Anyone seen sbsrexe.exe

JimDuncanJimDuncan
edited October 2004 in Science & Tech
SBSCREXE.EXE is a running process. If I stop it it immediately starts again. Reason I'm trying to kill it is because something keeps shutting down PC. Event log says that the sbsrexe.exe has requested a shutdown. I suspect virus but can't find any info on it.


Anyone?

Comments

  • verselloversello New
    edited May 2004
    I'd run a virus scan and spyware scan (www.lavasoft.com). Also download HiJack this and post yer log and we'll be able to help more effectively.
  • JimDuncanJimDuncan
    edited May 2004
    I've run an anti-virus (AVG) and Adaware. Neither turned up anything. Will do the Hijack this next.
  • JimDuncanJimDuncan
    edited May 2004
    Here ya go:

    Logfile of HijackThis v1.97.7
    Scan saved at 8:01:51 PM, on 5/4/2004
    Platform: Unknown Windows (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 (6.00.3790.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\WINDOWS\System32\dns.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe
    C:\WINDOWS\system32\ntfrs.exe
    C:\WINDOWS\System32\wins.exe
    C:\WINDOWS\system32\Dfssvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rdpclip.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
    C:\Motherboard Monitor 5\MBM5.EXE
    C:\Motherboard Monitor 5\MBM5.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Administrator.UGLY\Desktop\FxSasser.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator.UGLY\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [ICW Reminder] C:\Program Files\Microsoft Windows Small Business Server\networking\icwnotify.exe
    O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [MBM 5] "C:\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O14 - IERESET.INF: START_PAGE_URL=http://companyweb
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38111.7568171296
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smallbusiness.local
    O17 - HKLM\Software\..\Telephony: DomainName = smallbusiness.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smallbusiness.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = smallbusiness.local
  • verselloversello New
    edited May 2004
    Aha-! You run a server! A little research brought up that apparently it's a system service part of small business server.
  • kryystkryyst Ontario, Canada
    edited May 2004
    I have no idea what this says but it ended in a "thank you" so if you read the language maybe it'll help

    kaepplelupfer hallo,

    bei einem kunden fährt dieser dienst (sbscrexe.exe) alle 2 stunden den
    Server herunter.
    ich finde absolut nichts, keine Infos kein gar nichts.

    kann mir da jemand helfen?
    hat jemand eine ahnung?

    danke
    blub manchmal gibt sowas wie
    sbscrexe.exe /? oder sbscrexe /help
    etwas Aufschluss

    cu
    blub
    kaepplelupfer hallo,
    danke für den hinweis, nur leider bin ich im büro und der server beim kunden.
    kannst mir das kurz erklären :confused:

    danke :)
  • TurambarTurambar
    edited May 2004
    lol im taking german right now and i could understand some of what you were saying
  • MajorXMajorX
    edited May 2004
    Hello,

    did someone help you or do you find the problem by yourself.
    I have the same Problem. The server shut down after about 2 hours.

    Can you help me?
  • walkingpastwalkingpast
    edited June 2004
    It has something to do with small business server, like licensing or something -- you are probably running SBS, right? I had SBS installed incorrectly (not domain controller) and this little gem would shut down the machine after a couple of hours automagically, thank you so little. I had no clue why it was happening, I'd come back (or even be on it) and it would shut down. I read the EventLogs and there was this thing saying the licensing wasn't *proper* so it shut down the server for me. Well, I went into DOS to stop the service, seemed unable to via services, and then rebooted. NOT RECOMMENDED! I had to reinstall. :loco: So, I made it a domain controller, and it runs and so does the server!
    :thumbsup:
    Hope that helps...
  • gjburggjburg
    edited October 2004
    Yes SBS2003 must be configured as a domain controller otherwise it will shut down every couple of hours. But AD is a pretty heavy task for your server. But if you don't need Exchange and all the other applications that will come with SBS then is there a workaround to keep your machine running without AD.

    Start your machine in safe mode. Rename the sbscrexe.exe file. Open the registry. Goto HKLM\System\CurControlSet\Services\SbsCore right click.

    Permissions. Add your own account, remove the system account > click advanced > and replace the rights below the SBScore.

    Now export this key, you'll never know. :cool:
    And after that delete the key and restart your system,

    My machine is now just a normal server without AD and still running for 2 day's

    Gert,
Sign In or Register to comment.