OT? AnVir Task Manager Pro: Log Length?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My AnVir logs seem to begin with smss.exe and run up to "now".

My understanding of smss is that it is "Session Manager
Subsystem" and only starts when the user's logon begins.

Does that mean that AnVir's log is not useful for spotting
startup processes that delay startup, but begin before smss does?

Or is there a workaround?

Alternatives?   I've tried BootVis, but it abends 4 out of 5
times and the rest of the time I can't figure out what the log is
telling me - viz: http://tinyurl.com/7g3emdf
--
Pete Cresswell

Re: OT? AnVir Task Manager Pro: Log Length?


Quoted text here. Click to load it

AnVir  ?
Do you mean AntiVir ?

What is the fully qualified path to smss.exe showing in the logs ?



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: OT? AnVir Task Manager Pro: Log Length?

Per David H. Lipman:
Quoted text here. Click to load it

"AnVir" as in http://www.anvir.com /

People who know have said it's over priced, but my impression (as
an admitted noob) is that it's a first-class product.

It's log says smss is coming from C:\Windows\system\smss.exe.

I've read a few accounts of malware disguised as smss, but would
hope that MaleWareBytes and/or Avast would have spotted anything
like that on my sys.
--
Pete Cresswell

Re: OT? AnVir Task Manager Pro: Log Length?


Quoted text here. Click to load it


It should be;  %windir%\System32\smss.exe

So %windir%\system\smss.exe  could be a trojan.

I always say that its not the name that counts, it is the fully qualified
name and path that counts.

Malware often hides by using legitimate names or variations thereof.  Those
that use the exact name of a legitimate file must exist in a different
location.

Plaese upload the file to;  http://www.uploadmalware.com /

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: OT? AnVir Task Manager Pro: Log Length?

Per David H. Lipman:
Quoted text here. Click to load it

Mea Culpa:  I fat-fingered the address.  It really is in
System32.
--
Pete Cresswell

Re: OT? AnVir Task Manager Pro: Log Length?


Quoted text here. Click to load it

Argggggghhhhhhhh  ;-)



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: OT? AnVir Task Manager Pro: Log Length?

Quoted text here. Click to load it



Pete

Do a search for ssms.exe. If it is a legitimate file then you should also get
the
following results as per below. If you do not get the same results as per below
or
any other result then I would definitely follow David's advice.

I do not have it showing up in C:\Windows\system\smss.exe.


Mine sits is in the following

C:\WINDOWS\ServicePackFiles386\

and

C:\WINDOWS\system32\

and

C:\WINDOWS$hf_mig$\Updates$NTServiceUninstall$\


JS


Re: OT? AnVir Task Manager Pro: Log Length?

Per Peter Foldes:
Quoted text here. Click to load it

I should say that I am not questioning the authenticity of
smss.exe.

Only trying to figure out how to identify whatever is pigging up
my boot process before smss.exe loads.
--
Pete Cresswell

Site Timeline