Windows 7 - SBAMSvc.exe problem
Asked By TRCSr on 13-Mar-09 12:02 AM
WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging my
CPU time. Periodically everything slows down to a crawl and if I open the
Task Manager I find this program taking anywhere from 10% to 90% of the CPU
time. Does anybody know what this program is and if I can delete it? I
Googled it and apparently there are a lot of others with the same question,
but did not find any answers.
Thanks.
TRCSr
1PW replied on 13-Mar-09 12:20 AM
On 03/12/2009 09:02 PM, TRCSr sent:
Do you have Sunbelt Software's Vipre or any other of their products
installed and running?
Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
TRCSr replied on 13-Mar-09 11:01 AM
As far as I know I do not have Vipre. I don't even know what that program
is. I have Avanquest SystemSuite and that is all. This problem did seem to
start after I upgraded SystemSuite to Ver. 9. I cannot get any response from
Avanquest on this or other problems with their program. Is Vipre maybe
something of theirs?
Thanks
JS replied on 13-Mar-09 12:02 PM
Do you have an AV app named "CounterSpy"
--
JS
http://www.pagestart.com
Twayne replied on 13-Mar-09 12:07 PM
Here's what Bill P Stucios has to say about it:
So it either is, or was, installed from the look of it. "Safe" means
not known to be part of a malware load and the cpu max out is mentioend
too:
------------------
Vipre Antivirus + Antispyware - SBAMSVC.EXE
Sbamsvc.exe installs with Vipre Antivirus + Antispyware from Sunbelt
Software. Vipre is described by the author as follows: "Vipre combines
antivirus, antispyware, anti-rootkit, anti-malware and other security
technologies into a seamless, tightly-integrated security solution." It
is intended as a replacement for CounterSpy AntiSpyware. You'll find
more information at
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/.
If you use this program, you'll want to leave this file in place.
Sbamsvc.exe is the main scanning engine. Some users have complained that
this file uses up to 100% of their CPU resources. Sunbelt recommends
upgrading to the latest available version.
a.. Safe
Sunbelt Software
-----------------
HTH,
Twayne
TRCSr replied on 13-Mar-09 01:10 PM
I do not knowingly have the AV app "CounterSpy" and neither Vipre or that
program shows up in the Add/Remove programs list.
TRCSr
Jim replied on 13-Mar-09 03:57 PM
http://getsatisfaction.com/sunbeltsoftware/topics/sbamsvc_exe_causing_100_cpu_utilization
1PW replied on 13-Mar-09 08:30 PM
On 03/12/2009 09:02 PM, TRCSr sent:
1) Do a search for, and then reply to this thread with the precise and
complete pathname to SBAMSvc.exe
2) Please upload the SBAMSvc.exe file to:
3) When Virus Total has rendered an analysis, please copy/paste the
report to this thread.
4) Was your system pre-built and purchased with Windows and other software?
5) Would a prior owner/user/computer tech have installed any after
market applications for you?
Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
TRCSr replied on 13-Mar-09 10:23 PM
Thank you for the suggestion/request. I have myself in quite a pickle at the
moment. Since the program was a part of the Vipre AV system, I thought that
if I loaded the Vipre program and then uninstalled it, it would solve the
problem. However, all that did was make things worse. The uninstall did not
work (it hung up about 3/4 the way through) so I tried a re-install and that
doesn't work because it is apparently looking for some files that it had
already removed. So, when I boot up it starts the install program and then
hangs because it can't find some files, I guess. Anyhow, while trying to do
anything else with the computer I keep getting interrupted with these Window
Installer windows (Preparing to Install) that pop up and I have to cancel
out. Each time that happens the installer windows pop up 3 or 4 times then
rests for a while, then come back, etc. Is there anyway to find out what is
being loaded at bootup that I can cancel out this mess?
Thanks.
TRCSr replied on 13-Mar-09 10:25 PM
Sorry, I forgot to complete the answer to your questions. I purchased this
computer new with WinXP Home installed.
Jim replied on 14-Mar-09 09:29 AM
Helps to clean uninstall/install
http://support.microsoft.com/kb/290301
TRCSr replied on 14-Mar-09 04:56 PM
Here are the results from VirusTotal
File SBAMSvc.exe received on 03.03.2009 20:20:22 (CET)
Current status: finished
Result: 0/39 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.03 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.03 -
Authentium 5.1.0.4 2009.03.03 -
Avast 4.8.1335.0 2009.03.03 -
AVG 8.0.0.237 2009.03.03 -
BitDefender 7.2 2009.03.03 -
CAT-QuickHeal 10.00 2009.03.03 -
ClamAV 0.94.1 2009.03.03 -
Comodo 1021 2009.03.03 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.03 -
eTrust-Vet 31.6.6381 2009.03.03 -
F-Prot 4.4.4.56 2009.03.03 -
F-Secure 8.0.14470.0 2009.03.03 -
Fortinet 3.117.0.0 2009.03.03 -
GData 19 2009.03.03 -
Ikarus T3.1.1.45.0 2009.03.03 -
K7AntiVirus 7.10.656 2009.03.03 -
Kaspersky 7.0.0.125 2009.03.03 -
McAfee 5542 2009.03.03 -
McAfee+Artemis 5542 2009.03.03 -
Microsoft 1.4306 2009.03.03 -
NOD32 3905 2009.03.03 -
Norman 6.00.06 2009.03.03 -
nProtect 2009.1.8.0 2009.03.03 -
Panda 10.0.0.10 2009.03.03 -
PCTools 4.4.2.0 2009.03.03 -
Prevx1 V2 2009.03.03 -
Rising 21.19.11.00 2009.03.03 -
SecureWeb-Gateway 6.7.6 2009.03.03 -
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 -
Symantec 10 2009.03.03 -
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.03 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.3.1632 2009.03.03 -
VirusBuster 4.5.11.0 2009.03.03 -
Additional information
File size: 886056 bytes
MD5...: 2124a1b885cec34611a01151ebb6b402
SHA1..: 4f1e1c38d51a4a94921b8a854b12a2151cb94d89
SHA256: 48ec3c6f34749d6d645823ebf7f2f1dcf964b5dce98665d4a1353d1f54a36186
SHA512: b3ddf90b45c2d036a1e4a7f61435b2dbe1415429ac0f44790a470a3f39e7e2f3
1cf2a21d1254b5283795f9f98c4b68206afe6115f284b0513390cf54dfad0eb5
ssdeep: 12288:HUkpqcm58HTYU9WnwI/zCNaaCau4znBI4:HUkpqcm58HTYtnvOUaCKznBx
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x653e7
timedatestamp.....: 0x49075efe (Tue Oct 28 18:50:38 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x813dc 0x82000 6.56 c70fd2e1da874321b8428d4eb0d7f65e
.rdata 0x83000 0x4aaae 0x4b000 3.94 be42abac2ef4f6cf45b0f1405278d084
.data 0xce000 0x77a8 0x5000 5.05 36b6738017a7b5c875b770997d13c7bd
.rsrc 0xd6000 0x3fa0 0x4000 5.56 0a5b54cc956ce35e1357d67420f06f82
( 17 imports )
( 0 exports )
ThreatExpert info:
http://www.threatexpert.com/report.aspx?md5=2124a1b885cec34611a01151ebb6b402
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec
Sistemas. There are no guarantees about the availability and continuity of
this service. Although the detection rate