I did not say that it is a false positiv, i think it is Malware,too. Like any packed Programm(upx, aspack or any other packed file) in the root or in the Windows folders(Windows, System or System32) is suspect for me.
And if these Programms are called "command.exe" " svhost.exe" or "run32dll.exe" too, than "my heuristics" rings the malware-bell! %-)