SbCtri.exe Virus
home > SbCtri.exe
Get rid of the SbCtri.exe file

FREE WEB HOSTING TRIAL with NO long-term contracts at! Quick Insurance Quotes $1/ mo Hosting + Free domain! Stick it to the slow websites! Cards for people with not so great credit
SPECIAL PROMO: Expert Plan NOW only $3.95 per month (originally $6.95) at! Looking for the best deal on your car insurance? Find it here with one simple form. Fast, secure and easy! Put your business online! Get a $8.99 .COM/.NET from GoDaddy!. FREE Direct Deposit, Online Pay Bills, Get Cash from ATMís, Guaranteed Approval!

How to get rid of the SbCtri.exe Virus

Well, that's how I call it since I have virtually no info of it, all I know is that it installed itself into one of my machines and searching the internet brought no results so I don't really know what it is, what it does and how it came in (although I do have an idea).

Ok, if you are reading this and do what I suggest you to do and then your PC does'n go wromm wromm anymore it's your own fault for reading me so if you are likely to use me as your scapegoat for your own actions, leave this site now by going HERE.


Ok let's go to the point, unfortunately I'll go by memory so you might sometimes have to fill the gaps, i'll include screenshots to walk you through some real easy stuff so it'll seem more complicated than it is.

How did the virus first manifest itself?

My firewall warned me that C:\WINNT\system32\drivers\SbCtri.exe was trying to connect to some site.

See below screen for what it looked like:

I might be wrong but I suspect the above site might have nothing to do with this.

I went there and nothing came up so perhaps the hacker owner of this virus directed all of us zombies to the above site to crash it. I am not sure nor I care.

What I did next was to try and delete the SbCtri.exe file but it was not possible.

 Btw it was hidden and had "system file" attributes so it was double hidden .. as you go there, (to the C:\WINNT\system32\drivers\SbCtri.exe location) click the "show files" link in Winnt folder as shown below:

then do the same when in the System32 folder as shown below

When you get to the Drivers folder, change the folder options as shown below

then on the win that comes up, do the below


and then tick  the "show bla bla" and untick the "hide operating bla bla" as seen below, then CLICK OK.

did I say you must click ok?

Look in that folder for the SbCtri.exe file which will be there in full view.

Now, I am not sure if I right clicked on the SbCtri.exe file to see if it was read only, I don't have it anymore so can't remember, just do it and untick the read only (if it applies), then click ok.

Then hit delete and it won't delete, so come here and go to the kill files in use page, grab the little program and use it to kill the SbCtri.exe.

This time the little mo fo does die.

At this point you could leave it like that, but next time you restart you PC you'll get a popup that window didn't find the C:\WINNT\system32\drivers\SbCtri.exe file.

So we will now get into the registry to delete the entry for it. The following technique is also useful to fix similar cases where windows looks for a file and doesn't find it, throwing up an annoying popup.

They all say that messing with the registry is dangerous if you don't know what you are doing and so you never do and so you'll never learn to mess with the registry.

I won't say that, (since I have already warned you that you are on your own) and here is what you do:

Go to Start > Run,  type regedit and hit OK as you see in the screen below:

you'll get to the Registry as you see below:


now you hit Ctrl + F or go to Edit > Find.


On the box that comes up, type SbCtri.exe then hit OK.

The editor will look for the SbCtri.exe entry and will bring it up. If you are logged in as Administrator you will now be able to right click on the entry on the right to delete it, see the entry below under Shell:

After deleting it, look for it again, just in case it is somewhere else, I can't remember now if it was somewhere else.

At this point  you should also look for an entry called "Service Controler"  and it should bring up:  imagepath REG_EXPAND_SZ

in My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service Controler

You need to delete the imagepath REG_EXPAND_SZ

That's it, your PC should now be free of the Virus/Spyware whatever you want to call this thing.


One way to be safe from any virus would be to log into your computer as a guest.

As you know, guests don't have permission to modify any files nor to install anything so you should be 100% safe there.

The way I do it is I give Administrator privileges to a guest, then I install all my programs, prepare the PC as I want it, then I log in as the main Administrator and from there I remove all privileges to the guest, then I simply log in as the guest.

The downside is that every time you need to install anything you must login as the Admin, give Admin or Power User privileges to the guest, login as a guest, install the whatever, then go back in as the Admin to remove privileges again.

This is why this pc became infected, it is the one I mess with and so I always log in as an Admin and if a virus ever gets past the firewall and antivirus (it had never happened before) the pc gets infected.

Obviously this isn't the PC I use to get into my internet banking! The other ones are all protected as I mentioned before.

Also, this pc is used to print and often shares files with others so  it has network neighborhood options fully  enabled (within the firewall) and this could be a vulnerability.

Ideally you enable those options only for a short moment while you need to browse from one pc to the other but I have found that sharing a common external hard drive is better, anyway that's another story, I hope this somehow helped you.

If you like this page please add it to your social bookmarks and help others find it!

home > SbCtri.exe
SbCtri.exe spyware or Virus?