Try virustotal - use the actual file that was flagged.
I can't say anything without knowing at minimum the file hash, since it could be something that was disguised / renamed as Steam.

Check your file hash matches the below

MD5 5ec88800b1671d61c30e8601a4ba553e
SHA-1 6dadc0bf8ac0c54e848cc0d21ec8d98db6e0e7ba
SHA-256 87d0cd59c8e17b9cece911e09e494cefc5d02959d510af08a9e3233ac2f2d58a

I rebooted the system and during that process, the AV deleted steam.exe. When checking the folder \Steam there was a steam.exe.old dated 30\05\2023 so some malware has been there and renamed the file because is certainly wasn't me. I'm going to reinstall Steam and compare the new and old. As previously said, the steam.exe was deleted during boot.

BTW the SHA-256 is identical in "Length" to the one you sent but that's all the strings have in common. So that looks a bit suspicious

False Positive, which is not a surprise considering it's a Sophos product.

Steam.exe.old is not the sign of malware. That's how Steam works when it updates itself. Renames the original file to that.

I took a scan, used virustotal made it do rescan to be sure as some of it said time out, so far all clean, so I went got hitman pro downloaded, had it scan came back clean.

So like 1st person posted, please check file, and since you said you have odd file, can try using something to scan only the folder to see if anything else, using malwarebyte you need to enable a setting to be able to select only folder, if you want a pace of mind then go ahead doing full scan on system, and enable rootkit scan, it will take long time because rootkit does deep scan on each file, but it will do the job.

Publicado originalmente por skagasoft:

BTW the SHA-256 is identical in "Length" to the one you sent but that's all the strings have in common. So that looks a bit suspicious

You want to ensure it matches, not just length.

Indeed, the length is always the same. That's one of the core definitions of a HASH value.

Instead of reinstall, I renamed the steam.exe.old to steam.exe and started the program and during that process the .exe and some libraries, all with the same time stamp, have been downloaded and another steam.exe.old has also appeared and that file has the same time stamp as the one I renamed to .exe, 30\05\2023 or 05\30\2023 if it's US format. I'm still not quite comfortable with this because some process has taken place that I don't understand. The AV labelled it "Trojan" but, I need to dig a bit deeper in this.

Publicado originalmente por skagasoft:

Instead of reinstall, I renamed the steam.exe.old to steam.exe and started the program and during that process the .exe and some libraries, all with the same time stamp, have been downloaded and another steam.exe.old has also appeared and that file has the same time stamp as the one I renamed to .exe, 30\05\2023 or 05\30\2023 if it's US format. I'm still not quite comfortable with this because some process has taken place that I don't understand. The AV labelled it "Trojan" but, I need to dig a bit deeper in this.

If it a questionable file why would run it?

Also if it wasn't something you did, why not delete it, it possible might be old .exe that hitman pro just flagging by mistake, but otherwise if wasn't something you did, and not something steam doing then this point to something else.