Windows Settings and Tutorials

Smss.exe (Windows Session Manager vs W32/Ladex.Worm)

Update
1

Smss.exe or Windows Session Manager is a process responsible for administration user sessions Record on a system (time periods in which the respective users are logged in to that system). Specifically, at the beginning of such a session, sms.exe applies a series of commands that launch the login process (winlogon.exe) plus a series of processes Win32 necessary for the functioning of the system. Also the SMSS.Exe process sets a series of system variables.

Although it is a relatively important system process sms.exe is also considered a vulnerable process to online attacks. It is located, legitimate, in the folder C:Windows System32, and the discovery of any file with the same name or at least similar to the process indicates the presence of a virus, trojan or spyware In your system

W32/Ladex.Worm is a virus that spreads through open accounts or Share-uuite. It attaches the certain system malware files, including the sms.exe file (name identical to the legitimate process). Then try to access Service Control Manager to install, through remote, as a service of the attacked system. This false service (lmhsvc.exe) bears the name NtLmHosts (or TCP/IP NetBIOS Provider), creating the impression of legitimacy and in this way to mislead many users. Because LMHSVC.Exe places a copy in the System 32 folder, the service is activated automatic at each start of the system.

After installing it in the form of service, the Ladex Worm executes files %windir%Smss.exe and %windir%Csrss.exe. When the virus is active, these two illegitimate files must ensure its continuous running through checks every 3 seconds. And every 10 seconds, the virus adds the following registry and system:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key: 
Smss.exe %windir%\smss.exe 
Csrss.exe %windir%\csrss.exe

Also, the virus tries, and most of the time succeeds, to block users' access to Registry Editor.

Careful! If you suspect irregularities regarding the smss.exe process, we recommend performing one detailed system scans and disabling sharing in unused networks.

Passionate about technology, I write with pleasure on stealthsetts.com starting with 2006. I have a rich experience in operating systems: Macos, Windows and Linux, but also in programming languages ​​and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, Presashop).

Tutorials written by me.
Task Manager
loader.worm lmhsvc.exe Malware ntlmhosts SMSS.EXE System Processes - Windows .EXE & .DLL Virus windows session manager
Home Your source of IT tutorials, useful tips and news. Smss.exe (Windows Session Manager vs W32/Ladex.Worm)

Error Code 0xC004F061 in Windows 7 (Error Resolution)

Wininit.exe vs Winnit.exe (Windows Start-Up Application vs Worm)

Leave a Comment

Stealth Settings

Windows

Windows 11

Windows 10

Windows 8 / 8.1

Windows 7

Windows Vista

Windows XP

Task Manager

How To

Microsoft 365 / Office

Microsoft 365 / Office

Excel

Word

PowerPoint

Outlook

Office 365 Productivity

Linux & Web Software

NGINX

Apache HTTP Server

PHP

SQL / MySQL

Centos

Ubuntu

Web Hosting

WordPress & WooCommerce

Security & Antivirus

Awareness

Show My IP

Antivirus & Security

Malware

Spyware

© 2025 Stealth Settings. Tutorials and news in the IT field.

privacy policy | About cookies | Contact | About us

RomânăEnglishFrançaisDeutschItalianoEspañolPortuguês日本語한국어Bahasa IndonesiaNorskNederlandsPolskiDanskSuomiSvenskaHrvatskiČeštinaБългарскиSlovenčinaSlovenščinaEesti keelLatviešu valodaLietuvių kalbaΕλληνικάУкраїнська中文(简体)РусскийTürkçeTiếng Việtעבריתภาษาไทยالعربية