Before I start explaining the problem:
I am running a legit copy of Windows XP SP3, I have NOD32 as my main anti-virus.
Yesterday before going to sleep I started a trend micro housecall scan (I'm using a trial version of NOD32 for my main anti-virus, along with malwarebytes, superantispyware, adaware and spybot s&d). When I woke up NOD was telling it had detected "Win32/Spy.Agent.PZ trojan".
My NOD32 is in swedish but here's a translation of the relevant info from the log:
The file was detected in C:\DOCUME~1\JONATH~1\LOKALA~1\Temp\VS14AHU6.40S and is "a variant of Win32/Spy.Agent.PZ trojan", and it was quarantined and then removed.
It "Was created by the program c\program\internet explorer\iexplore.exe" (I use firefox normally, but housecall doesn't seem to work as well with that browser for me).
Not sure the translation is perfect but hopefully fine. Anyway, as the scan had finished long before I woke up, the active-x plugin had expired and I had to refresh the page.. and thus losing the scan results, so I restarted it - and about 5-10 minutes into the scan I recieved the same popup about the trojan (and have done so everytime I run the scan, 4/4 times) which makes me think that it's a false positive, probably caused by something installed by housecall? Is there anyway I can be sure tho? For whatever it's worth, I've ran a NOD scan since and it found nothing, and a housecall scan which found some minor things (ie tracking cookie type stuff mostly) but nothing related to the trojan iirc.
Maybe the fact that it's only appeared when I run housecall and so far is 4 out of 4 at that, is enough evidence of it being a false positive but I'm feeling a bit paranoid. Had a detection in some flash game a few weeks ago (actually, my AV at the time, Avira antivir, found nothing, but on a whim I uploaded it to two of those multi-scanner sites, ie virus-total, and 1/36 scanners found something - VBA32, Win32.BrokenEmbeddedPattern on paranoid heuristics, but only on one of the two sites - however after running every other scanner I had, changing to NOD32 and running hijackthis I decided it was probably nothing
One thing that worried me was that upon rebooting my computer and going to one of the sites I regularly visit it said "this account logged in from another browser" at the login box.. However I seem to recall this happening before when rebooting/emptying cookies etc.. Although I'm not sure.
Hopefully this was not too rambly and thanks for any help in making sure it's a false positive, you can provide.