Jump to content

Build Theme!
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account



  • Please log in to reply
2 replies to this topic

#1 hat331


    New Member

  • New Member
  • Pip
  • 2 posts

Posted 16 September 2006 - 03:55 PM

Is this file, located in the system32 directory, malware or not? It is called "Sunbelt Boot Delete Utility", and its copyright is attributed to Sunbelt, but I do not have CounterSpy on my computer. Is it safe?

#2 Doug


    Retired Administrator -Tech Team

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,051 posts

Posted 16 September 2006 - 08:48 PM

As you've probably discovered, there's not much available via Google search for either sbbd.exe or for Sunbelt Boot Delete Utility.

In some logs, the Expert has recommended to remove the item, in others it seems to be ignored.
No help there.

You can have the file itself analysed Here:

A safe move you can take is to "move" or "rename" the file without actually deleting it.

Reboot into SAFE Mode (restart machine, then repeatedly tap F8 until the Menu comes up, Select -SAFE Mode)

In Windows Explorer/My Computer, navigate to the file at C:\windows\system32\sbbd.exe
Right-Click on sbbd.exe and Select - Rename
Rename it to sbbd.old

Or you can cut/paste it to a holding folder that you create.
Create a New Folder on your C:\ root directory. Name it TC Experiment

In Windows Explorer/My Computer, navigate to the file at C:\windows\system32\sbbd.exe
Highlight sbbd.exe with your cursor - then Press ctrl-x to "cut" to remove it from your system32 Folder
Navigate to your new folder C:\TC Experiment - press ctrl-V (paste) to place it in the new folder.

Now Reboot Normally, and run your machine.
If it was an important item, required by some application or process, you Machine will complain that it can't be found, sooner or later. If this occurs, you can restore the file by reversing the "renaming" or by cut and paste to return it to system32 folder from your TC Experiment folder.

Best Regards

#3 hat331


    New Member

  • New Member
  • Pip
  • 2 posts

Posted 17 September 2006 - 10:21 AM

Yeah, I wonder why there is no information available on this file. I think I will scan it at virusscan.jotti.org first. I deleted it once using Killbox, only to find it again. Then I deleted it in Safe Mode; I haven't seen it since, on that computer. However, it exists on another computer of mine. It is quite a mystery to me. Thanks for your help, though.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users