SBAMSvc.exe problem

[TRCSr]

WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging my
CPU time. Periodically everything slows down to a crawl and if I open the
Task Manager I find this program taking anywhere from 10% to 90% of the CPU
time. Does anybody know what this program is and if I can delete it? I
Googled it and apparently there are a lot of others with the same question,
but did not find any answers.

Thanks.

TRCSr

 

[1PW]

WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging
my CPU time. Periodically everything slows down to a crawl and if I open
the Task Manager I find this program taking anywhere from 10% to 90% of
the CPU time. Does anybody know what this program is and if I can delete
it? I Googled it and apparently there are a lot of others with the same
question, but did not find any answers.

Thanks.

TRCSr

Do you have Sunbelt Software's Vipre or any other of their products
installed and running?

Pete

 

[TRCSr]

As far as I know I do not have Vipre. I don't even know what that program
is. I have Avanquest SystemSuite and that is all. This problem did seem to
start after I upgraded SystemSuite to Ver. 9. I cannot get any response from
Avanquest on this or other problems with their program. Is Vipre maybe
something of theirs?

Thanks

 

[JS]

Do you have an AV app named "CounterSpy"

 

[Twayne]

Do you have Sunbelt Software's Vipre or any other of their products
installed and running?

Pete

Here's what Bill P Stucios has to say about it:

So it either is, or was, installed from the look of it. "Safe" means
not known to be part of a malware load and the cpu max out is mentioend
too:
------------------
Vipre Antivirus + Antispyware - SBAMSVC.EXE

Sbamsvc.exe installs with Vipre Antivirus + Antispyware from Sunbelt
Software. Vipre is described by the author as follows: "Vipre combines
antivirus, antispyware, anti-rootkit, anti-malware and other security
technologies into a seamless, tightly-integrated security solution." It
is intended as a replacement for CounterSpy AntiSpyware. You'll find
more information at
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/.

If you use this program, you'll want to leave this file in place.
Sbamsvc.exe is the main scanning engine. Some users have complained that
this file uses up to 100% of their CPU resources. Sunbelt recommends
upgrading to the latest available version.


a.. Safe

Sunbelt Software

 

[TRCSr]

I do not knowingly have the AV app "CounterSpy" and neither Vipre or that
program shows up in the Add/Remove programs list.

TRCSr

 

[Jim]

http://getsatisfaction.com/sunbeltsoftware/topics/sbamsvc_exe_causing_100_cpu_utilization

I do not knowingly have the AV app "CounterSpy" and neither Vipre or that
program shows up in the Add/Remove programs list.

TRCSr

 

[1PW]

WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging
my CPU time. Periodically everything slows down to a crawl and if I open
the Task Manager I find this program taking anywhere from 10% to 90% of
the CPU time. Does anybody know what this program is and if I can delete
it? I Googled it and apparently there are a lot of others with the same
question, but did not find any answers.

Thanks.

TRCSr

1) Do a search for, and then reply to this thread with the precise and
complete pathname to SBAMSvc.exe

2) Please upload the SBAMSvc.exe file to:

<http://www.virustotal.com/>

3) When Virus Total has rendered an analysis, please copy/paste the
report to this thread.

4) Was your system pre-built and purchased with Windows and other software?

5) Would a prior owner/user/computer tech have installed any after
market applications for you?

Pete

 

[TRCSr]

1) Do a search for, and then reply to this thread with the precise and
complete pathname to SBAMSvc.exe

2) Please upload the SBAMSvc.exe file to:

<http://www.virustotal.com/>

3) When Virus Total has rendered an analysis, please copy/paste the
report to this thread.

4) Was your system pre-built and purchased with Windows and other
software?

5) Would a prior owner/user/computer tech have installed any after
market applications for you?

Pete

Thank you for the suggestion/request. I have myself in quite a pickle at the
moment. Since the program was a part of the Vipre AV system, I thought that
if I loaded the Vipre program and then uninstalled it, it would solve the
problem. However, all that did was make things worse. The uninstall did not
work (it hung up about 3/4 the way through) so I tried a re-install and that
doesn't work because it is apparently looking for some files that it had
already removed. So, when I boot up it starts the install program and then
hangs because it can't find some files, I guess. Anyhow, while trying to do
anything else with the computer I keep getting interrupted with these Window
Installer windows (Preparing to Install) that pop up and I have to cancel
out. Each time that happens the installer windows pop up 3 or 4 times then
rests for a while, then come back, etc. Is there anyway to find out what is
being loaded at bootup that I can cancel out this mess?

Thanks.

 

[TRCSr]

1) Do a search for, and then reply to this thread with the precise and
complete pathname to SBAMSvc.exe

2) Please upload the SBAMSvc.exe file to:

<http://www.virustotal.com/>

3) When Virus Total has rendered an analysis, please copy/paste the
report to this thread.

4) Was your system pre-built and purchased with Windows and other
software?

5) Would a prior owner/user/computer tech have installed any after
market applications for you?

Pete

Sorry, I forgot to complete the answer to your questions. I purchased this
computer new with WinXP Home installed.

 

[Jim]

Helps to clean uninstall/install
http://support.microsoft.com/kb/290301

 

[TRCSr]

Helps to clean uninstall/install
http://support.microsoft.com/kb/290301

Here are the results from VirusTotal
File SBAMSvc.exe received on 03.03.2009 20:20:22 (CET)
Current status: finished
Result: 0/39 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.03 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.03 -
Authentium 5.1.0.4 2009.03.03 -
Avast 4.8.1335.0 2009.03.03 -
AVG 8.0.0.237 2009.03.03 -
BitDefender 7.2 2009.03.03 -
CAT-QuickHeal 10.00 2009.03.03 -
ClamAV 0.94.1 2009.03.03 -
Comodo 1021 2009.03.03 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.03 -
eTrust-Vet 31.6.6381 2009.03.03 -
F-Prot 4.4.4.56 2009.03.03 -
F-Secure 8.0.14470.0 2009.03.03 -
Fortinet 3.117.0.0 2009.03.03 -
GData 19 2009.03.03 -
Ikarus T3.1.1.45.0 2009.03.03 -
K7AntiVirus 7.10.656 2009.03.03 -
Kaspersky 7.0.0.125 2009.03.03 -
McAfee 5542 2009.03.03 -
McAfee+Artemis 5542 2009.03.03 -
Microsoft 1.4306 2009.03.03 -
NOD32 3905 2009.03.03 -
Norman 6.00.06 2009.03.03 -
nProtect 2009.1.8.0 2009.03.03 -
Panda 10.0.0.10 2009.03.03 -
PCTools 4.4.2.0 2009.03.03 -
Prevx1 V2 2009.03.03 -
Rising 21.19.11.00 2009.03.03 -
SecureWeb-Gateway 6.7.6 2009.03.03 -
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 -
Symantec 10 2009.03.03 -
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.03 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.3.1632 2009.03.03 -
VirusBuster 4.5.11.0 2009.03.03 -
Additional information
File size: 886056 bytes
MD5...: 2124a1b885cec34611a01151ebb6b402
SHA1..: 4f1e1c38d51a4a94921b8a854b12a2151cb94d89
SHA256: 48ec3c6f34749d6d645823ebf7f2f1dcf964b5dce98665d4a1353d1f54a36186
SHA512: b3ddf90b45c2d036a1e4a7f61435b2dbe1415429ac0f44790a470a3f39e7e2f3
1cf2a21d1254b5283795f9f98c4b68206afe6115f284b0513390cf54dfad0eb5
ssdeep: 12288:HUkpqcm58HTYU9WnwI/zCNaaCau4znBI4:HUkpqcm58HTYtnvOUaCKznBx
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x653e7
timedatestamp.....: 0x49075efe (Tue Oct 28 18:50:38 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
..text 0x1000 0x813dc 0x82000 6.56 c70fd2e1da874321b8428d4eb0d7f65e
..rdata 0x83000 0x4aaae 0x4b000 3.94 be42abac2ef4f6cf45b0f1405278d084
..data 0xce000 0x77a8 0x5000 5.05 36b6738017a7b5c875b770997d13c7bd
..rsrc 0xd6000 0x3fa0 0x4000 5.56 0a5b54cc956ce35e1357d67420f06f82

( 17 imports )

SpursDownload.dll: ThreatUpdate, ThreatUpdateViaProxy,
SetSpursLoggingCallback, GetNextVersionNumber, SpursProxyDownload,
SpursDownload, ProxyGetNextVersionNumber
SBSDKXML.dll: _GetNVCollectionFactory@0, _GetAPEventSettingsFactory@0,
_GetSystemEventSettingsFactory@0, _GetThreatEngineSettingsFactory@0,
_GetNVScanResultsFactory@0, _GetQuarantineFileFactory@0,
_GetQuarantineRecordFactory@0, _GetSoftwareUpdateSettingsFactory@0,
_GetDefinitionUpdateSettingsFactory@0, _GetWSCSettingsFactory@0,
_GetActiveProtectionSettingsFactory@0, _GetRegistrationSettingsFactory@0,
_GetEmailAVSettingsFactory@0, _GetServiceSettingsFactory@0,
_GetEmailAVEventSettingsFactory@0
SBTE.dll: SBCSSetQuarantineActionCallbackW, SBCSEnableAV,
SBCSEncryptFileW, SBCSCloseThreatEngine, SBCSRunScanner,
SBCSOpenThreatEngineW, SBCSDeleteThreatW, SBCSQuarantineFileW,
SBCSQuarantineFile2W, SBCSQuarantineBufferW, SBCSGetQuarantineRecordW,
SBCSGetQuarantineRecordSizeW, SBCSQueryQuarantineIDW,
SBCSUnquarantineThreatW, SBCSGetScannerResultsSizeW,
SBCSGetScannerResultsW, SBCSClearIgnoredThreats, SBCSQueryThreatDataW,
SBCSApplyDefinitionUpdateW, SBCSGetDefReleaseDateW, SBCSGetDefVersionW,
SBCSScanBuffer, SBCSSetLoggerCallbackW, SBCSRegisterBootTimeScanner,
SBCSUnRegisterBootTimeScanner, SBCSGetBootTimeRegistrationStatus,
SBCSSetCleanerProgressCallbackW, SBCSSetScanProgressStateCallback,
SBCSSetScanProgressDetailCallbackW, SBCSScanFileTrace,
SBCSGetFileSignatureW, SBCSPurgeQuarantine, SBCSAddPathToScanW,
SBCSClearPathsToScan, SBCSSetScanOption, SBCSSetScanDescriptionW,
SBCSSetLowRiskThreatDetection, SBCSResetScanOptions,
SBCSAddUserKnownEntity, SBCSClearUserKnownEntityList,
SBCSGetCleanerResultsW, SBCSGetCleanerResultsSizeW, SBCSRunCleanerW,
SBCSAddThreatCategoryActionW, SBCSClearThreatCategoryActions,
SBCSAddIgnoredThreat
sbap.dll: SBAPSetUserKnownEntityCallback, SBAPClearCache,
SBAPSetExtensionList, SBAPStartETW, SBAPStopETW, SBAPIsStarted,
SBAPSetMonitorAction, SBAPSetMonitorActive, SBAPSetPromptCallback,
SBAPSetNotifyCallback, SBAPSetReportCallback, SBAPSetLoggerCallback,
SBAPStop, SBAPIsETWRunning, SBAPUninstallDriver, SBAPStart
VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
WINHTTP.dll: WinHttpReadData, WinHttpSetCredentials,
WinHttpQueryAuthSchemes, WinHttpQueryHeaders, WinHttpReceiveResponse,
WinHttpSendRequest, WinHttpOpenRequest, WinHttpCloseHandle,
WinHttpConnect, WinHttpOpen, WinHttpQueryDataAvailable
SBArva.dll: -, -, -, -, -, -, -, -, -
WINMM.dll: timeGetTime
PSAPI.DLL: EmptyWorkingSet
KERNEL32.dll: GetStartupInfoW, IsDebuggerPresent,
SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess,
ExitThread, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect,
MoveFileW, RtlUnwind, HeapSize, HeapDestroy, GetThreadLocale,
GetLocaleInfoA, GetACP, SetEndOfFile, CreateFileA, GetDriveTypeA,
CompareStringW, CompareStringA, WriteConsoleW, GetConsoleOutputCP,
WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, LCMapStringA,
LCMapStringW, GetCPInfo, GetStringTypeA, GetStringTypeW, VirtualFree,
HeapCreate, ExitProcess, GetStdHandle, GetModuleFileNameA, TlsGetValue,
TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetOEMCP, IsValidCodePage,
GetTimeFormatA, GetDateFormatA, SetEnvironmentVariableA,
SetEnvironmentVariableW, FreeEnvironmentStringsA, GetEnvironmentStrings,
FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA,
SetHandleCount, GetFileType, GetLastError, CloseHandle, GetCurrentProcess,
CreateEventW, lstrlenW, WaitForSingleObject, RaiseException,
InitializeCriticalSection, DeleteCriticalSection, SizeofResource,
LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW,
GetModuleFileNameW, GetCurrentThread, Sleep, CreateThread,
GetModuleHandleW, GetCurrentThreadId, InterlockedIncrement,
InterlockedDecrement, SetEvent, FreeLibrary, MultiByteToWideChar,
LoadLibraryExW, GetCommandLineW, EnterCriticalSection,
LeaveCriticalSection, TerminateThread, FileTimeToSystemTime,
FileTimeToLocalFileTime, FlushFileBuffers, WriteFile, CreateFileW,
ReadFile, GetFileSize, DeleteFileW, FindClose, FindNextFileW,
FindFirstFileW, CopyFileW, CreateDirectoryW, SetThreadPriority,
GetTickCount, ResetEvent, WaitForMultipleObjects, SetThreadExecutionState,
GetThreadPriority, GetSystemPowerStatus, lstrlenA, GetProcAddress,
LoadLibraryW, FormatMessageW, LocalFree, GetUserDefaultLangID,
SetFileAttributesW, WideCharToMultiByte, SystemTimeToFileTime,
GetSystemTime, LocalFileTimeToFileTime, GetLocalTime,
GetTimeZoneInformation, GetVersionExW, ExpandEnvironmentStringsW,
OpenProcess, GetDriveTypeW, HeapFree, GetProcessHeap, HeapAlloc,
SetFilePointer, GetCurrentProcessId, QueryPerformanceCounter,
CancelWaitableTimer, CreateWaitableTimerW, SetWaitableTimer,
GetSystemDirectoryA, HeapReAlloc, LoadLibraryA, GetModuleHandleA,
GetVersionExA, ReleaseMutex, GetSystemTimeAsFileTime,
GetCurrentDirectoryA, InterlockedExchange, GetStartupInfoA,
GetFullPathNameW
USER32.dll: UnregisterClassA, TranslateMessage, DispatchMessageW,
GetMessageW, CharNextW, PostThreadMessageW, LoadStringW, CharUpperW,
MessageBoxW, GetSystemMetrics, PeekMessageW, MsgWaitForMultipleObjects
ADVAPI32.dll: GetTokenInformation, RegisterEventSourceW, ReportEventW,
DeregisterEventSource, InitializeSecurityDescriptor,
SetSecurityDescriptorDacl, OpenProcessToken, LookupPrivilegeValueW,
AdjustTokenPrivileges, RegOpenKeyExW, RegDeleteValueW, RegCloseKey,
CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegDeleteKeyW,
RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW,
CopySid, GetLengthSid, IsValidSid, SetSecurityDescriptorOwner,
SetSecurityDescriptorGroup, SetServiceStatus, CreateServiceW,
DeleteService, ControlService, RegEnumKeyExW, OpenThreadToken,
RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW,
ChangeServiceConfig2W, ChangeServiceConfigW, RevertToSelf,
CreateProcessAsUserW, ImpersonateLoggedOnUser, DuplicateTokenEx,
CryptDecrypt, CryptEncrypt, CryptReleaseContext, CryptDestroyHash,
CryptDestroyKey, CryptDeriveKey, CryptHashData, CryptCreateHash,
CryptAcquireContextW, FreeSid, EqualSid, AllocateAndInitializeSid,
RegCreateKeyW
SHELL32.dll: SHCreateDirectoryExW, SHGetFolderPathW
ole32.dll: OleRun, CoInitializeEx, CoDisconnectObject,
CoInitializeSecurity, CoCreateInstance, StringFromGUID2, CoTaskMemFree,
CoRegisterClassObject, CoRevokeClassObject, CoTaskMemRealloc,
CoTaskMemAlloc, CoUninitialize, CoInitialize
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
SHLWAPI.dll: PathFileExistsW, PathRemoveFileSpecW
WS2_32.dll: -, -, WSACloseEvent, WSASocketW, WSACreateEvent, -, -,
WSASend, -, -, -, -, -, -, -, WSAGetOverlappedResult,
WSAEnumNetworkEvents, -, WSAConnect, -, WSARecv, WSASetEvent,
WSAEventSelect, -, WSAResetEvent

( 0 exports )
ThreatExpert info:
http://www.threatexpert.com/report.aspx?md5=2124a1b885cec34611a01151ebb6b402

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec
Sistemas. There are no guarantees about the availability and continuity of
this service. Although the detection rate

 

[eddiebhenry]

I had the same problem with SystemSuite versions 9 and 10, which contains the SBAMSVC.exe service. I got rid of SBAMSVC by deleting all keys in the registry containing SBAMSVC, and the SBAM plugins for OUTLOOK. I also deleted all files on my computer with a SBAMSVC search. You may have to do this in windows safe mode, and may have to change the permissions on some of the registry keys, since they might be used at time of attempted deletion. After doing this and rebooting in normal windows you may have to go to component services to enable and restart the SystemSuite Task Manager service to start the SystemSuite firewall. After doing this I still have all of the funcitonality of SystemSuite without the annoying SBAMSVC.exe.

 

[eddiebhenry]

Same Problem with Avanquest but got rid of SBAMSVC

I had the same problem with SystemSuite versions 9 and 10, which contains the SBAMSVC.exe service. I got rid of SBAMSVC by deleting all keys in the registry containing SBAMSVC, and the SBAM plugins for OUTLOOK. I also deleted all files on my computer with a SBAMSVC search. You may have to do this in windows safe mode, and may have to change the permissions on some of the registry keys, since they might be used at time of attempted deletion. After doing this and rebooting in normal windows you may have to go to component services to enable and restart the SystemSuite Task Manager service to start the SystemSuite firewall. After doing this I still have all of the funcitonality of SystemSuite without the annoying SBAMSVC.exe.

As far as I know I do not have Vipre. I don't even know what that program
is. I have Avanquest SystemSuite and that is all. This problem did seem to
start after I upgraded SystemSuite to Ver. 9. I cannot get any response from
Avanquest on this or other problems with their program. Is Vipre maybe
something of theirs?

Thanks

"1PW" wrote in message
news:[email protected]...
> On 03/12/2009 09:02 PM, TRCSr sent:
>> WinXP, SP3. I am having a problem with the program SBAMSvc.exe hogging
>> my CPU time. Periodically everything slows down to a crawl and if I open
>> the Task Manager I find this program taking anywhere from 10% to 90% of
>> the CPU time. Does anybody know what this program is and if I can delete
>> it? I Googled it and apparently there are a lot of others with the same
>> question, but did not find any answers.
>>
>> Thanks.
>>
>> TRCSr
>
> Do you have Sunbelt Software's Vipre or any other of their products
> installed and running?
>
> Pete
> --
> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]