boot time scan, unable to find the source

Discussion in 'other anti-malware software' started by cybergary, Dec 23, 2009.

Thread Status:
Not open for further replies.
  1. cybergary
    Online

    cybergary Registered Member

    I'm running Windows 7 Ultimate x64, I see what looks like a boot time scan screen between the Windows Logo screen and Login screen.

    It's on the screen very briefly, too quick to read properly.

    I was running Vipre Beta + Prevx with MBAM on demand.
    Vipre ran a scheduled scan on Sunday and said a condition occurred that required a reboot, all the scan had detected was a few cookies. I rebooted and it ran a boot time scan, it didn't find the files.

    I've removed the Vipre beta yesterday, but it made no difference.

    I had also installed Hitmanpro a few days before and have removed it today trying to find the source. I might add the hitmanpro uninstall leaves many files and some registry keys behind.

    Any ideas how to find out the source?

    Edit:
    I just found SBBD.exe in Windows/system32

    And this in the registry:
    PDBoot.exe
    autocheck autochk *
    SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Sunbelt Software\VIPRE\Definitions
    Last edited: Dec 23, 2009
  2. NickHSunbelt
    Offline

    NickHSunbelt Support Specialist

    I don't believe VIPRE's boot time scanner could run after VIPRE has been uninstalled as it has no definitions or other components. We also haven't seen any other reports of this previously. As this is a beta I suppose anything is possible so it would be a good idea to double check. As you noticed, sbbd.exe is located in system32. You can try renaming this file and see if this resolves the problem. If the boot time scanner were set to run you could also edit a value in the registry to prevent it from running. Look in the location in the registry where the boot time cleaner is registered, and remove the entry for sbbd.exe:

    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager

    ValueName - BootExecute

    Note that this is a multi-string value, so remove only the section that refers to sbbd.exe.
  3. cybergary
    Online

    cybergary Registered Member

    Thanks Nick, that has solved it.

    I deleted sbbd.exe and removed the registry reference to it.

    As far as I could see it was trying to run, but failing. I should also mention it was doing that while Vipre was still installed too.
  4. NickHSunbelt
    Offline

    NickHSunbelt Support Specialist

    Thanks for letting me know. I'll let the beta team know so they can look into this.
  5. NickHSunbelt
    Offline

    NickHSunbelt Support Specialist

    Cybergary,

    I just wanted to let you know that I also looked into what could cause the boot time scanner to be run when only cookies were detected. I was able to reproduce this once I had installed Prevx alongside VIPRE. Prevx apparently has an option to protect cookies. When this option is enabled this will cause VIPRE to be unable to remove the cookies and require a boot time scan to complete the removal. Disabling this option in Prevx will prevent the boot time scan from being necessary. If another software you were using is also protecting cookies this could also cause this problem.
Thread Status:
Not open for further replies.