win32:malware-gen on smss.exe

Hi,
I keep getting Avast notifications on the file smss.exe located in C:\Users<my user>\AppData\Local\Temp~temp\aiunml60
I keep deleting and it keep coming back.
I scanned it in VT (thank you guys for instructions!!) and received this report.
Any idea how to get rid of it?
Thank you for your help!!

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.07 Trojan-Mailfinder!IK
AhnLab-V3 5.0.0.2 2009.12.07 -
AntiVir 7.9.1.102 2009.12.07 -
Antiy-AVL 2.0.3.7 2009.12.07 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.06 Win32:Malware-gen
AVG 8.5.0.426 2009.12.07 -
BitDefender 7.2 2009.12.07 -
CAT-QuickHeal 10.00 2009.12.07 TrojanMailfinder.Blen.lu
ClamAV 0.94.1 2009.12.07 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.07 -
eSafe 7.0.17.0 2009.12.07 Win32.TrojanHorst
eTrust-Vet 35.1.7162 2009.12.07 -
F-Prot 4.5.1.85 2009.12.07 -
F-Secure 9.0.15370.0 2009.12.07 -
Fortinet 4.0.14.0 2009.12.07 -
GData 19 2009.12.07 Win32:Malware-gen
Ikarus T3.1.1.74.0 2009.12.07 Trojan-Mailfinder
Jiangmin 13.0.900 2009.12.02 TrojanSpy.Blen.f
K7AntiVirus 7.10.913 2009.12.07 -
Kaspersky 7.0.0.125 2009.12.07 -
McAfee 5825 2009.12.07 -
McAfee+Artemis 5825 2009.12.07 Artemis!8BE5448C861F
McAfee-GW-Edition 6.8.5 2009.12.07 Heuristic.LooksLike.Trojan.Mail.Blen.I
Microsoft 1.5302 2009.12.07 Trojan:Win32/Horst.gen!B
NOD32 4667 2009.12.07 -
Norman 6.03.02 2009.12.07 -
nProtect 2009.1.8.0 2009.12.07 Trojan/W32.Blen.512000.K
Panda 10.0.2.2 2009.12.06 Generic Trojan
PCTools 7.0.3.5 2009.12.07 -
Rising 22.25.00.09 2009.12.07 -
Sophos 4.48.0 2009.12.07 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.12.06 -
Symantec 1.4.4.12 2009.12.07 -
TheHacker 6.5.0.2.086 2009.12.05 -
TrendMicro 9.100.0.1001 2009.12.07 -
VBA32 3.12.12.0 2009.12.07 -
ViRobot 2009.12.7.2074 2009.12.07 -
VirusBuster 5.0.21.0 2009.12.07 -
Additional information
File size: 512000 bytes
MD5…: 8be5448c861fdb2ac658d22562ab1265
SHA1…: f7bc0ed80277910bb755d7679ebf2743e0e69ba2
SHA256: 66988529c7a9ada1abc1e2e44cc382839c6c660194e32c5d78c7b8a64e081c00
ssdeep: 12288:ynH1m56ZSG/AAcDtj1afYGCv3AvUhEQtA0EP:AH1m5cVIAcDtAfYlvwchE
QG
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2cba2
timedatestamp…: 0x4b1bf81b (Sun Dec 06 18:29:47 2009)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x58df0 0x59000 6.56 7eb914ffaa74da71f49eeac5b410ebb1
.rdata 0x5a000 0x147ba 0x15000 4.88 2f4c6b6bdcd0c916a7fcb0c3bb55563b
.data 0x6f000 0x60f4 0x3000 3.90 992f9010140f547bb00385f432c122a6
.rsrc 0x76000 0xaa58 0xb000 5.04 81d2d5025a95029b13f5405c35a62253

(cont on next post)

If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

Now if these make any detections on files not detected by avast, I would suggest uploading to VirusTotal for confirmation and if multiple scanners detect the file as malware, send a sample to avast, see ~~~~ below, before allowing the program to deal with it.

Send the sample to [b]virus@avast.com[/b] zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject. 
 
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there. [i]A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that[/i]. 
 
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Thanks. I already downloaded and installed Malwarebytes. It did find 2 problematic files, but they were fixed and no longer reported.
I still keep getting the avast notifications.
SAS did not find any problems.

Any additional ideas? I am freaking out…

PS windows 7 on thinkpad X300

But what were the file names, malware name and locations, you can post the log file. That may provide some information to help identify what else may have been there.

Are you just using the win7 firewall ?
If so I don’t know if that has outbound protection enabled by default, and I would ensure that that file is denied outbound connections.

What should be enabled in my firewall?
Inbound and outbound connections to which file?

The inbound and outbound connections^^

-AnimeLover^^

I don’t know exactly as I don’t use win7 so its firewall settings are a mystery to me.

You could use Windows 7 Firewall Control:
http://www.sphinx-soft.com/Vista

Its very chatty until it learns all the things that should or should not be permitted.

Kaspersky now detects this virus.You could try using there rescue disk. The link provides a download link and instructions. You will need to burn the iso as an image, there is also a link to imgburn and instructions.
Hopefully your pc is set to boot from cd, its worth a try
Study any findings very carefully before taking any action

http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/