it is not a virus, false positive. a lot of unsigned / system changing / abused tools are used in PE, anti-virus would rather delete a good file then let you get infected, which is usually a good default choice unless your trying to actually use them to accomplish legit tasks.
A completely unrelated but good example of an abused tool is WirelessKeyView.exe by Nir Sofer (NirSoft - THIS IS NOT INCLUDED IN PE but IS included with Fab's AutoBackup). This was originally created to "back up/retrieve" passwords for wireless networks. WirelessKeyView.exe is an awesome tool that will save your butt when you are fixing a machine and have no way to get the original password, it is a life saver! But because people abuse it in obvious ways, it has been flagged as a virus.
So when the real technician plugs in a USB with this tool, that was made with 100% good intention, into Windows 10, it gets immediately removed by Windows Defender. - Imagine being the guy who put in all the hard work to write the program actually trying to use it himself, then....poof! Windows Defender erases it
It is always better to err on the side of caution but it is also very frustrating the way detections are made with AV software now. I have personally written simple tools from scratch that are flagged by AV...Super annoying.
