The difference is that the worm files would be in
%windir%\smss.exe - i.e. it would be C:\Windows\smss.exe in your case.

The real system files are located in
%sysdir%\smss.exe, i.e. exactly where you have them: C:\Windows\System32\smss.exe.