Malware?

I'm running Windows 7 64bit. This problem has only been very recent, like within the last 2 hours recent. I was watching a movie, then everything got really bogged down and I got a pop up saying, "bmufa-64.exe has stopped working...", the normal Windows Software not working message, then the error reporting and all that normal crap. I've also noticed that during the bmufa-64 pop up, multiple instances of net1 and net.exe show up and disappear immediately while bmufa-64.exe show up on my running processes. I've researched it extensively and have only found 1 mention of bmufa-64 anywhere on the web. I have absolutely no idea what is going on with it. I've searched my system and the registry and can't find the bmufa-64.exe file anywhere. I've checked went through every appdata, roaming folder and nothing. Anybody have any clue about this? When the "software has quit running..." popup shows up, it pretty much stops everything, except for audio. It only shows up when I'm watching a movie, so I've checked all the relevant vlc, wmp and media center folders and files, and still nothing. Any help would be very much appreciated.

 

I would start bye running Virus scans and malware scan.I would all so do rootkit scan to sounds like a virus to me sounds new Even microsoft does not have any info on it i even searched my self and could not find any info on it.But the one web page.



start with this
http://forums.majorgeeks.com/showthread.php?t=35407
Then this
http://forums.majorgeeks.com/showthread.php?t=74501

 

I recently did a mcafee scan, and malwarebytes. Mcafee found nothing and mwb found a few registy keys and couple files, but nothing in regards to bmufa-64. The only time anything happens is when I'm playing a movie, but I've checked everything regarding any player I use and nothing even close to bmufa. It's really starting to get on my damn nerves. I've contacted mcafee support and dell support, they don't know anymore than I do. And that's that it is something to do with visual media. I am more or less competent when it comes to computers, and I know all the usual steps with removing a virus, but have absolutely no clue what I am looking for in regards to bmufa, and neither are any of the techs I've spoken with.

 

In the other forum the file was located in the same folder as Realplayer. Do you have Realplayer installed? Make sure hidden files are shown in folder options.

 

I don't have realplayer, but I have found a post on a different sight citing realtek audio, which I do have. But..., I have not located the bmufa file. As soon as the "quit working" popup first popped up, I immediately tried to locate the file, simply to see whether or not the file was important. There is no bmufa anywhere, no file anywhere, not even a registry entry, which is kinda weird to me. It's little more than a nuisance right now, but I edit and make movies and clips on my pc, and that seems to be when it shows up, when video media is being played.

 

Try searching through F8 mode safe mode and see if it will pop up in safe mode some times its best idea.In normal windows some things are hidden.

 

Searched in Safemode, still nothing. I'm currently going through each and every single line of the registry, tedious and god damned annoying, but since I don't know what I'm looking for, I'm simply checking every entry and hoping that something stands out as suspicious.

 

And just for reference purpose, I played a video file while in safemode, and the popup didn't happen. So..., this would mean that the problem is something to do with a nonessential background service?

 

And people wonder way i don't want to upgrade lol

 

Well here is a list of Services in windows 7 if you need to look and see if some thing does stand out.

Name of Service
Default Startup Mode
Possible Startup Mode
ActiveX Installer (AxInstSV)
Manual
Manual
Adaptive Brightness
Manual
Disabled
Application Experience
Manual
Manual
Application Identity
Manual
Manual
Application Information
Manual
Manual
Application Layer Gateway Service
Manual
Disabled
Application Management
Manual
Disabled
Background Intelligent Transfer Service
Manual
Manual
Base Filtering Engine
Automatic
Automatic
Bitlocker Drive Encryption Service
Manual
Disabled
Block Level Backup Engine Service
Manual
Disabled
Bluetooth Support Services
Manual
Disabled
BranchCache
Manual
Disabled
Certificate Propagation
Manual
Disabled
CNG Key Isolation
Manual
Manual
COM+ Event System
Automatic
Automatic
COM+ System Application
Manual
Manual
Computer Browser
Manual
Disabled
Credential Manager
Manual
Manual
Cryptographic Services
Automatic
Automatic
DCOM Server Process Launcher
Automatic
Automatic
Desktop Window Manager Session Manager
Automatic
Automatic
DHCP Client
Automatic
Automatic
Diagnostic Policy Service
Automatic
Automatic
Diagnostic Service host
Automatic
Automatic
Diagnostic System Host
Manual
Manual
Disk Defragmenter
Manual
Disabled
Distributed Link Tracking Client
Automatic
Automatic
Distributed Transaction Coordinator
Manual
Manual
DNS Client
Automatic
Automatic
Encrypting File System (EFS)
Manual
Disabled
Extensible Authentication Protocol
Manual
Manual
Fax
Manual
Disabled
Function Discovery Provider Host
Manual
Manual
Function Discovery Resource Publication
Manual
Disabled
Group Policy Client
Automatic
Automatic
Health Key and Certificate Management
Manual
Disabled
HomeGroup Listener
Manual
Disabled
HomeGroup Provider
Manual
Disabled
Human Interface Device Access
Manual
Manual
IKE and AuthIP IPsec Keying Modules
Manual
Manual
Interactive Services Detection
Manual
Manual
Internet Connection Sharing (ICS)
Disabled
Disabled
IP Helper
Automatic
Automatic
IPsec Policy Agent
Manual
Manual
KtmRm for Distributed Transaction Coordinator
Manual
Manual
Link-Layer Topology Discovery Mapper
Manual
Disabled
Media Center Extender Service
Disabled
Disabled
Microsoft .NET Framework NGEN v2.0.50727_X86
Manual
Manual
Microsoft iSCSI Initiator Service
Manual
Manual
Microsoft Software Shadow Copy
Manual
Manual
Multimedia Class Scheduler
Automatic
Automatic
Net.Tcp Port Sharing Service
Disabled
Disabled
Netlogon
Manual
Manual
Network Access Protection Agent
Manual
Manual
Network Connections
Manual
Manual
Network List Service
Manual
Manual
Network Location Awareness
Automatic
Automatic
Network Store Interface Service
Automatic
Automatic
Offline Files
Automatic
Disabled
Parental Controls
Manual
Disabled
Peer Name Resolution Protocol
Manual
Manual
Peer Networking Grouping
Manual
Manual
Peer Networking Identity Manager
Manual
Manual
Performance Counter DLL Host
Manual
Disabled
Performance Logs & Alerts
Manual
Disabled
Plug and Play
Automatic
Automatic
PnP-X IP Bus Enumerator
Manual
Manual
PNRP Machine Name Publication Service
Manual
Manual
Portable Device Enumerator Service
Manual
Manual
Power
Automatic
Automatic
Print Spooler
Automatic
Automatic
Problem Reports and Solutions Control Panel Support
Manual
Disabled
Program Compatibility Assistant Service
Manual
Disabled
Protected Storage
Manual
Disabled
Quality Windows Audio Video Experience
Manual
Disabled
Remote Access Auto Connection Manager
Manual
Disabled
Remote Access Connection Manager
Manual
Disabled
Remote Procedure Call (RPC)
Automatic
Automatic
Remote Procedure Call (RPC) Locator
Manual
Manual
Remote Registry
Manual
Manual
Routing and Remote Access
Disabled
Disabled
RPC Endpoint Mapper
Automatic
Automatic
Secondary Logon
Manual
Manual
Secure Socket Tunneling Protocol Service
Manual
Disabled for desktops, enabled for laptops
Security Accounts Manager
Automatic
Automatic
Security Center
Automatic (Delayed Start)
Automatic
Server
Automatic
Automatic
Shell Hardware Detection
Automatic
Automatic
Smart Card
Manual
Disabled
Smart Card Removal Policy
Manual
Manual
SNMP Trap
Manual
Disabled
Software Protection
Automatic
Automatic
SPP Notification Service
Manual
Manual
SSDP Discovery
Manual
Manual
Superfetch
Automatic
Automatic
System Event Notification Service
Automatic
Automatic
Tablet PC Input Service
Automatic
Disabled
Task Scheduler
Automatic
Automatic
TCP/IP NetBIOS Helper
Automatic
Automatic
Telephony
Manual
Disabled
Themes
Automatic
Automatic
Thread Ordering Server
Manual
Manual
TP AutoConnect Service
Manual
Manual
TPM Base Services
Manual
Manual
UPnP Device Host
Manual
Manual
User Profile Service
Automatic
Automatic
Virtual Disk
Manual
Manual
Volume Shadow Copy
Manual
Manual
WebClient
Manual
Disabled
Windows Audio
Automatic
Automatic
Windows Audio Endpoint Builder
Automatic
Automatic
Windows Backup
Manual
Manual
Windows CardSpace
Manual
Disabled
Windows Color System
Manual
Disabled
Windows Connect Now - Config Registrar
Manual
Disabled
Windows Defender
Automatic
Automatic
Windows Driver Foundation - User-mode Driver Framework
Automatic
Automatic
Windows Error Reporting Service
Manual
Disabled
Windows Event Collector
Manual
Disabled
Windows Event Log
Automatic
Automatic
Windows Firewall
Automatic
Automatic
Windows Font Cache Service
Manual
Manual
Windows Image Acquisition (WIA)
Manual
Disabled
Windows Installer
Manual
Manual
Windows Management Instrumentation
Automatic
Automatic
Windows Media Center Receiver Service
Manual
Disabled
Windows Media Center Scheduler Service
Manual
Disabled
Windows Media Player Network Sharing Service
Manual
Disabled
Windows Modules Installer
Manual
Manual
Windows Presentation Foundation Font Cache 3.0.0.0
Manual
Manual
Windows Remote Management (WS-Management)
Manual
Manual
Windows Search
Automatic
Automatic
Windows Time
Automatic
Automatic
Windows Update
Automatic (Delayed Start)
Automatic (Delay Start)
WinHTTP Web Proxy Auto-Discovery Service
Manual
Manual
Wired AutoConfig
Manual
Disabled
WLAN AutoConfig
Manual
Disabled for LAN, Enabled for Wireless
WMI Performance Adapter
Manual
Manual
Workstation
Automatic
Automatic

 

Just an update, apparently it had something to do with an update for my ATI Radeon HD 5800 graphics card. I still have no clue what bmufa-64.exe actually is, there is no such file anywhere on my pc. But, after spending most the night exploring everything in safe mode, only deleting temp files and all the normal clutter, and changing absolutely nothing in my registry, I finally gave up and turned my pc off. Upon restarting this morning, I got a system msg saying "ATI Update Successful." And, to test my system, after changing nothing at all, I played a video file. I expected bmufa crap to pop up 30 seconds in, then every 30 seconds after, but nothing. After 90 minutes of video, not one pop up. I still have no idea when this update download and install happened. And nothing about my graphics, other than during video playback seemed different at all. I'm actually worried that some virus is now resident on my system, but after running every scan I could, nothing. There seems to be nothing slow or unstable about my pc, but I don't know, after that episode last night, I'm worried that I have some sort of trojan that has all my cc and personal shit recorded somewhere. Anyways, if this is all over, thank you to everybody that attempted to help me out with this unknown, randomass issue.

 

Hey all, just signed up to post in this thread, seeing as it's the only mention of bmufa-64.exe in all of google-dom.

From what I understand, it waits for about 5 minutes after all user input has ceased and proceeds to run your processor full-tit. Why?
Because it appears to be a bitcoin mining program. Quite sneaky. I noticed my minecraft server was choking up while I was cooking and saw my Windows task manager graph showed 100% usage right up to the point of me logging back in to my windows profile. So, to find the program, I just ran the resource monitor, selected the CPU load average tier and sat back to find the cheeky bastard.

MSE isn't doing much good in finding it, nor has any search through my 5~TB of data yielded any result for such a file.
For now, I'm halfway through a fresh install of windows as I've never installed a bitcoin miner on my computer.

 

+1 here
Win7-64 and I've just updated ATI Catalyst.
Same picture.

 

Got it! With the help of Avira. The problem was with Realtek software:
AppData\Roaming\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\RAVCpl64.exe
Bit.Coin.2.3

 

Thanks for the tip JRave! Removing the RAVCpl64.exe in C\:\users\NAME\AppData\Roaming\Realtek Semiconductor\Realtek HD Audio Manager\1.0.0.653\ Did the trick.

And the fact you cant find bmufa-64.exe is cuz as soon you move the mouse or press a key on the keyboard, its gone.