worm.VB.YVF [PC Tools]
Trojan Horse [Symantec]
Virus:Win32/Xorer.D [Microsoft]
W32/Brontok-AE [Sophos]
Worm.Win32.AutoRun [Ikarus]
Worm.VB.ZVX [PC Tools]
Worm.Brontok.Gen.1 [PC Tools]
Worm.AutoRun.BX [PC Tools]
Worm.AutoRun.AGB [PC Tools]
Win32.Sality.AA [PC Tools]
W32/ [McAfee]
W32/MoonLight.worm [McAfee]
W32/Imaut-A [Sophos]
W32/Fujacks [McAfee]
W32/Autorun.worm.g [McAfee]
W32.Sality.X [Symantec]
W32.Lunalight@mm [Symantec]
Virus.Win32.Xorer.df [Kaspersky Lab]
Virus.Win32.Small.p [Kaspersky Lab]
Virus.Win32.Sality.s [Kaspersky Lab]
Virus.Win32.AutoRun.abt [Kaspersky Lab]
TrojanClicker:Win32/Hatigh.C [Microsoft]
Trojan.VB!sd6 [PC Tools]
Trojan.Pakes!sd5 [PC Tools]
PE_RUNGBU.A-O [Trend Micro]
Packed.Generic.233 [Symantec]
Mal/Packer [Sophos]
Mal/EncPk-C [Sophos]
Generic.dx!fml [McAfee]
Email-Worm.Win32.VB.cp [Kaspersky Lab]
Email-Worm.Brontok!sd5 [PC Tools]
Adware-BDSearch [McAfee] [Kaspersky Lab]
W32/Rungbu-C [Sophos]
W32.SillyFDC [Symantec]
WORM_SALITY.BL [Trend Micro]
Virus:Win32/Sality.AM [Microsoft]
W32/Sality-AM [Sophos]
I-Worm.Moonlight.C [PC Tools]
Downloader [Symantec]
Virus.Win32.Xorer.dc [Kaspersky Lab]
W32/Virut.gen [McAfee]
Worm.Win32.VB.du [Ikarus]

How to remove the smss.exe virus

The best way to remove malware programs, such as the smss.exe virus, is by scanning your entire computer using advanced antivirus and antispyware programs, such as STOPzilla Antivirus and Spyware Cease.

After you delete the smss.exe virus, it is also necessary that you perform a registry scan using a reliable registry cleaning tool to remove malware entries that this rogue process may have added to your Windows registry.