OT? AnVir Task Manager Pro: Log Length?

  • Thread starter Thread starter (PeteCresswell)
  • Start date Start date
P

(PeteCresswell)

My AnVir logs seem to begin with smss.exe and run up to "now".

My understanding of smss is that it is "Session Manager
Subsystem" and only starts when the user's logon begins.

Does that mean that AnVir's log is not useful for spotting
startup processes that delay startup, but begin before smss does?

Or is there a workaround?

Alternatives? I've tried BootVis, but it abends 4 out of 5
times and the rest of the time I can't figure out what the log is
telling me - viz: http://tinyurl.com/7g3emdf
 
Per David H. Lipman:
AnVir ?
Do you mean AntiVir ?

What is the fully qualified path to smss.exe showing in the logs ?
Click to expand...

"AnVir" as in http://www.anvir.com/

People who know have said it's over priced, but my impression (as
an admitted noob) is that it's a first-class product.

It's log says smss is coming from C:\Windows\system\smss.exe.

I've read a few accounts of malware disguised as smss, but would
hope that MaleWareBytes and/or Avast would have spotted anything
like that on my sys.
 
(PeteCresswell) said:
Per David H. Lipman:
Click to expand...
It's log says smss is coming from C:\Windows\system\smss.exe.

I've read a few accounts of malware disguised as smss, but would
hope that MaleWareBytes and/or Avast would have spotted anything
like that on my sys.
Click to expand...


Pete

Do a search for ssms.exe. If it is a legitimate file then you should also get the
following results as per below. If you do not get the same results as per below or
any other result then I would definitely follow David's advice.

I do not have it showing up in C:\Windows\system\smss.exe.


Mine sits is in the following

C:\WINDOWS\ServicePackFiles386\

and

C:\WINDOWS\system32\

and

C:\WINDOWS\$hf_mig$\Updates\$NTServiceUninstall$\


JS
 
Per David H. Lipman:
It should be; %windir%\System32\smss.exe

So %windir%\system\smss.exe could be a trojan.
Click to expand...

Mea Culpa: I fat-fingered the address. It really is in
System32.
 
Per Peter Foldes:
Do a search for ssms.exe. If it is a legitimate file then you should also get the
following results as per below. If you do not get the same results as per below or
any other result then I would definitely follow David's advice.

I do not have it showing up in C:\Windows\system\smss.exe.
Click to expand...

I should say that I am not questioning the authenticity of
smss.exe.

Only trying to figure out how to identify whatever is pigging up
my boot process before smss.exe loads.
 
Back
Top