Virus question
Jah Bootie
08-08-2005, 01:05
Any help from computer types would be appreciated. Every time I startup my computer it opens a DOS prompt window that says "c:/windows/smss.exe" and makes some noise and prints so gobbledygook on the screen. I know that this is the name of a legit program, but the real one is in a system folder. I delete this file but when I restart it's there again. I did a thorough scan of my harddrive with both my virus scanner and ad-aware and while those did find several viruses, it didn't find that one. Anyone have any advice?
Neo Rogolia
08-08-2005, 01:08
Any help from computer types would be appreciated. Every time I startup my computer it opens a DOS prompt window that says "c:/windows/smss.exe" and makes some noise and prints so gobbledygook on the screen. I know that this is the name of a legit program, but the real one is in a system folder. I delete this file but when I restart it's there again. I did a thorough scan of my harddrive with both my virus scanner and ad-aware and while those did find several viruses, it didn't find that one. Anyone have any advice?
Restart in safe mode and delete the startup key for it from the registry. If this doesn't work, then use the ultimate weapon at your disposal:
Format C: :D
Any help from computer types would be appreciated. Every time I startup my computer it opens a DOS prompt window that says "c:/windows/smss.exe" and makes some noise and prints so gobbledygook on the screen. I know that this is the name of a legit program, but the real one is in a system folder. I delete this file but when I restart it's there again. I did a thorough scan of my harddrive with both my virus scanner and ad-aware and while those did find several viruses, it didn't find that one. Anyone have any advice?you probably need to go through your regestry... be very careful tho since it can cause untold damage to your pc if you do something wrong.
you can also try and search for the smss.exe on Mcaffee or Norton sites and see if they have any programs to specifically remove the virus.
Jah Bootie
08-08-2005, 01:10
thanks guys. I wish I knew how to do things in my registry :( I guess this will end up costing me money.
thanks guys. I wish I knew how to do things in my registry :( I guess this will end up costing me money.have you gone to Mcafee.com or Nortons.com and searched their virus database for that SMSS.EXE?
Lord-General Drache
08-08-2005, 01:14
thanks guys. I wish I knew how to do things in my registry :( I guess this will end up costing me money.
You prolly won't have to spend money.
Start up in safe mode, run AdAware (If you don't have it, get it, as well as Spybot Search & Destroy), and get HiJack This (google it) to kill the process if you have to. And then run your virus scanner. That should definitely take care of it.
SERBIJANAC
08-08-2005, 01:19
use Kaspersky! go to friend and scan from his computer your [slave] hard drive.and then try registry.where did u get the virus???!! man u probably have much much more.your friend can save some data from your drive to his ,if thats problem and dont go online when infected by virus-trojan!!!! use friends comp for search and ask online!
Neo Rogolia
08-08-2005, 01:23
have you gone to Mcafee.com or Nortons.com and searched their virus database for that SMSS.EXE?
I have before because I thought it was an evil process :eek:
The most relevant queries would be "So-and-so virus then shuts down system processes including...yadda yadda...smss.exe...."
And, trust me, they have like a trillion articles involving it. It's a major headache looking for your problem.
Neo Rogolia
08-08-2005, 01:24
use Kaspersky! go to friend and scan from his computer your [slave] hard drive.and then try registry.where did u get the virus???!! man u probably have much much more.your friend can save some data from your drive to his ,if thats problem and dont go online when infected by virus-trojan!!!! use friends comp for search and ask online!
That reminds me how, in Californian government buildings, they have banned the use of Master/Slave when referring to hard drives :D :D :D
I have before because I thought it was an evil process :eek:
The most relevant queries would be "So-and-so virus then shuts down system processes including...yadda yadda...smss.exe...."
And, trust me, they have like a trillion articles involving it. It's a major headache looking for your problem.that is what is called Research. alot of people use it to find their answers.
and among all the Yadda Yadda Yadda is a little section called 'Solutions' that can help you.
SERBIJANAC
08-08-2005, 01:29
That reminds me how, in Californian government buildings, they have banned the use of Master/Slave when referring to hard drives :D :D :D
;) there is a risk but if he experienced user it wont be problem but in california everybody knows about computers right [even if they dont]?!
Neo Rogolia
08-08-2005, 01:31
that is what is called Research. alot of people use it to find their answers.
and among all the Yadda Yadda Yadda is a little section called 'Solutions' that can help you.
I have had issues with the same process and I could never find a solution! They just kinda went away on their own...if he is able to find it, kudos to him, but I'm recommending he doesn't spend his time searching the Symantec page for it since I did the same and got no applicable results.
Here try this site.
if you Google smss.exe you will get more information. if you have questions, call your tech support or post.
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html
Neo Rogolia
08-08-2005, 01:46
Here try this site.
if you Google smss.exe you will get more information. if you have questions, call your tech support or post.
http://securityresponse.symantec.com/avcenter/venc/data/w32.dalbug.worm.html
In addition, it tries to kill the Regedit.exe process if it is activated.
Smss.exe and Csrss.exe also try to create the these registry values, however if they detect that Regedit.exe is running, they will delete them (instead of creating them).
Also, he might want to try to....ahh, I forgot how to do this exactly but.....it was something like "copy regedit.exe regedit.com" which would prevent the .exe from being terminated.
Also, he might want to try to....ahh, I forgot how to do this exactly but.....it was something like "copy regedit.exe regedit.com" which would prevent the .exe from being terminated.or just do it in safe mode. Safe Mode only installs the basic drivers/programs.
Teh_pantless_hero
08-08-2005, 01:55
That be a virus alright, use an anti-virus program to killify it
Sabbatis
08-08-2005, 02:23
I didn't google your problem, but if you would like to eliminate the possibility of a trojan (as opposed to virus/worm and adware), then download TDS-3 from diamondcs.com.au. It detects and removes only trojans and keyloggers, far more dangerous critters than virii. It's highly regarded in the security world - it is far more comprehensive with trojans than normal AV software. I've used it for years, free trial.
Processguard, from the same company, is the absolute protection. It lets you decide which processes to run, lots of other features. Again, I've used it for some time. It is the absolute protection in the sense that only necessary processes, or ones you know to be safe, can run. Protects against rootkits.