hscah.exe process, what is it?

[JT404]

Hi all,

Looking for some info on a suspicious process 'hscah' I had on my Windows 7 32-bit machine last night, full virus scan didn't flag it, so downloaded spybot and it started flagging the below. I've not been able to find any info about it on Google and I didn't think it was a system file.

A full scan with 'Avast!' didn't flag it but it's behaviour is rather dodgy.


31/05/2011 18:01:48 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /a") changed in System Startup user entry!
31/05/2011 18:02:31 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /Z") changed in System Startup user entry!
31/05/2011 18:04:06 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:04:17 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /F") changed in System Startup user entry!
31/05/2011 18:04:22 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /o") changed in System Startup user entry!
31/05/2011 18:05:30 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /l") changed in System Startup user entry!
31/05/2011 18:10:51 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /n") changed in System Startup user entry!
31/05/2011 18:11:03 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:11:11 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /W") changed in System Startup user entry!
31/05/2011 18:11:12 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /L") changed in System Startup user entry!
31/05/2011 18:11:20 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /y") changed in System Startup user entry!
31/05/2011 18:11:21 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:13:52 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /s") changed in System Startup user entry!
31/05/2011 18:14:33 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /D") changed in System Startup user entry!
31/05/2011 18:14:34 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /F") changed in System Startup user entry!
31/05/2011 18:14:35 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /N") changed in System Startup user entry!
31/05/2011 18:18:26 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /U") changed in System Startup user entry!
31/05/2011 18:25:48 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /S") changed in System Startup user entry!

Is this something I should worry about?

Many thanks!

 

[tashi]

Hello JT404,

The FAQ for this forum, "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Questions regarding Spybot-S&D support can be asked here: Spybot-S&D Forums

However it might be best if someone takes a look at the system, if you take that route please follow instructions in "BEFORE you POST" to produce the DDS logs used for analysis, start a new topic here in the malware removal forum and someone will advise when available.

Best regards.