#Trojan in web utility?

found Trojan:Win32/Leonem!rfn

Thanks for posting your support request!

Note: #community_support is only for answering general questions and for troubleshooting.
All order-specific and shipment-specific support must be handled via the Wooting Support Wizard*
(You need to create an account on the Wooting Hub, using the same email address as your purchase. The account is not created for you automatically!)

Troubleshooting your Wooting Keyboard? Try these steps first!
Basic Troubleshooting

Questions about shipping, or what to do if your shipment has a problem?
Possible Problems During Shipping (with Solutions)

Looking for information about your specific order?
You can find that on the Wooting Hub! There you can also add upgrades, update your shipping address, and much more.

Is your order about to ship and you need to pause it for any reason?
Place it on hold via the Wooting Hub!

Do you need to...

• Cancel an order?
• Return/Refund an order?
• Get assistance with placing an order?
• Change the items in your order?
• Change your shipping address to a different country?
• Return a recent purchase?
• Get warranty support?

All of these types of requests need to be made via the Wooting Support Wizard!

I highly doubt that's anything but a false positive.

When you say web utility, what are you referring to exactly? The website version of Wootility? The downloadable one (and if so which operating system), Wootomation?

It is quite common for (bad) Antivirus to find "generic" Trojans in a lot of apps that involve memory access.

It might be steam related, or possibly from the web Wootility...

We don't use .rar files at all. So definitely not from Wootility 🙂

its something in your recycle bin, no?

Yes but I'm trying to track down the things that went on during that time and updating the wooting profile was one of the things I did during then. I also had the NV app automatically update, then CS2 had some update while I was doing some data backing up.. Steam CS2 and Indiana Jones all auto started without my input

You sure you didn’t download a Trojan previously and then it finally was executed then? If a bunch of things randomly opened, sounds like someone may have gotten remote access to your pc. Wooting software is clean though and like Mansen said, wootility isn’t a rar file.

The only things that were downloaded were through updates, the NV app, CS2 , and I did some 80HE profile updating through the web utility..

I also use a more secure DNS server..

Was likely installed before. If it’s a Trojan where someone’s running remote access, you could’ve downloaded it hours, days, months, and even years ago. Also, dns doesn’t matter when you’re downloading viruses.

If you sail the open seas (if you know what I mean) or access unprotected websites, it’s not hard for someone to slip a little virus on your pc.