Windows 7 - SBAMSvc.exe problem

Asked By TRCSr on 13-Mar-09 12:02 AM
WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging my
CPU time. Periodically everything slows down to a crawl and if I open the
Task Manager I find this program taking anywhere from 10% to 90% of the CPU
time. Does anybody know what this program is and if I can delete it? I
Googled it and apparently there are a lot of others with the same question,
but did not find any answers.

Thanks.

TRCSr




1PW replied on 13-Mar-09 12:20 AM
On 03/12/2009 09:02 PM, TRCSr sent:

Do you have Sunbelt Software's Vipre or any other of their products
installed and running?

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
TRCSr replied on 13-Mar-09 11:01 AM
As far as I know I do not have Vipre. I don't even know what that program
is. I have Avanquest SystemSuite and that is all. This problem did seem to
start after I upgraded SystemSuite to Ver. 9. I cannot get any response from
Avanquest on this or other problems with their program. Is Vipre maybe
something of theirs?

Thanks
JS replied on 13-Mar-09 12:02 PM
Do you have an AV app named "CounterSpy"

--
JS
http://www.pagestart.com
Twayne replied on 13-Mar-09 12:07 PM
Here's what Bill P Stucios has to say about it:

So it either is, or was, installed from the look of it.  "Safe" means
not known to be part of a malware load and the cpu max out is mentioend
too:
------------------
Vipre Antivirus + Antispyware - SBAMSVC.EXE

Sbamsvc.exe installs with Vipre Antivirus + Antispyware from Sunbelt
Software. Vipre is described by the author as follows: "Vipre combines
antivirus, antispyware, anti-rootkit, anti-malware and other security
technologies into a seamless, tightly-integrated security solution." It
is intended as a replacement for CounterSpy AntiSpyware. You'll find
more information at
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/.

If you use this program, you'll want to leave this file in place.
Sbamsvc.exe is the main scanning engine. Some users have complained that
this file uses up to 100% of their CPU resources. Sunbelt recommends
upgrading to the latest available version.


a.. Safe

Sunbelt Software
-----------------

HTH,

Twayne
TRCSr replied on 13-Mar-09 01:10 PM
I do not knowingly have the AV app "CounterSpy" and neither Vipre or that
program shows up in the Add/Remove programs list.

TRCSr
Jim replied on 13-Mar-09 03:57 PM
http://getsatisfaction.com/sunbeltsoftware/topics/sbamsvc_exe_causing_100_cpu_utilization
1PW replied on 13-Mar-09 08:30 PM
On 03/12/2009 09:02 PM, TRCSr sent:

1) Do a search for, and then reply to this thread with the precise and
complete pathname to SBAMSvc.exe

2) Please upload the SBAMSvc.exe file to:


3) When Virus Total has rendered an analysis, please copy/paste the
report to this thread.

4) Was your system pre-built and purchased with Windows and other software?

5) Would a prior owner/user/computer tech have installed any after
market applications for you?

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
TRCSr replied on 13-Mar-09 10:23 PM
Thank you for the suggestion/request. I have myself in quite a pickle at the
moment. Since the program was a part of the Vipre AV system, I thought that
if I loaded the Vipre program and then uninstalled it, it would solve the
problem. However, all that did was make things worse. The uninstall did not
work (it hung up about 3/4 the way through) so I tried a re-install and that
doesn't work because it is apparently looking for some files that it had
already removed. So, when I boot up it starts the install program and then
hangs because it can't find some files, I guess. Anyhow, while trying to do
anything else with the computer I keep getting interrupted with these Window
Installer windows (Preparing to Install) that pop up and I have to cancel
out. Each time that happens the installer windows pop up 3 or 4 times then
rests for a while, then come back, etc. Is there anyway to find out what is
being loaded at bootup that I can cancel out this mess?

Thanks.
TRCSr replied on 13-Mar-09 10:25 PM
Sorry, I forgot to complete the answer to your questions. I purchased this
computer new with WinXP Home installed.
Jim replied on 14-Mar-09 09:29 AM
Helps to clean uninstall/install
http://support.microsoft.com/kb/290301
TRCSr replied on 14-Mar-09 04:56 PM
Here are the results from VirusTotal
File SBAMSvc.exe received on 03.03.2009 20:20:22 (CET)
Current status: finished
Result: 0/39 (0.00%)
Compact Compact
Print results Print results
Antivirus 	Version 	Last Update 	Result
a-squared 	4.0.0.101 	2009.03.03 	-
AhnLab-V3 	5.0.0.2 	2009.02.27 	-
AntiVir 	7.9.0.98 	2009.03.03 	-
Authentium 	5.1.0.4 	2009.03.03 	-
Avast 	4.8.1335.0 	2009.03.03 	-
AVG 	8.0.0.237 	2009.03.03 	-
BitDefender 	7.2 	2009.03.03 	-
CAT-QuickHeal 	10.00 	2009.03.03 	-
ClamAV 	0.94.1 	2009.03.03 	-
Comodo 	1021 	2009.03.03 	-
DrWeb 	4.44.0.09170 	2009.03.03 	-
eSafe 	7.0.17.0 	2009.03.03 	-
eTrust-Vet 	31.6.6381 	2009.03.03 	-
F-Prot 	4.4.4.56 	2009.03.03 	-
F-Secure 	8.0.14470.0 	2009.03.03 	-
Fortinet 	3.117.0.0 	2009.03.03 	-
GData 	19 	2009.03.03 	-
Ikarus 	T3.1.1.45.0 	2009.03.03 	-
K7AntiVirus 	7.10.656 	2009.03.03 	-
Kaspersky 	7.0.0.125 	2009.03.03 	-
McAfee 	5542 	2009.03.03 	-
McAfee+Artemis 	5542 	2009.03.03 	-
Microsoft 	1.4306 	2009.03.03 	-
NOD32 	3905 	2009.03.03 	-
Norman 	6.00.06 	2009.03.03 	-
nProtect 	2009.1.8.0 	2009.03.03 	-
Panda 	10.0.0.10 	2009.03.03 	-
PCTools 	4.4.2.0 	2009.03.03 	-
Prevx1 	V2 	2009.03.03 	-
Rising 	21.19.11.00 	2009.03.03 	-
SecureWeb-Gateway 	6.7.6 	2009.03.03 	-
Sophos 	4.39.0 	2009.03.03 	-
Sunbelt 	3.2.1858.2 	2009.03.02 	-
Symantec 	10 	2009.03.03 	-
TheHacker 	6.3.2.6.269 	2009.03.02 	-
TrendMicro 	8.700.0.1004 	2009.03.03 	-
VBA32 	3.12.10.1 	2009.03.03 	-
ViRobot 	2009.3.3.1632 	2009.03.03 	-
VirusBuster 	4.5.11.0 	2009.03.03 	-
Additional information
File size: 886056 bytes
MD5...: 2124a1b885cec34611a01151ebb6b402
SHA1..: 4f1e1c38d51a4a94921b8a854b12a2151cb94d89
SHA256: 48ec3c6f34749d6d645823ebf7f2f1dcf964b5dce98665d4a1353d1f54a36186
SHA512: b3ddf90b45c2d036a1e4a7f61435b2dbe1415429ac0f44790a470a3f39e7e2f3
1cf2a21d1254b5283795f9f98c4b68206afe6115f284b0513390cf54dfad0eb5
ssdeep: 12288:HUkpqcm58HTYU9WnwI/zCNaaCau4znBI4:HUkpqcm58HTYtnvOUaCKznBx
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x653e7
timedatestamp.....: 0x49075efe (Tue Oct 28 18:50:38 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x813dc 0x82000 6.56 c70fd2e1da874321b8428d4eb0d7f65e
.rdata 0x83000 0x4aaae 0x4b000 3.94 be42abac2ef4f6cf45b0f1405278d084
.data 0xce000 0x77a8 0x5000 5.05 36b6738017a7b5c875b770997d13c7bd
.rsrc 0xd6000 0x3fa0 0x4000 5.56 0a5b54cc956ce35e1357d67420f06f82

( 17 imports )

( 0 exports )
ThreatExpert info:
http://www.threatexpert.com/report.aspx?md5=2124a1b885cec34611a01151ebb6b402

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec
Sistemas. There are no guarantees about the availability and continuity of
this service. Although the detection rate