Solved BSOD caused by Sunbelt Personal Firewall

[HungryJoe]

I keep getting BSODs relating to Sunbelt Personal Firewall, which is not a software product I recognize. I have not intentionally installed such software on my system (I use Microsoft Security Essentials) so I can only assume it is used by another product, possibly even MSE itself.

I have attached the folder output from running the SF Diagnostics utility.

Please advise me on what actions I can take to resolve this issue.

 

[Arc]

Yes, it is the fact! The BSOD is caused by Sunblet Firewall, which is out of market over around 3 years.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff8000426f7d3}

*** WARNING: Unable to verify timestamp for SbFw.sys
*** ERROR: Module load completed but symbols could not be loaded for SbFw.sys
[COLOR=Red]Probably caused by : SbFw.sys ( SbFw+9d32 )[/COLOR]

Followup: MachineOwner
---------

And it is also the fact that there is no tress of sunbelt in your system, but the driver is present at c:\windows\system32\drivers\sbfw.sys.

Delete the driver manually at that location, and then Scan the system for possible virus infection with the following programs.

• Anti-rootkit utility TDSSKiller
• Windows Defender Offline

Let us know how it is running then.

 

[HungryJoe]

Thanks for your advice, Arc.

I removed the Sunbelt Personal Firewall driver file (SbFw.Sys) and its associated files (SbAPIFS.Sys, SbHIPS.Sys and SbTIS.Sys) from the %WinDir%\System32\Drivers folder on my system.

I then scanned my system using TDSSKiller; no threats were detected.

Unfortunately, I do not have access to a second PC in order to create the Windows Defender Offline bootable media. Is it absolutely necessary to scan my system using this product, or just desirable?

While carrying out these remedial steps, I got several BSODs, however these appear to relate to NTOSKrnl.Exe (diagnostics attached).

 

[Arc]

Remedial steps means deleting those .sys files and scanning with TDSSKiller? Several BSODs?

Unfortunately the uploaded zip contains a single one that is already checked.

Suggested for scans on an assumption that it might be a malware disguising itself.

 

[HungryJoe]

Removal of the Sunbelt Personal Firewall driver files seems to have resolved the problem.

Thanks, Arc.

 

[Arc]

You are welcome HungryJoe.

Let us know for any further issue.