homeslice Posted November 20, 2021 ID:1489244 Share Posted November 20, 2021 Hello, My Windows 10 PC suddenly started hanging yesterday, with no mouse clicks possible. Even though Ctrl-Alt Del would still work, nothing else was and I had to restart a few times. During one of the hangs with no mouse function, I saw a new tray icon I didn't recognise. It was a squashed grey-blue ball with a line through it. This concerned me, and today I found a Gibberish numbered folder in my download with the following exe in it: Heimdall_H1436_ML_setup_webinstall.exe I have no idea if this was installed, and worry if it is a keylogger or something with control over my web browsers. Any information on this? I run Malwarebytes Live and Norton 360. Neither has reported anything. Best, HL Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2021 ID:1489245 Share Posted November 20, 2021 (edited) Hello homeslice and welcome to Malwarebytes, Run the following scan, lets see if anything shows up: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The tool will also make a log named (Addition.txt) Please also attach that log to your reply. If necessary:[/b] Disable smart screen ONLY if it interferes with software we may have to use:https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8 Please remember to enable when we are finished.... Next, Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/Please remember to enable AV software when we are finished running scans....Thank you,Kevin Edited November 20, 2021 by kevinf80 Link to post Share on other sites More sharing options...
homeslice Posted November 20, 2021 Author ID:1489246 Share Posted November 20, 2021 Thanks for the quick reply! Doing so now... Link to post Share on other sites More sharing options...
homeslice Posted November 20, 2021 Author ID:1489247 Share Posted November 20, 2021 Addition.txt FRST.txt Link to post Share on other sites More sharing options...
homeslice Posted November 20, 2021 Author ID:1489248 Share Posted November 20, 2021 Thanks Kevin! Fingers crossed.... Link to post Share on other sites More sharing options...
Solution kevinf80 Posted November 20, 2021 Solution ID:1489251 Share Posted November 20, 2021 Hiya HL, Do not see any obvious Malware or Infection in your logs, have a read of the following regarding your concern... Quote Heimdall is a cross-platform (runs on Linux, Windows and Mac OSX), open source Odin alternative which uses the same protocol as Odin to interact with a device in download mode, that can be used to flash Android ROMs or Kernels onto Samsung Galaxy S phones. ... Flashing ROMs onto your device may also void your warranty! Is that something you may have been researching..? Regards, Kevin Link to post Share on other sites More sharing options...
homeslice Posted November 20, 2021 Author ID:1489256 Share Posted November 20, 2021 Thanks very much - that helps ease my mind a bit. Haven't researched anything like that, but also just found this as well: https://heimdall.site/ If its not a bad actor, I suspect this came with some GDrive zips I had to open. Perhaps the folder was just in one of those. It doesn't explain the PCs behaviour, but hopefully its just a glitch or my AV and MWB protecting me. Thanks very much for the check!!!! Link to post Share on other sites More sharing options...
kevinf80 Posted November 20, 2021 ID:1489259 Share Posted November 20, 2021 Thanks for the update, do you have any remaining issues or concerns..? Link to post Share on other sites More sharing options...
homeslice Posted November 21, 2021 Author ID:1489320 Share Posted November 21, 2021 Thanks, Not much I can act on at the moment - I'll just keep an eye on things, thanks. I still don't know where the exe came from, what the tray icon was, or why the mouse click was disabled, but things seem ok at the moment. Thanks for checking in. Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2021 ID:1489375 Share Posted November 21, 2021 Hiya HL, Are we ok to close or do you require any further assistance..? Regards, Kevin. Link to post Share on other sites More sharing options...
homeslice Posted November 22, 2021 Author ID:1489394 Share Posted November 22, 2021 Close thanks, very happy, thanks for the quick response! Link to post Share on other sites More sharing options...
kevinf80 Posted November 22, 2021 ID:1489462 Share Posted November 22, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts