# [SOLVED] Sunbelt A.V.?????



## Calicoe (May 5, 2005)

Is anyone in the forum familiar with "Sunbelt Anti Virus" I found it running as a service on my laptop and desktop. I didn't install it and I can't get rid of it.
Pete


----------



## tetonbob (Jan 10, 2005)

*Re: Sunbelt A.V.?????*

Sunbelt VIPRE Antivirus Service (SBAMSvc) 

http://www.sunbeltsoftware.com/

??

What's the path to executable listed in the services.msc properties?

Do you have any Sunbelt software installed, such as CounterSpy?


----------



## Calicoe (May 5, 2005)

*Re: Sunbelt A.V.?????*

The path to exe. is:
"C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe"
The only A.V. software I have installed ix Avanquest System Suite 9


----------



## tetonbob (Jan 10, 2005)

*Re: Sunbelt A.V.?????*

If you had a HijackThis log, I might expect to see this line

O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe

Though the file is most commonly seen in this location

C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

There should be file properties associated with the file in question, giving you a company name on the version tab. (right click on the file, select Properties) There should also be a Digital Signature tab, indicating Sunbelt Software.

If none of that lines up, it may well be a rogue install. The location of the file makes it suspicious.



> I can't get rid of it


What have you done to try to get rid of it? 

You can scan the file at *VirusTotal* or Jotti File Scan

In the case that it turns out to be infected, it would be best to see what else is on the machine.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

After running through *all *the steps, you shall have a proper set of logs. 

After running through *all *the steps, please post the requested logs in the HijackThis Log Help forum, *not here.*

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the HijackThis Log Help forum is extremely busy, and it may take a while to receive a reply.


----------



## Acowman (Dec 3, 2008)

*Re: Sunbelt A.V.?????*

Calicoe,

Have you gotten this resolved (SBAMsvc.exe)? I've discovered exact same thing and also am running System Suite 9 for A.V. and don't know where the SBAMsvc came from. Like you it does consume significant resources at times and would like to remove or disable.

I did do the individual file scan suggested by tetonbob but those came up with nothing.


----------



## donnachadelong (Dec 16, 2008)

*Re: Sunbelt A.V.?????*

I've got the same problem, I've recently installed Fix-It Utilities 9 Professional and have been having major speed issues recently. I spotted SBAMSvc.exe using a load of memory after CTRL+ALT+Deleting and checking Processes. Upon some investigating, found it in C:\Program Files\Common Files\AntiVirus. What I can't find is any way to get rid of the bloody thing. No sign of Sunbelt or Vipre in Add/Remove Programmes or anywhere else.


----------



## donnachadelong (Dec 16, 2008)

*Re: Sunbelt A.V.?????*

Mystery solved:
"Avanquest's Fix-It Utilities 9 Professional includes a more powerful security suite with the addition of Sunbelt's new VIPRE™ malware engine. The software removes existing viruses, malware and spyware and prevents future infections by monitoring the computer for any malicious behavior."
http://www.newsguide.us/technology/...with-the-New-Fix-It-Utilities-9-Professional/


----------



## tetonbob (Jan 10, 2005)

*Re: Sunbelt A.V.?????*

Thank you, donnachadelong.


----------



## Acowman (Dec 3, 2008)

*Re: Sunbelt A.V.?????*

That is what I assumed and did discover a way to disable the program. Open up System Suite. Chose AV/AS. Then chose settings from the top menu bar. Then in the Active Protection Tab un-click the box "Enable Active Protection", i.e. remove the check mark.

This does not stop the program from loading, but does stop it from doing any scanning, which is what is consuming the resources.


----------



## FrontlineCyber (Jan 23, 2009)

Acowman, does this mean that you cannot use the Avanquest System Suite 9 (SS9) "Enable Active Protection" option in order to prevent Sunbelt's VIPRE from hogging your system?

I'm trying to deal with VIPRE now and I also have SS9 running. . . It looks like VIPRE corrupts the SS9 at boot-up. I have manually purged VIPRE several times but it keeps popping back. . . I'm now wondering if Avanquest also included VIPRE in the SS9 upgrade but it is just speculation on my part, at this time. I ran SS9 for about one month without any sign of VIPRE activity. . . I really don't know how I got VIPRE on my XP box. Any thoughts?


----------



## FrontlineCyber (Jan 23, 2009)

Ladies & Gentlemen - I just got off the phone with Avanquest concerning my problems with Sunbelt Vipre and Avanquest System Suite 9 (SS9). The Avanquest Tech confirmed that System Suite9 "included Sunbelt" product. . . Per Avanquest guidance, I'm uninstalling SS9 and following with the Microsoft "cleaner" utility. I "may" also purge my two other AV utilities to avoid conflict. After rebooting, I will reload SS9. Then we shall see! I really like SS9! The Avanquest Tech suggested my XP SP3 box may have old files from SS8 still resident and that may have been part of the stability problem.


----------



## Acowman (Dec 3, 2008)

FrontlineCyber,

That is my current situation. While it solves the immediate problem of SBAM.exe hogging resources it does put me at risk so I am very interested to see how things come out for you.

Acowman


----------

