Strange file (sys32smm) in Win32 Dir

Discussion in 'Software' started by tridom, Jan 9, 2004.

  1. tridom

    tridom Private E-2

    One of my fellow employees had his computer slow down drastically. He looked at the Task Manager and found this file- sys32smm.exe running multiple times. He ended the process on it and that fixed his machine. He also found the file in his in his Win32 directory and he deleted it. Now he doesn't seem to have any problems.

    When we tried to find out what the file is we could find no info on it except- when you search Google it finds a discussion thread that talks about a non-removable trojan.

    I've searched Symantec and McAfee also and found nothing about it.

    Has anyone ever heard of this file and/or what it is and/or does?

    We'd just like to have more info to be sure we handled it right and in case we run across it again.
     
  2. Adrynalyne

    Adrynalyne Guest

    Most likely spyware.

    Ad aware or spybot will probably detect it.
     
  3. tridom

    tridom Private E-2

    Tried it....

    OOPS....forgot to mention that we tried SpyBot and HijackThis. Also went to their websites to see if there was anything there about it. No dice.

    I appreciate the quick reply though!
     
  4. Adrynalyne

    Adrynalyne Guest

    Well, in that case, I would have gone to Properties of the file, clicked ont he version tab, and examined the information there.

    There you can get version information, internal name, company name, and evena description of the file sometimes.
     
  5. Ken3

    Ken3 MajorGeek

    Can you trace back of what was done on that particular computer - what programs were recently installed, open any questionable e-mail that detached the file. etc.?
     
  6. tridom

    tridom Private E-2

    File is gone

    He deleted the file before I could get to it. But that was an idea Adrynalyne- wish I could have it.

    Ken3- I suspect he installed some kind of shareware or something that installed it. We are on a military domain with all kinds of firewalls and anti-viruses, so its pretty secure- and so I suspect he somehow intentionally downloaded and installed it. Of course, getting anyone to admit that is like pulling teeth.

    Oh well. I was just hoping someone may have heard of it and knew something about it. Fortunatly he doesn't seem to be having any more problems since we got rid of it.

    Thanks for the attempts at assisting though. Fastest responses I've ever had from a forum.
     
  7. Endi

    Endi Lt. Links

    Just to make sure

    If the system is still on the network, open a Command window (Start> Run and in the Open field, type cmd).


    At the C:/ prompt type the command netstat and to see all open IP connections

    Connections using IP port numbers like :6667, :7000 or :8888 indicate intrusion.
     
  8. tridom

    tridom Private E-2

    Thanks En....I'll do that when he gets back.



     
  9. Cricket

    Cricket Private E-2

    Task Manager

    tridom, I can't help as to what the file is, but will pass on a tip I received on Task Manager. Open it and select "Stop using ...." I had a problem w/ HP Printer install that put a reminder task to E-Register, etc. I would Delete and it was back after Shut Down or Reboot.
     
  10. tridom

    tridom Private E-2

    Thanks Cricket.
     
  11. yukon98

    yukon98 Specialist

  12. tridom

    tridom Private E-2

    Thanks.....

    Thanks Yukon.

    Unfortunatly, we already found that thread. Its the ONLY place we found ANYTHING about the file. Tom41 had asked that the file be e-mailed to him so he could analyze it. We sent an e-mail to him and asked if he came up with anything and we haven't received a response.

    Fortunatly the file is gone and there are no more problems with the machine. We just wanted to find out if anyone knew anything about it in case we ever ran into it again.

     
  13. billH

    billH Master Sergeant

    I found a reference to the smm.exe part here sounds like what you're describing a little.
     
  14. kristan

    kristan Private E-2

    I have this file running on my pc too, although I have no idea what it does or where it came from

    ::Edit::

    This may interest some of you...
    [​IMG]
     
    Last edited: Mar 18, 2004
  15. alanc

    alanc MajorGeek

    tridom, you're a celebrity! :cool:
     

    Attached Files:

  16. kristan

    kristan Private E-2

    so what acctualy is this thing?

    by the way, if anyone would like a copy of the file for curiosity's sake, i'd be happy to upload it.
     
  17. tridom

    tridom Private E-2

    Woo-Hooo!! LOL
     
  18. kristan

    kristan Private E-2

    thanks robo :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds