Malware? - BFFSVC.EXE
Posted: Sun Feb 27, 2011 6:48 am
I have today discovered a strange file in my Windows directory called "bffsvc.exe". Seemed trivial, I simply deleted it (we'll see if that does anything good or bad to the system). The file tags say "created/modified in 2009" in my personal case, and it suddenly requested internet access one day, according to COMODO Firewall. I didn't recognise the executable name, so I checked the folder:
- bffsvc.exe has a broken (that is, non-standard) icon, yet still sits inside "C:\Windows". The only scenario where this can happen is a funky software or driver installation that puts ridiculous icons inside the Windows folder, but this wasn't the case. Bffsvc.exe used a clean "window" icon, to look "harmless". I smelled a ruse.
- right next to it, there's a legitimate Microsoft-signed executable called bfsvc.exe, or the Boot File Servicing Utility. I smelled foul play.
I was not able to procure any information about this file online. Bing found nothing, while on the other hand, Google found... nothing. Unless you want to call this a "result". They don't even know what it does.
However, denying internet access and simply deleting the file seems to have worked so far. Process Explorer revealed no programs or services linked to a "bffsvc" handle still in the memory.
Does anyone know anything about this file? How do you deal with "random" files you don't recognise and that your antimalware may, or may not, catch?
- bffsvc.exe has a broken (that is, non-standard) icon, yet still sits inside "C:\Windows". The only scenario where this can happen is a funky software or driver installation that puts ridiculous icons inside the Windows folder, but this wasn't the case. Bffsvc.exe used a clean "window" icon, to look "harmless". I smelled a ruse.
- right next to it, there's a legitimate Microsoft-signed executable called bfsvc.exe, or the Boot File Servicing Utility. I smelled foul play.
I was not able to procure any information about this file online. Bing found nothing, while on the other hand, Google found... nothing. Unless you want to call this a "result". They don't even know what it does.
However, denying internet access and simply deleting the file seems to have worked so far. Process Explorer revealed no programs or services linked to a "bffsvc" handle still in the memory.
Does anyone know anything about this file? How do you deal with "random" files you don't recognise and that your antimalware may, or may not, catch?