Smss.exe – A Windows Process or a Virus?

The smss.exe (Session Manager Subsystem) is an integral part of Windows operating system and the process is executed when you start a Windows NT, 2000, XP, or Vista computer. The main function of this process is to handle user sessions on a Windows computer.

It is recommended that you do not disable smss.exe, as doing so will prevent your Windows computer from booting.

What is the default location of smss.exe?

By default, smss.exe is located in the %system% folder.

Note: %system% is a variable that refers to the system folder on your computer. The default path of system folder in Windows Vista/XP is C:\Windows\System32, and Windows NT/2000 is C:\Winnt\System32.

What are the known file sizes of smss.exe on a Windows XP computer?

Commonly, the smss.exe file is found in 50,688 bytes. You may also find smss.exe in 62,976, 47,616, and 45,568 bytes size on a Windows XP computer.

Smss.exe Issue

Your Windows computer may freeze often and smss.exe may consume high proportions of your CPU resources.

What causes Smss.exe to consume high amounts of CPU resources?

The above behavior may occur if your PC is infected with the smss.exe trojan.

Often, Malware disguise themselves by taking the same name as legitimate Windows processes to escape detection. This is true in regards to smss.exe. The legitimate smss.exe is a critical Windows process, but a trojan by the same name (smss.exe) is also known to exist.

How to protect your PC from malicious smss.exe file

To resolve the above issue and secure your computer, you need to remove the malicious smss.exe process and its associated malware.

To achieve this, perform the following tasks in the sequence they appear:

  • Update your Antimalware tool by installing the latest updates.
  • Disconnect your Windows PC from the Internet, as well as any network that it might be attached to.
  • Restart your Windows PC in Safe Mode (For more information on this, check the ?How to start Windows in Safe Mode? section given below)
  • Run a malware scan on your entire computer and delete any reported threats.

How to Start Windows in Safe Mode?

To start Windows in safe mode, perform the following steps:

  1. Restart Windows, press, and hold the F8 key as Window loads.
  2. Use the arrow keys to select the Safe Mode option in the Windows Advanced Boot Options Menu and press Enter.

What are the threats that are known to use smss.exe?

Mentioned below are the names of malware programs that are recorded to use smss.exe:

Adware-BDSearch [McAfee]
Bloodhound.Unknown [Symantec]
Downloader [Symantec]
Email-Worm.Brontok!sd5 [PC Tools]
Email-Worm.Win32.Brontok.N [Ikarus]
Email-Worm.Win32.Brontok.n [Kaspersky Lab]
Email-Worm.Win32.Brontok.q [Kaspersky Lab]
Email-Worm.Win32.VB.cp [Kaspersky Lab]
Gen.Packed [Ikarus]
Generic VB.c [McAfee]
Generic.dx [McAfee]
Generic.dx!fml [McAfee]
I-Worm.Brontok.AY [PC Tools]
I-Worm.Brontok.BM [PC Tools]
I-Worm.Moonlight.C [PC Tools]
Mal/EncPk-C [Sophos]
Mal/EncPk-KP [Sophos]
Mal/Packer [Sophos]
Packed.Generic.233 [Symantec]
Packed/FSG [PC Tools]
PE_PARITE.A [Trend Micro]
PE_RUNGBU.A-O [Trend Micro]
PE_RUNGBU.B-O [Trend Micro]
PE_RUNGBU.C-O [Trend Micro]
TROJ_PAGIPEF.R [Trend Micro]
Trojan Horse [Symantec]
Trojan.Pakes!sd5 [PC Tools]
Trojan.VB!sd6 [PC Tools]
Trojan:Win32/Xorer.O [Microsoft]
TrojanClicker:Win32/Hatigh.C [Microsoft]
Virus.Win32.AutoRun.abt [Kaspersky Lab]
Virus.Win32.Parite.b [Kaspersky Lab]
Virus.Win32.Sality.s [Kaspersky Lab]
Virus.Win32.Small.p [Kaspersky Lab] [Kaspersky Lab] [Kaspersky Lab]
Virus.Win32.Xorer.dc [Kaspersky Lab]
Virus.Win32.Xorer.df [Kaspersky Lab]
Virus.Win32.Xorer.dt [Ikarus]
Virus.Win32.Xorer.dt [Kaspersky Lab]
Virus.Xorer!ct [PC Tools]
Virus:Win32/Sality.AM [Microsoft]
Virus:Win32/Xorer.D [Microsoft]
Virus:Win32/Xorer.O [Microsoft]
Virus:Win32/Xorer.O!dll [Microsoft]
W32.Lunalight@mm [Symantec]
W32.Pagipef.B [Symantec]
W32.Pagipef.I [Symantec]
W32.Rontokbro.U@mm [Symantec]
W32.Rontokbro.X@mm [Symantec]
W32.Rontokbro@mm [Symantec]
W32.Rungbu [Symantec]
W32.Sality.X [Symantec]
W32.SillyDC [Symantec]
W32.SillyFDC [Symantec]
W32/Autorun.worm.g [McAfee]
W32/Brontok-AE [Sophos]
W32/Fujacks [McAfee]
W32/Imaut-A [Sophos]
W32/MoonLight.worm [McAfee]
W32/Pate.b [McAfee]
W32/Rontokbr-A [Sophos]
W32/Rontokbro.gen@MM [McAfee]
W32/Rungbu-C [Sophos]
W32/ [McAfee]
W32/Sality-AM [Sophos]
W32/Virut.gen [McAfee]
W32/Xorer [McAfee]
W32/Xorer-B [Sophos]
Win32.Parite.B [PC Tools]
Win32.Sality.AA [PC Tools]
Win32.Xorer.D [PC Tools]
Win-Trojan/Agent.40960.KA [AhnLab]
Worm.AutoRun.AGB [PC Tools]
Worm.AutoRun.BX [PC Tools]
Worm.Brontok.BA [PC Tools]
Worm.Brontok.BK [PC Tools]
Worm.Brontok.Gen!Pac.3 [PC Tools]
Worm.Brontok.Gen.1 [PC Tools]
Worm.Rungbu.B [PC Tools]
Worm.VB.YVF [PC Tools]
Worm.VB.ZVX [PC Tools]
Worm.Win32.AutoRun [Ikarus]
Worm.Win32.VB.du [Ikarus]
Worm.Win32.VB.du [Kaspersky Lab]
WORM_SALITY.BL [Trend Micro]
W32.Pagipef [Symantec]