Whenever I open the Task Manager I see the processes csrss.exe, smss.exe and lsass.exe sitting there. I guess the same can be said for your Windows where those processes are most likely appearing as well. So, what are these processes actually doing and are they required to run whenever Windows starts ?
Here is the explanation for the processes csrss.exe, smss.exe and lsass.exe. The process smss.exe is the Session Manager Subsystem located in C:\Windows\System32. If this file is located somewhere else it is most likely a trojan or virus. It is a critical Windows process launching, amongst other things, the Winlogon and Win32 processes.
Next in the line is the process csrss.exe which stands for Windows Client/Server Runtime Server Subsystem. It should be located in C:\Windows\System32 as well. If csrss.exe is located in another location it is most likely a virus or trojan. Like smss.exe csrss.exe is important for Windows to run.
Last in the line we have lsass.exe which is the Local Security Authentication Server. If lsass.exe is executed from C:\Windows\System32 everything is fine. If it is not it could be a virus or trojan again. All three processes are important Windows system processes and should not be terminated.
Related posts:
Batch Kill Processes with Kill ProcessFport Maps Ports To Applications
Increase Windows Stability
Reset the Windows Firewall
Computer Virus Effect Remover
Task Manager Replacement
First Trojan using Sony DRM spotted
Process Lasso a Process Manager
11 Responses to “csrss.exe, smss.exe and lsass.exe”
Trackbacks/Pingbacks
-
[...] 原文链接。 [...]
smss.exe is also responsible for running services.exe, which of course in turn, is responsible for all services running on your computer.
Sorry dude but this was a totally half-assed post. If you aspire to tell people what these processes are actually doing (even if briefly) then don’t just tell us their full names and repeat the same line (not in system32 = trojan) THREE times in a 10 line post. No point bringing up a topic if you have to end up dodging around it.
To summarize, don’t mess with any of them unless they arent’ located in C:\Windows\System32. :)
I found this file smss.exe not only in System32 but also found in Windowmedia/Skin or smt like that ! Do u think it would be Trojan or Virus ?
It is most likely a virus or trojan. Try scanning it with virustotal.com or download a virus scanner like AVG or Antivir and check it with them.
HI , i am found this file smss.exe it is system32 but it is also found system32\dllcache. it would be trojan or virus….
system32\dllcache is used to store system copies/backups of windows dll’s. sfc (System File Checker) uses this to replace system dll’s that get corrupted, deleted, renamed, or otherwise removed. If you suspect your system files have been tampered with – at the cmd prompt, type: sfc /scannow
hello,i am getting problem with the smss.exe,crss.exe and winlogon.exe it is located in my system32 directory i can’t do anything, every time i delete the file windows notify denied. please send me your update. thank you.
Yogesh:
If those are inside the system32 folder do NOT erase them. they are needed to run windows and you wont be able to erase them.
One thing that must be said is that even with a file being in the system32 dir does not mean its NOT a virus. Make suer your antivirus scanner AND a anti malware/spyware program are updated and running. AVG internet program is great since it covers both virus and malware protection.
well guess what.
to me its a frigin virus with fancy names.
cause i gon on my comp wich is fine and any other well runing comp and i never say any of those 3 process.
a process that is exe runned under a username.(not local or system) that pretend to be undeletable is a trojan, virus to me.
the way it work is you can not delete a single one
you need to delete all at the same time
dont’ forget one or lese your comp wont boot
not completly
. cheers