Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!



  • Please log in to reply
2 replies to this topic

#1 hat331


    New Member

  • New Member
  • Pip
  • 2 posts

Posted 16 September 2006 - 03:55 PM

Is this file, located in the system32 directory, malware or not? It is called "Sunbelt Boot Delete Utility", and its copyright is attributed to Sunbelt, but I do not have CounterSpy on my computer. Is it safe?


Register to Remove

#2 Doug


    Retired Administrator -Tech Team

  • Tech Team
  • 10,057 posts

Posted 16 September 2006 - 08:48 PM

As you've probably discovered, there's not much available via Google search for either sbbd.exe or for Sunbelt Boot Delete Utility.

In some logs, the Expert has recommended to remove the item, in others it seems to be ignored.
No help there.

You can have the file itself analysed Here:

A safe move you can take is to "move" or "rename" the file without actually deleting it.

Reboot into SAFE Mode (restart machine, then repeatedly tap F8 until the Menu comes up, Select -SAFE Mode)

In Windows Explorer/My Computer, navigate to the file at C:\windows\system32\sbbd.exe
Right-Click on sbbd.exe and Select - Rename
Rename it to sbbd.old

Or you can cut/paste it to a holding folder that you create.
Create a New Folder on your C:\ root directory. Name it TC Experiment

In Windows Explorer/My Computer, navigate to the file at C:\windows\system32\sbbd.exe
Highlight sbbd.exe with your cursor - then Press ctrl-x to "cut" to remove it from your system32 Folder
Navigate to your new folder C:\TC Experiment - press ctrl-V (paste) to place it in the new folder.

Now Reboot Normally, and run your machine.
If it was an important item, required by some application or process, you Machine will complain that it can't be found, sooner or later. If this occurs, you can restore the file by reversing the "renaming" or by cut and paste to return it to system32 folder from your TC Experiment folder.

Best Regards
The help you receive here is free.
If you wish, you may Donate to help keep us online.

#3 hat331


    New Member

  • New Member
  • Pip
  • 2 posts

Posted 17 September 2006 - 10:21 AM

Yeah, I wonder why there is no information available on this file. I think I will scan it at virusscan.jotti.org first. I deleted it once using Killbox, only to find it again. Then I deleted it in Safe Mode; I haven't seen it since, on that computer. However, it exists on another computer of mine. It is quite a mystery to me. Thanks for your help, though.

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users