Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
3 replies to this topic

#1 VirusHunter


  • Members
  • 30 posts
  • Local time:12:23 PM

Posted 24 April 2007 - 04:13 AM

As part of my "spring-cleaning", I decided to clean house and format.

When everything was up and running, the first thing I downloaded was CounterSpy. I updated it and ran a scan just to run a scan.

So far so good, so then I wanted to go into my Control Panel and tweak some settings. I went to the Control Panel via the Start button and as soon as I hit the CP option, I got the dreaded BSOD.

Now it flashed pretty quickly then restarted so at first I could grab what the BSOD said. I was able to find out more info when I took a picture with my digital camera (don't laugh!) and found something called "sbapifs.sys". I never heard of up but upon researching via Google, it seems to be related to Sunbelt which in turn would be related to CounterSpy.

But I'm not too sure about that which is why I'm posting. I was wondering if my CounterSpy exe was bugged out or something and that this sbapifs.sys is malware?

Thanks for reading this and for any help you can provide. :thumbsup:

This is a little out of topic but I was wondering if CounterSpy has a MD5 hash to verify the exe?

BC AdBot (Login to Remove)


#2 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:03:23 AM

Posted 24 April 2007 - 04:43 AM

What were the error codes on the BSOD?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 whintersby


  • Members
  • 29 posts
  • Local time:06:23 PM

Posted 24 April 2007 - 04:55 AM

Well this filename has been seen as legitimate, but then also used by malware creators as part of their infections.

Here's a bad version:

You will notice that even though it is malware, they have used "Sunbelt Software, Inc." as their vendor name. HOWEVER, this doesn't necessarily mean you have a bad version on your computer, as there are also many genuine versions as seen here:

And I'm afraid that's where my knowledge on the subject ends, as I have no idea how to tell a genuine file from a malicious one if they share both the filename and the path? I usually leave my security program to work that out...

Edited by whintersby, 24 April 2007 - 04:56 AM.

#4 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:23 AM

Posted 24 April 2007 - 06:56 PM

Disable automatic re-start on system failure.
This will allow you to get the BSOD to post long enough, for you to copy the information, and post it here:

Click Start.
Click Control Panel.
Click Performance and Maintenance.
Click System.
Click the Advanced tab.
In the Startup and Recovery box, click the Settings button.
In the System Failure box, uncheck Automatically restart.
Put a check in Write an event to the system log, and Send an administrative alert.
Click OK.

On the next BSOD, write it down, word for word, and post it here.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users