steamwebhelper.exe trying to download a trojan

[Nora]

i was playing a game today, i used the steam overlay to search for something but i experienced a shutter effect on the site and when i later checked reports i found out that it was trying to download a high risk trojan onto my pc
i also saw that kaspersky has blocked downloading load5.biz which i found out is a annoying adware
i am worried about steam trying to download something onto my pc through an overlay, which i didn’t even know was possible
i also experienced my pc slowing down after the incident picking the pace back up after i restated it
it may just be me worrying too much over something non-important but i looked thru the internet to find that there have been other people who also experienced this
all help will be appriciated

Dzisiaj, 11.02.2022 19:51:25;Pobranie zostało zablokowane;Steam Client WebHelper;steamwebhelper.exe;C:\Users\Filip\Desktop\Steam\bin\cef\cef.win7x64\steamwebhelper.exe;C:\Users\Filip\Desktop\Steam\bin\cef\cef.win7x64;4436;DESKTOP-CRMAKG4\Filip;Aktywny użytkownik;Zablokowano;Zablokowano;HEUR:Trojan.Script.Generic;Trojan;Wysoki;Analiza heurystyczna;https://startconsiderimagine.top/?utm_campaign=3R60Iq_6TwnSLaZnPTupNSKfvhj857wOWHP26RZmXuw1&t=main7d;?utm_campaign=3R60Iq_6TwnSLaZnPTupNSKfvhj857wOWHP26RZmXuw1&t=main7d;https://startconsiderimagine.top;Plik;Analiza ekspercka

[Schulte]

Hello @Nora, Welcome.

The heuristic has reacted here and prevented the download. The heuristic occasionally also causes false alarms, but what it was in your case cannot be clearly identified. The fact is that the download was blocked, the affected object did not reach your computer.

It is normal that the computer slows down after a detection. Your KL product then scans everything a bit more intensively.

I would like to recommend you to run a complete scan of the computer anyway. If nothing is found, there should be no danger.

[ApLab]

steamwebhelper.exe is part of Steam Overlay. If you’re on a game integrated with steam overlay (such as Team Fortress 2, CS:GO, etc) and you’re playing on unofficial community servers there is a small chance that the community server may attempt to abuse HTML MOTD’s to load malicious web content in the background.

To prevent this from happening in the future, most games like the ones I mentioned above have an option to disable HTML MOTD’s in their settings.

I wouldn’t be too worried though, Kaspersky successfully blocked the script, and steamwebhelper is heavily sandboxed for this exact reason, to mitigate damage from malicious scripts like the one you encountered.