What is SBAMSvc.exe and Should I Remove It?

Several Windows users have been asking us questions about a mysterious executable called SBAMSvc.exe. While some users have discovered it after it was flagged as an Adware by a security suite, others are saying that they consistently see it inside Task Manager as one of the biggest CPU and RAM hoggers. As it turns out, the executable is encountered on Windows 7, Windows 8.1 and Windows 10.

What is SBAMSvc.exe?

After investigating this executable, it turns out like the legitimate file will install along with Vipre Antivirus + Antispyware. The utility is signed by Sunbelt software and is described as being an antivirus, antispyware, anti-rootkit and anti-malware tightly integrated into one single security solution. It’s the spiritual successor of CounterSpy AntiSpyware.

The SBAMSvc executable is the biggest process that is being used by Vipre Antivirus – and the one that consumes the most amount of system resources.

However, the same SBAMSvc.exe file can also be installed by System Suite 9 and Ad-Aware – two other Anti-virus suites that are almost identical to Vipre Antivirus. Both are notoriously known for hogging a lot of system resources.

Keep in mind that most users that are reporting issues with this particular executable are saying that it has auto-loading capabilities and will end up being loaded even after they specifically stopped its startup service.

Is SBAMSvc.exe safe?

While the genuine SBAMSvc.exe should not be considered a security threat, users are reporting that it’s behaving similarly as adware programs. Still, this is not causing for concern, unless you investigate and you determine that you’re dealing with malware in disguise.

As Windows releases got more secure, malware makers had no way but to try and disguise their executables as legitimate files with enhanced permissions to be able to infiltrate systems. That’s why it’s so important to make sure that you’re not dealing with a virus that’s hiding under the name of the legitimate SBAMSvc.exe file.

In scenarios like this, there are several different steps that you need to follow to eliminate the possibility of a virus infection.

First, you should consider your particular situation. If you previously installed Vipre Antivirus, System Suite 9 or Ad-Aware, chances are you’re dealing with the legitimate executable, even if it’s only a remnant file.

But if you don’t know about ever installing any of these security suites, you should investigate to see if the file is legitimate. In this case, the best place to start is to view the location. To view the location, press Ctrl + Shift + Esc to open up Task Manager.

Inside Task Manager, select the Processes tab, then scroll down and identify the SBAMSvc.exe file. Once you see it, right-click on it and choose Open File Location from the newly appeared context menu.

If the location is different than “Program Files\Ad-Aware Antivirus”, “Program Files\VIPRE\” or “\Program Files\SystemSuite9\” and you didn’t install the security suite in a custom location, there’s a high chance that you’re dealing with a security threat.

If the file is located in a suspicious location, the best course of action is to upload the file to a virus database to determine if it’s surely a security threat or not. To do this, visit this link (here) and upload the SBAMSvc.exe file. Then, start the analysis and wait for the results to be generated.

Note: If the analysis didn’t find any security threats, skip the ‘Dealing with the security threat’ section and move directly to ‘Should I remove SBAMSvc.cxe?”, since you already confirmed that you’re dealing with a legitimate file.

If the analysis revealed some security concerns, proceed to the next section below where we showcase a virus removal strategy that will help you get rid of the infection.

Dealing with the security threat

If the SBAMSvc.exe file wasn’t located in a secure location and the virus inspection you did with VirusTotal revealed some security concerns, we highly recommend that you deploy a security scanner capable of identifying and dealing with the malware infection.

Viruses like this with cloaking capabilities are typically tricky to detect and not all security suites can handle them properly. It helps if you have a paid AV client, but if you don’t, we recommend performing a deep scan with Malwarebytes. it’s completely free and will help you identify and remove the vast majority of malware executable with cloaking capabilities.

We even managed to find some mentions of users that managed to clean this particular file using Malwarebytes. If you don’t know how to perform a deep scan with Malwarebytes, follow the instructions (here) for steps on getting rid of the virus infection.

If the scan reveals the infection and removes it successfully, move down to the next section and see if the SBAMSvc.exe is still appearing inside Task Manager with high resource usage. If it is, move down to the next section below.

Should I remove SBAMSvc.exe?

If you previously confirmed that you’re not dealing with a security breach and you still want to remove SBAMSvc.exe, you can do so without fearing any repercussions in regards to the functioning of your operating system.

As we previously established, SBAMSvc.exe belongs to a 3rd party security suite, so deleting it will not have any effect on your PC (other than losing the ability to use the 3rd party antivirus that’s using the file).

If you are determined to remove the SBAMSvc.exe file, follow the instructions in the next section below.

How to Remove SBAMSvc.exe?

If you did all of the verifications above to confirm that the file you’re dealing with is genuine, all that’s left to do now is remove it conventionally. But keep in mind that if you decide to simply delete the executable, chances are it will re-appear in your Task Manager after some time with the same degree of resource usage.

Several affected users have confirmed that the SBAMSvc.exe file has regenerative capabilities – If you only remove this process and leave the rest of the security suite intact, the utility will recreate the process.

To prevent this from happening, you’ll need to remove SBAMSvc.exe along with its parent application. The easiest way of doing this is by using the Programs and Features menu. Here’s a quick guide with everything you need to do:

1. Press Windows key + R to open up a Run dialog box. Once you’re inside the Run window, type “appwiz.cpl” and press Enter to open up the Programs and Features window.

   

2. Once you’re inside the Programs and Files window, scroll down through the list of applications and locate the 3rd  party AV suite that was installed along with Vipre Antivirus, System Suite 9 or Ad-Aware.
3. As soon as you manage to locate it, right-click on it and choose Uninstall from the newly appeared context-menu.

   

4. Follow the on-screen prompts to complete the uninstallation, then restart your computer and see if the SBAMSvc.exe is no longer appearing inside Task manager at the next system startup.