File Search: 

ThreatExpert's awareness of the file "smss.exe":

Across all ThreatExpert reports, the file "smss.exe" was mostly identified as a threat.
File "smss.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "smss.exe"4,669
Number of incidents when this file was found to be a threat4,124
Statistical volume of cases when "smss.exe" was a threat88%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "smss.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AllUsersProfile%\smss.exe
%AppData%\%username%.task\chasnah.exe
%AppData%\%username%.task\csrss.exe
%AppData%\%username%.task\lsass.exe
%AppData%\%username%.task\server.exe
%AppData%\%username%.task\smss.exe
%AppData%\1.exe
%AppData%\blaah.exe
%AppData%\br6657on.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\csrss.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\dr.ox\smss.exe
%AppData%\dv6173880x\yesbron.com
%AppData%\hose.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\inetinfo.exe
%AppData%\jalak-931738815-bali.com
%AppData%\ldr.exe
%AppData%\lsass.exe
%AppData%\microsoft\cd burning\auto.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\smss.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\services.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\smss.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\svchost.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\windows\csrss.exe
%AppData%\windows\lsass.exe
%AppData%\windows\scvhost.exe
%AppData%\windows\services.exe
%AppData%\windows\smss.exe
%AppData%\windows\winlogon.exe
%AppData%\winlogon.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
%CommonAppData%\3gp.exe
%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe
%CommonAppData%\av1\av1.exe
%CommonAppData%\av1\av1i.exe
%CommonAppData%\av1\av1i2.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "smss.exe" has the following possible countries of origin:
OriginNumber of Incidents
United Kingdom307
China72
Belgium58
Russian Federation47
Brazil34
Spain22
Thailand15
Saudi Arabia12
Ukraine5
Taiwan4
Algeria3
France3
Germany1
Turkey1

The following threats are known to be associated with the file "smss.exe":
Threat AliasNumber of Incidents
W32/Rontokbro.gen@MM [McAfee]45,343
Email-Worm.Win32.Brontok.n [Kaspersky Lab]43,678
W32.Rontokbro.U@mm [Symantec]41,799
W32/Xorer [McAfee]39,204
W32.Pagipef [Symantec]39,174
WORM_BRONTOK.BA [Trend Micro]38,455
Win32.Xorer.D [PC Tools]35,341
TROJ_PAGIPEF.BL [Trend Micro]25,740
Worm.Brontok.BA [PC Tools]18,551
Virus.Win32.Xorer.dt [Kaspersky Lab]17,774
W32/Xorer-B [Sophos]17,257
Worm.Brontok.BK [PC Tools]16,080
Virus:Win32/Xorer.O [Microsoft]10,890
Virus.Win32.Xorer.dt [Ikarus]10,778
Worm.Brontok.Gen!Pac.3 [PC Tools]8,065
WORM_RONTKBR.GEN [Trend Micro]5,784
Trojan:Win32/Xorer.O [Microsoft]5,544
Win-Trojan/Agent.40960.KA [AhnLab]4,996
Virus.Xorer!ct [PC Tools]2,970
W32.Rontokbro.X@mm [Symantec]2,254
W32.Rontokbro@mm [Symantec]2,141
I-Worm.Brontok.AY [PC Tools]1,604
Worm.Rungbu.B [PC Tools]1,475
PE_RUNGBU.C-O [Trend Micro]1,444
Virus.Win32.VB.cc [Kaspersky Lab]1,147
W32.Rungbu [Symantec]962
Generic.dx [McAfee]943
WORM_BRONTOK.IE [Trend Micro]939
Packed/FSG [PC Tools]845
Generic VB.c [McAfee]807
Worm.Win32.VB.du [Kaspersky Lab]805
PE_RUNGBU.B-O [Trend Micro]798
Worm.VB.YVF [PC Tools]797
PE_PARITE.A [Trend Micro]790
Virus.Win32.Parite.b [Kaspersky Lab]789
W32/Pate.b [McAfee]789
Win32.Parite.B [PC Tools]785
Email-Worm.Win32.Brontok.N [Ikarus]663
Virus:Win32/Xorer.O!dll [Microsoft]594
I-Worm.Brontok.BM [PC Tools]430
Bloodhound.Unknown [Symantec]385
W32/Rontokbr-A [Sophos]375
Email-Worm.Win32.Brontok.q [Kaspersky Lab]362
W32.Pagipef.I [Symantec]337
TROJ_PAGIPEF.BF [Trend Micro]320
TrojanClicker:Win32/Hatigh.C [Microsoft]312
W32.Pagipef.B [Symantec]282
W32.SillyDC [Symantec]279
TROJ_PAGIPEF.R [Trend Micro]272
Trojan Horse [Symantec]265
Mal/EncPk-KP [Sophos]249
Gen.Packed [Ikarus]243
Virus:Win32/Xorer.D [Microsoft]229
W32/Brontok-AE [Sophos]224
Packed.Generic.233 [Symantec]222
Generic.dx!fml [McAfee]189
Worm.Brontok.Gen.1 [PC Tools]189
Worm.VB.ZVX [PC Tools]187
PE_RUNGBU.A-O [Trend Micro]165
WORM_AUTORUN.TI [Trend Micro]152
Worm.AutoRun.BX [PC Tools]148
TROJ_PAGIPEF.AJ [Trend Micro]144
TROJ_PAGIPEF.AZ [Trend Micro]144
Virus.Win32.Small.p [Kaspersky Lab]144
Mal/Generic-A [Sophos]143
Adware-BDSearch [McAfee]128
W32/Autorun.worm.g [McAfee]127
TROJ_PAGIPEF.AE [Trend Micro]126
W32.Lunalight@mm [Symantec]125
Worm.AutoRun.AGB [PC Tools]122
Worm.Win32.AutoRun [Ikarus]122
Trojan.VB!sd6 [PC Tools]113
Win32.Sality.AA [PC Tools]110
Mal/Packer [Sophos]109
W32.Sality.X [Symantec]107
W32/Imaut-A [Sophos]106
Virus.Win32.Xorer.df [Kaspersky Lab]103
Virus.Win32.Sality.s [Kaspersky Lab]100
Trojan-Clicker.Win32.Hatigh [Ikarus]98
W32/Fujacks [McAfee]98
WORM_MOONLIGHT.C [Trend Micro]98
Email-Worm.Win32.VB.cp [Kaspersky Lab]96
Trojan.Pakes!sd5 [PC Tools]95
Email-Worm.Brontok!sd5 [PC Tools]94
W32/MoonLight.worm [McAfee]93
TROJ_PAGIPEF.AD [Trend Micro]89
W32/Sality.ac [McAfee]89
Downloader [Symantec]82
TROJ_PAGIPEF.AU [Trend Micro]81
Mal/EncPk-C [Sophos]80
Virus.Win32.AutoRun.abt [Kaspersky Lab]80
Virus.Win32.Xorer.bh [Kaspersky Lab]80
W32.SillyFDC [Symantec]78
W32/Rungbu-C [Sophos]77
Trojan-Downloader.Win32.Suurch.awk [Kaspersky Lab]75
WORM_SALITY.BL [Trend Micro]74
TROJ_PAGIPEF.BI [Trend Micro]72
I-Worm.Moonlight.C [PC Tools]71
Virus:Win32/Sality.AM [Microsoft]70
W32/Sality-AM [Sophos]70