first you should check the file at www.virustotal.com to be sure if it is really malicious... the location of the file is pretty strange, let's see the virustotal analysis..
well, I have submitted the file to VT, here are the results :
Avast 4.8.1195.0 2008.06.13 Win32:Otwycal-X
GData 2.0.7306.1023 2008.06.13 Win32:Otwycal-X
All other line have a - (dash) on the 4th column.
Does this allow us to conclude this detection might be a FP ?
I week ago, I removed, using the usual MS delete/modify program procedure (independently
of what SAS had discovered), some adware pieces of code that came along with the Pando
toolbar (see my previous post entitled : "Pando false positive ?" ), do you think this might be
related to the strange location of the suspicious file ?
Even if this file might be a FP, can it spread itself anywhere ?