Could this be Something New? (hcnqk.exe)

Discussion in 'adware, spyware & hijack cleaning' started by kolbasm, Jun 25, 2004.

Thread Status:
Not open for further replies.
  1. kolbasm

    kolbasm Registered Member

    Jun 25, 2004
    I was scanning through my HighJackThis log and discovered a start-up entry in my registry:

    [xrysl] C:\WINDOWS\hcnqk.exe

    The HighJackThis object in question is:

    O4 - HKLM\..\Run: [xrysl] C:\WINDOWS\hcnqk.exe

    Logfile of HijackThis v1.97.7
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    I have previously (and currently) been running:
    • Norton SystemWorks 2003 (Antivirus 9.05.15) Fully updated
    • Lavasoft's Ad-aware 6.0
    • Spybot - Search and Destroy
    • SpywareGuard
    • Spy Sweeper (Full) Version 2.6.1
      (For scans, but not for real-time protection)


    I do not recognize this process, nor have I been able to find any information on it.

    I have not been able to locate the 'C:\WINDOWS\hcnqk.exe' executable, and I don't believe I have found it in any other parts of the registry. (Note also, that it is not in my list of running processes.) So I am most likely not in any trouble. I am just curious as to what it might be. (Also HackerDeffender is not on my system according to 'Haxorcitos Rootkit Detector v0.6.2')

    I have searched the net, and various sites (for 'xrysl', 'hcnqk' and other variations), but still no luck.
    I have only found a Japanese thesis in pdf format.

    • Upon further inspection, I have been lead to believe it might be encoding for the Japanese character font/language-packs. (I have installed some Japanese programs previously. (Filenames intended for Japanese system))
    • I use various programming development kits (Might be part of BasicX microcontroller 'sDK', though I doubt it. Or another.)
    • It could be something I put there, but I don't remember doing so. (Though, I tend to forget things, so I am not ruling that out. :rolleyes: )
    • Virus or adware, that has random file names. Or something that has been removed and not properly cleaned up.

    There is no rush to resolve this issue, but I figured I would post about it just incase it sparked someone’s interest, or another individual wanted to know about it.

    If you can provide any information on this it would be appreciated. I hope this snippet of information can be useful to someone. (I apologize in advance if this is something that I should have been able to find and explain on my own.)
  2. Taz71498

    Taz71498 Registered Member

    May 27, 2004
    Hello kolbasm,

    That is one to have HJT fix. Would you like to post a log here for us to look at?
  3. kolbasm

    kolbasm Registered Member

    Jun 25, 2004
    Thanks for checking that. I assume because it is not currently doing anything that it can be safely removed.

    As far as I can tell, I know what the entries in the log correspond to, or at least that they are safe. (So I don't believe there is a need to have it checked.) Though, thank you for your time.

    The only other thing left would be if there are any theories/known explanations of what it might be related to.

    (I suppose knowing what other processes are running would help with that, but I'm not sure it would be that helpful. Most likely, unless someone is looking for a specific program that it is related to, then one would have to do research on the more uncommon entries (if they were even related at all). Probably would take up more space then be useful. Though, if someone needs it I suppose I could make it available.)

    If you wish, this thread can be closed and anyone with information about what it is related to could Private Message me. (I’m not sure it is necessary to keep it open, though it could not hurt either. Just letting the moderators/admins know that I don’t mind, and that the issue is more or less resolved. Meaning: I am just curious about the details.) ;)

    Thanks again.
Thread Status:
Not open for further replies.