Just thought I'd add my €0,02 grumble for bloody ClamAV (etc). Doing a site upload the other day, I was warned of a trojan. Something Avast didn't catch? I tossed the file to VirusTotal and three products (ClamAV, TheHacker, and something with a Chinese-sounding name) reported the file was infected with a trojan, though neither agreed on what the trojan was. So I looked up info on the alleged infection, tore the file to bits. Then sent info to the author of the software involved, who confirmed it was a false positive.
It is stuff build using the latest version of the ClickTeam Installer (I use this as it is to-the-point without loads of complications). Anything built using that will trigger those three A/V products. And warn of a trojan in the machine.
So given some antivirus products miss things, while others see what isn't there, I would be highly sceptical of a report claiming these sorts of things...