Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help identifying process

07 Apr 2012   #1
James661

Windows 7 Home Premium 64 Bit
 
 
Help identifying process

Hi i'm paranoid i got a keylogger or malicious software in my computer for something i did, but the Antivirus did not detect anything wrong, also got recently Zemana antilogger just to be safe and seems everything is okay my question is:

found two processes i don't know what they are or what they do can you guys tell me if they are safe or dangerous? should i leave them or disable them? both are startup processes

hehkkhuf.exe > this one doesn't have description or anything it is located on C:\ProgramData\hehkkhuf.exe i googled and can't find the source it's strange the file is hidden can't find it where is located

csrss.exe > this one seems part of windows but i'm not sure

winlogon.exe > same as the one above

Help me please i'm paranoid


My System SpecsSystem Spec
.
07 Apr 2012   #2
mickey megabyte

ultimate 64 sp1
 
 

hi James661, and welcome to sevenforums,

csrss and winlogon are a part of windows - nothing to worry about there.

this hehkkhuf looks very suspect though - do disable it in msconfig, so it won't autostart at each boot, and also download and run the free version of malwarebytes to give your system a good clean.
My System SpecsSystem Spec
07 Apr 2012   #3
James661

Windows 7 Home Premium 64 Bit
 
 

Quote   Quote: Originally Posted by mickey megabyte View Post
hi James661, and welcome to sevenforums,

csrss and winlogon are a part of windows - nothing to worry about there.

this hehkkhuf looks very suspect though - do disable it in msconfig, so it won't autostart at each boot, and also download and run the free version of malwarebytes to give your system a good clean.
I couldn't disable hehkkhuf at first it wouldn't let me then

I did what you told me and malwarebyte removed 2 files:

1- RiskwareTool
2- Trojan.Agent

minutes later the Norton Sonar removed the hehkkhuf.exe i restarted the computer and the file was gone completely so i think i fixed it still i'll be changing passwords of accounts just to be safe thanks

weird the Antivirus did not detect hehkkhuf yesterday when i got it last night and Zemana Antilogger did not detect suspicious activity so dunno what was that for..
My System SpecsSystem Spec
.

07 Apr 2012   #4
mickey megabyte

ultimate 64 sp1
 
 

happy to help
My System SpecsSystem Spec
Reply

 Help identifying process




Thread Tools




Similar help and support threads
Thread Forum
"Error opening process" message in Process Explorer
Hi Everyone I recently did a System Restore on a Windows 7 Pro 64 bit system to correct a strange problem I was having with IE. It seems to have solved the problem, but now Process Explorer is displaying the messages in the screen shot below, and I'm not sure why. The computer is functioning...
Software
Would appreciate some help identifying this problem please.
Hi, I have recently tried to upgrade my son's PC by adding a new CPU, additional memory and a new graphics card. The machine is running a 500w power supply into an MSI 760GM-P21 (FX) motherboard. To this I have swapped out the old AMD CPU and installed a new AMD FX6300 with the stock cooler....
General Discussion
open explorer, starts new process, close it, process remains active
Hi, I've got a quicklaunch shortcut to: %windir%\explorer.exe shell:::{323CA680-C24D-4099-B94D-446DD2D7249E} That takes me straight to my explorer favourites. What I notice is that when I launch that, I get a new explorer.exe thread appear in the task manager. When I close it though, that...
General Discussion
Windows 7 + Process Explorer + Patch: [Opening error process]
Hi fooks, I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be. I have bought last year a little notebook with Windows 7 Home Premium on it. On this machine i am the Administrator, and there are no other people on that, or guestaccounts made. On...
Installation & Setup
Need help identifying a Reg key
Hi all, Im hoping someone can help me out, Ive searched the internet and these forums and cant find what reg key controls the setting for "Who can install updates" in Windows 7. When you go to the Windows Update page, and hit the change settings link on the left, the bottom most check box: ...
Windows Updates & Activation
connection by the system process and killed process
I have a few apps running, incl. Firefox, Outlook. I took down their PID and then exit those programs. I run the following command: netstat -a -o -b -p tcp It will list many connections like below TCP 192.168.83.2:57471 xx.xx.xx.xx:http ESTABLISHED 4184 TCP ...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:12.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App