JT404
2011-06-01, 10:15
Hi all,
Looking for some info on a suspicious process 'hscah' I had on my Windows 7 32-bit machine last night, full virus scan didn't flag it, so downloaded spybot and it started flagging the below. I've not been able to find any info about it on Google and I didn't think it was a system file.
A full scan with 'Avast!' didn't flag it but it's behaviour is rather dodgy.
31/05/2011 18:01:48 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /a") changed in System Startup user entry!
31/05/2011 18:02:31 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /Z") changed in System Startup user entry!
31/05/2011 18:04:06 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:04:17 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /F") changed in System Startup user entry!
31/05/2011 18:04:22 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /o") changed in System Startup user entry!
31/05/2011 18:05:30 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /l") changed in System Startup user entry!
31/05/2011 18:10:51 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /n") changed in System Startup user entry!
31/05/2011 18:11:03 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:11:11 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /W") changed in System Startup user entry!
31/05/2011 18:11:12 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /L") changed in System Startup user entry!
31/05/2011 18:11:20 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /y") changed in System Startup user entry!
31/05/2011 18:11:21 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:13:52 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /s") changed in System Startup user entry!
31/05/2011 18:14:33 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /D") changed in System Startup user entry!
31/05/2011 18:14:34 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /F") changed in System Startup user entry!
31/05/2011 18:14:35 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /N") changed in System Startup user entry!
31/05/2011 18:18:26 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /U") changed in System Startup user entry!
31/05/2011 18:25:48 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /S") changed in System Startup user entry!
Is this something I should worry about?
Many thanks!
Looking for some info on a suspicious process 'hscah' I had on my Windows 7 32-bit machine last night, full virus scan didn't flag it, so downloaded spybot and it started flagging the below. I've not been able to find any info about it on Google and I didn't think it was a system file.
A full scan with 'Avast!' didn't flag it but it's behaviour is rather dodgy.
31/05/2011 18:01:48 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /a") changed in System Startup user entry!
31/05/2011 18:02:31 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /Z") changed in System Startup user entry!
31/05/2011 18:04:06 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:04:17 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /F") changed in System Startup user entry!
31/05/2011 18:04:22 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /o") changed in System Startup user entry!
31/05/2011 18:05:30 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /l") changed in System Startup user entry!
31/05/2011 18:10:51 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /n") changed in System Startup user entry!
31/05/2011 18:11:03 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:11:11 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /W") changed in System Startup user entry!
31/05/2011 18:11:12 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /L") changed in System Startup user entry!
31/05/2011 18:11:20 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /y") changed in System Startup user entry!
31/05/2011 18:11:21 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /E") changed in System Startup user entry!
31/05/2011 18:13:52 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /s") changed in System Startup user entry!
31/05/2011 18:14:33 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /D") changed in System Startup user entry!
31/05/2011 18:14:34 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /F") changed in System Startup user entry!
31/05/2011 18:14:35 Denied (based on user blacklist) value "hscah" (new data: "C:\Users\JT404\hscah.exe /N") changed in System Startup user entry!
31/05/2011 18:18:26 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /U") changed in System Startup user entry!
31/05/2011 18:25:48 Denied (based on user decision) value "hscah" (new data: "C:\Users\JT404\hscah.exe /S") changed in System Startup user entry!
Is this something I should worry about?
Many thanks!