Solved! Use SMSS.EXE (Unknown) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SMSS.EXE – Unknown removal

SMSS.EXE size: 180224 bytes
SMSS.EXE hash: 07B23FA4064AB5A02F7DC664B855D160

Created files:

%WinDir%\M13516\EmangEloh.exe
%WinDir%\M13516\Ja634608bLay.com
%WinDir%\M13516\smss.exe
%WinDir%\sa-533055.exe
%WinDir%\system\msvbvm60.dll
%SysDir%\338408423741l.exe
%SysDir%\msvbvm60.dll
%WinDir%\Ti423741ta.exe
D:\New Folder.scr
%Common AppData%\Microsoft\Network\Downloader\RaHasIA .exe
%UserProfile%\Templates\O07170Z\service.exe
%UserProfile%\Templates\O07170Z\TuxO07170Z.exe
%UserProfile%\Templates\O07170Z\winlogon.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\T70Z384: %WinDir%\sa-533055.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: explorer.exe, “%UserProfile%\Templates\O07170Z\TuxO07170Z.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe , “%WinDir%\M13516\Ja634608bLay.com”
HKCU\Software\Microsoft\Windows\CurrentVersion\RUN\T1135055TT4: %WinDir%\System32\338408423741l.exe

Detected by UnHackMe:

SMSS.EXE
Default location: %WinDir%\M13516\SMSS.EXE

Dropper information:
MD5: 07b23fa4064ab5a02f7dc664b855d160
File size: 180224 bytes

Leave a Reply