What's this service - HYHUFBMV

As I was looking through my XP SP2 Services, I came across one called 'HYHUFBMV'. I've looked all over the internet and have not found a thing about it.

This is what I get when I query the service at the command prompt.

C:\>sc query HYHUFBMV

SERVICE_NAME: HYHUFBMV
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

I found that WIN32_EXIT_CODE : 1077 = "No attempts to start the service have been made since the last boot. "

Not knowing what the service is, I've disabled it, which doesn't seem to have any affect on my computer.

Does anyone have any thoughts about what this could be? Thanks

 

That is usually the sign of a trojan. Have you ran any scans?

 

I've run Sysinternals RootkitRevealer, F-Secure BlackLight Beta, TrendMicro HouseCall online scanning service, Windows Defender, Grisoft's AVG Free, Ad-Aware personal SE (ADS scans, too), and Spybot S&D.

FWIW - I can't remember the last time I was infected with anything more than adware or spyware.

I also use Hosts Secure to neutralize most cookies and adware sites.

 

Have you done a search for a file with that name? Usually trojans create a wierd name like that.

Download, update and run Ewido Security Suite

Install ewido security suite. When installing the program, under "Additonal Options" uncheck..
*Install background guard
*Install scan via context menu
Launch Ewido, there should now be an icon on your desktop, double-click it. The program will now open to the main screen. You will need to update ewido to the latest definition files: On the left hand side of the main screen click update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display "Update successful ") If you are having problems with the updater, you can use this link to manually update ewido: Ewido manual updates
Once the updates are installed, do the following: Click on scanner. Click on Complete System Scan, the scan will now begin. While the scan is in progress you will be promted to clean files, click OK. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections ", then choose clean and click OK. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report. Click Save Report. Now save the report .txt file to your desktop. Post this log with a Hijack This log as instructed below.

Please go to control panel/ folder options/ view and select show hidden and system files
Also uncheck "hide file extensions of known file types "

The first thing you should do after you download HijackThis is follow this.

Put HijackThis in a Permanent folder.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis ". Now you have C:\HJT.

Put your HijackThis.exe there, and double click to run it.
Click the button Do a sytem scan and save a logfile.
This will open the logfile in Notepad. You will need to copy & paste the complete log into your HijackThis thread.

This will allow backups to be made and saved By Hijack This in case something goes wrong.


HijackThis 1.99.1

HijackThis Quick Start Guide

After doing all this post the HJT log at http://www.windowsbbs.com/forumdisplay.php?f=41.

 

Oops, I forgot to mention that I also use HJT. My HJT logs are crystal clear of any baddies.

I dl'd, update and ran ewido. Scared the heck out of me with that siren when it found a couple of cookies. I think that my assembled suite of tools covers what ewido offers, so I uninstalled it. Thanks anyways.

The hidden file stuff is good advice, something I've done for some time.

I did some poking around in the registry and found a few keys that pointed to HYHUFBMV:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HYHUFBMV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HYHUFBMV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HYHUFBMV

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HYHUFBMV

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HYHUFBMV

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HYHUFBMV

I noted that class was Legacy Driver.

I will mention that when I look in my service listing, there is no description for HYHUFBMV as there is for every other service listed there. No dependencies, either.

When I query services at the command prompt, HYHUFBMV is not among the results. It's only when I use a specific query - sc query HYHUFBMV -that the service shows up.

It's a mystery, I guess.