I keep trying to repair it with Avast, but every 5 minutes or so Im getting a pop-up warning me of it. What's the deal?

I think you have to repair in safe mode or something.

It would help to know what virus Avast is listing the smss.exe file as. It could be an Rbot variant (Rbot-AJO or Rbot-AT) or Gismo-A. The cleaning of any of the above is not too difficult however the process is different for each as each has creates different entries in the registry.

Also I would recommend against using Avast. From looking at their website they are listing MyDoom and Bagle as latest threats. Both of which are over a year old, in the virus world their ancient and should not be considered as latest threats. I'd have serious questions on their ability to handle the real latest threats effectively. I'd recommend a product from one of the major vendors Trend Micro, Symantec (Norton) or McAfee. I work for an anti-virus vendor so I can't recommend a specific one (we make corporate only av which is why my product isn't listed). Just know that the major vendors have the facilities and the staff to provide updates as soon as possible. Choose one that has recent awards from ICSA Labs http://www.icsalabs.com, West Coast Labs http://www.westcoastlabs.org, and Virus Bulletin http://virusbtn.com. And if response time is important, and it should be, you can compare vendors responses to latest threats at www.secunia.com (http://www.secunia.com) (you'll find my company in there as the most responsive but as I said we don't sell into the consumer market)

Let me know what virus Avast is listing SSMS.exe as being infected with and I'll be happy to help you clean it up.

I deleted it when I moved it into the virus chest. Is this bad?

Deleted what? The file or the message telling you what it is?

Ok, some clarification.. it's SMSS.exe.

Im not for sure what specific trojan it found it as, because I moved it to the chest and deleted it from there. However, it's still running in my process lists. I ran a search for 'smss' on my computer and I got six files.

C:\I386 EX_file
C:\I386\SYSTEM32 Application
C:\WINDOWS\I386 EX_file
C:\WINDOWS\system32 Application
C:\WINDOWS\I386\SYSTEM32 Application
C:\WINDOWS\ServicePackFiles\ Application

I ran a scan on every individial file and nothing came up this time. I had a SMSS.exe program allowed to run in my firewall but for pre-caution I diasbled it for now.

Ahh smss.exe big difference. SMSS is the Session Manager Subsystem this is a Windows application and is an important piece of code. However there are a couple of Trojans that drop a file with the same name when they execute. The location is typically what is important. It belongs in Windows\system32. Other places are okay, specifically c:\i386 as this is where OS install files are stored. Same with ServicePack directories. I'd recommend running a scan with another AV vendor just to be safe. To the best of my knoledge smss.exe does not need to have network access as it handles things like system startup and shutdown, so it shouldn't have been allowed to have access via the firewall. You can run a free scan without installing software over at trend-micro's website http://housecall.trendmicro.com/

I'm leaving my office now but I'll check when I get home. Let me know what you find if anything. You may have resolved it already (to cure a trojan instance all you have to do is delete the offending file and remove any entry in the registry that calls it to start on system start if one exists).

Thanks for all your help. I actually just ran house call and everything is alright. Im still pretty worried though. I remember since Ive had this computer, a SMSS.exe type program asked for internet access and I gave access under my firewall. This was.. maybe a year ago? I hate to say that Im making this up, but I do kinda remember it asking, and it was along time ago. When I went to program control in my firewall it had access to the internet so surely I gave it along time ago.

However, this is the first time Ive ever had a message from an anti-virus program showing that SMSS.exe contained some trojan name. It freaked me out because I had just used my debit card to deposit some money into Paypal about 5 minutes before then. Im going to shut down and do a scan in safe mode just to be sure. But again, thanks for the help.

No worries. I figure I've been lurking for a year now and don't consider myself skilled enough in poker to give advice, I might as well help out with what I do know /images/graemlins/smile.gif