Windows 7 - SBAMSvc.exe problem

Asked By TRCSr on 13-Mar-09 12:02 AM
WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging my
CPU time. Periodically everything slows down to a crawl and if I open the
Task Manager I find this program taking anywhere from 10% to 90% of the CPU
time. Does anybody know what this program is and if I can delete it? I
Googled it and apparently there are a lot of others with the same question,
but did not find any answers.



1PW replied on 13-Mar-09 12:20 AM
On 03/12/2009 09:02 PM, TRCSr sent:

Do you have Sunbelt Software's Vipre or any other of their products
installed and running?

1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
TRCSr replied on 13-Mar-09 11:01 AM
As far as I know I do not have Vipre. I don't even know what that program
is. I have Avanquest SystemSuite and that is all. This problem did seem to
start after I upgraded SystemSuite to Ver. 9. I cannot get any response from
Avanquest on this or other problems with their program. Is Vipre maybe
something of theirs?

JS replied on 13-Mar-09 12:02 PM
Do you have an AV app named "CounterSpy"

Twayne replied on 13-Mar-09 12:07 PM
Here's what Bill P Stucios has to say about it:

So it either is, or was, installed from the look of it.  "Safe" means
not known to be part of a malware load and the cpu max out is mentioend
Vipre Antivirus + Antispyware - SBAMSVC.EXE

Sbamsvc.exe installs with Vipre Antivirus + Antispyware from Sunbelt
Software. Vipre is described by the author as follows: "Vipre combines
antivirus, antispyware, anti-rootkit, anti-malware and other security
technologies into a seamless, tightly-integrated security solution." It
is intended as a replacement for CounterSpy AntiSpyware. You'll find
more information at

If you use this program, you'll want to leave this file in place.
Sbamsvc.exe is the main scanning engine. Some users have complained that
this file uses up to 100% of their CPU resources. Sunbelt recommends
upgrading to the latest available version.

a.. Safe

Sunbelt Software


TRCSr replied on 13-Mar-09 01:10 PM
I do not knowingly have the AV app "CounterSpy" and neither Vipre or that
program shows up in the Add/Remove programs list.

Jim replied on 13-Mar-09 03:57 PM
1PW replied on 13-Mar-09 08:30 PM
On 03/12/2009 09:02 PM, TRCSr sent:

1) Do a search for, and then reply to this thread with the precise and
complete pathname to SBAMSvc.exe

2) Please upload the SBAMSvc.exe file to:

3) When Virus Total has rendered an analysis, please copy/paste the
report to this thread.

4) Was your system pre-built and purchased with Windows and other software?

5) Would a prior owner/user/computer tech have installed any after
market applications for you?

1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
TRCSr replied on 13-Mar-09 10:23 PM
Thank you for the suggestion/request. I have myself in quite a pickle at the
moment. Since the program was a part of the Vipre AV system, I thought that
if I loaded the Vipre program and then uninstalled it, it would solve the
problem. However, all that did was make things worse. The uninstall did not
work (it hung up about 3/4 the way through) so I tried a re-install and that
doesn't work because it is apparently looking for some files that it had
already removed. So, when I boot up it starts the install program and then
hangs because it can't find some files, I guess. Anyhow, while trying to do
anything else with the computer I keep getting interrupted with these Window
Installer windows (Preparing to Install) that pop up and I have to cancel
out. Each time that happens the installer windows pop up 3 or 4 times then
rests for a while, then come back, etc. Is there anyway to find out what is
being loaded at bootup that I can cancel out this mess?

TRCSr replied on 13-Mar-09 10:25 PM
Sorry, I forgot to complete the answer to your questions. I purchased this
computer new with WinXP Home installed.
Jim replied on 14-Mar-09 09:29 AM
Helps to clean uninstall/install
TRCSr replied on 14-Mar-09 04:56 PM
Here are the results from VirusTotal
File SBAMSvc.exe received on 03.03.2009 20:20:22 (CET)
Current status: finished
Result: 0/39 (0.00%)
Compact Compact
Print results Print results
Antivirus 	Version 	Last Update 	Result
a-squared 	2009.03.03 	-
AhnLab-V3 	2009.02.27 	-
AntiVir 	2009.03.03 	-
Authentium 	2009.03.03 	-
Avast 	4.8.1335.0 	2009.03.03 	-
AVG 	2009.03.03 	-
BitDefender 	7.2 	2009.03.03 	-
CAT-QuickHeal 	10.00 	2009.03.03 	-
ClamAV 	0.94.1 	2009.03.03 	-
Comodo 	1021 	2009.03.03 	-
DrWeb 	2009.03.03 	-
eSafe 	2009.03.03 	-
eTrust-Vet 	31.6.6381 	2009.03.03 	-
F-Prot 	2009.03.03 	-
F-Secure 	8.0.14470.0 	2009.03.03 	-
Fortinet 	2009.03.03 	-
GData 	19 	2009.03.03 	-
Ikarus 	T3. 	2009.03.03 	-
K7AntiVirus 	7.10.656 	2009.03.03 	-
Kaspersky 	2009.03.03 	-
McAfee 	5542 	2009.03.03 	-
McAfee+Artemis 	5542 	2009.03.03 	-
Microsoft 	1.4306 	2009.03.03 	-
NOD32 	3905 	2009.03.03 	-
Norman 	6.00.06 	2009.03.03 	-
nProtect 	2009.1.8.0 	2009.03.03 	-
Panda 	2009.03.03 	-
PCTools 	2009.03.03 	-
Prevx1 	V2 	2009.03.03 	-
Rising 	2009.03.03 	-
SecureWeb-Gateway 	6.7.6 	2009.03.03 	-
Sophos 	4.39.0 	2009.03.03 	-
Sunbelt 	3.2.1858.2 	2009.03.02 	-
Symantec 	10 	2009.03.03 	-
TheHacker 	2009.03.02 	-
TrendMicro 	8.700.0.1004 	2009.03.03 	-
VBA32 	2009.03.03 	-
ViRobot 	2009.3.3.1632 	2009.03.03 	-
VirusBuster 	2009.03.03 	-
Additional information
File size: 886056 bytes
MD5...: 2124a1b885cec34611a01151ebb6b402
SHA1..: 4f1e1c38d51a4a94921b8a854b12a2151cb94d89
SHA256: 48ec3c6f34749d6d645823ebf7f2f1dcf964b5dce98665d4a1353d1f54a36186
SHA512: b3ddf90b45c2d036a1e4a7f61435b2dbe1415429ac0f44790a470a3f39e7e2f3
ssdeep: 12288:HUkpqcm58HTYU9WnwI/zCNaaCau4znBI4:HUkpqcm58HTYtnvOUaCKznBx
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x653e7
timedatestamp.....: 0x49075efe (Tue Oct 28 18:50:38 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x813dc 0x82000 6.56 c70fd2e1da874321b8428d4eb0d7f65e
.rdata 0x83000 0x4aaae 0x4b000 3.94 be42abac2ef4f6cf45b0f1405278d084
.data 0xce000 0x77a8 0x5000 5.05 36b6738017a7b5c875b770997d13c7bd
.rsrc 0xd6000 0x3fa0 0x4000 5.56 0a5b54cc956ce35e1357d67420f06f82

( 17 imports )

( 0 exports )
ThreatExpert info:

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec
Sistemas. There are no guarantees about the availability and continuity of
this service. Although the detection rate