Jump to content

Found Heimdall exe downloaded on my PC after some odd behaviour


Go to solution Solved by kevinf80,

Recommended Posts

Hello,

My Windows 10 PC suddenly started hanging yesterday, with no mouse clicks possible. Even though Ctrl-Alt Del would still work, nothing else was and I had to restart a few times.

During one of the hangs with no mouse function, I saw a new tray icon I didn't recognise. It was a squashed grey-blue ball with a line through it. This concerned me, and today I found a Gibberish numbered folder in my download with the following exe in it: Heimdall_H1436_ML_setup_webinstall.exe

I have no idea if this was installed, and worry if it is a keylogger or something with control over my web browsers. 

Any information on this? I run Malwarebytes Live and Norton 360. Neither has reported anything.

Best,
HL

Link to post
Share on other sites

Hello homeslice and welcome to Malwarebytes,

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The tool will also make a log named (Addition.txt) Please also attach that log to your reply.


If necessary:[/b]

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY
if it stops software we may use from working:

https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....


Thank you,

Kevin
Edited by kevinf80
Link to post
Share on other sites

  • Solution

Hiya HL,

Do not see any obvious Malware or Infection in your logs, have a read of the following regarding your concern...

Quote

Heimdall is a cross-platform (runs on Linux, Windows and Mac OSX), open source Odin alternative which uses the same protocol as Odin to interact with a device in download mode, that can be used to flash Android ROMs or Kernels onto Samsung Galaxy S phones. ... Flashing ROMs onto your device may also void your warranty!

Is that something you may have been researching..?

Regards,

Kevin

Link to post
Share on other sites

Thanks very much - that helps ease my mind a bit.

Haven't researched anything like that, but also just found this as well: https://heimdall.site/

If its not a bad actor, I suspect this came with some GDrive zips I had to open. Perhaps the folder was just in one of those.

It doesn't explain the PCs behaviour, but hopefully its just a glitch or my AV and MWB protecting me. 

Thanks very much for the check!!!!

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.