Jump to content

Does MBAM install fsbts.sys?

Recommended Posts

Using Sysinternals Autoruns, I noticed the following driver installed on my system:



F-Secure Boot Time Scanner (filter)


This file has what appears to be a valid digital signature from F-Secure Corporation.


I have Avira Antivirus Suite installed, but I've never installed an F-Secure product. Now, I know MBAM is not F-Secure. But I wondered if F-Secure licensed this driver, allowing it to be used in other products.


I've scanned with Avira and with MBAM, and also the MBAR beta. Clean.


I use Total Uninstall obsessively to track software installations, which makes the existence of fsbts.sys all the more mysterious, since it's not found in any of Total Uninstall's logs.


Any ideas?




Link to post
Share on other sites

  • Root Admin

Its not our driver but if you want to post some scans we can look at helping you remove it if you want.
Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
Link to post
Share on other sites

Can you please delete those attached files (or the whole post) once you have them?


DDS.com opened both logs after they were created, and I edted out my user name. I didn't realize I was editing a temp copy, not the ones on my Desktop. Very annoying.


LOVING how I can't edit or delete my own posts.

Link to post
Share on other sites

  • Root Admin

Editing was removed due to numerous issues with new users causing trouble by editing their posts.  You need to have 100 posts before you're allowed to edit your own posts.


Open an Elevated Command Prompt - Open in Windows 8
Then type the following


That will remove the service from loading.  Then you can either leave the file or remove it.
To remove it you can browse to it under Computer or simply type the following in the same Elevated Command prompt.

DEL C:\WINDOWS\System32\drivers\fsbts.sys /F
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.