I am a long time user of SAS, currently running a limited account on Windows XP. Earlier I ran a full scan under the limited account and it detected
I can't find much information on the trojan or the file it was detected in.
HOWEVER, I signed into my Administrative account and found the file and it seems like it is a legitimate Microsoft file. I ran SAS under the administrative account and it came up clean. So I switched back over to my account, scanned the Windows folder again, and once again Trojan.Agent/Gen-Sirefef.Process, found in C:\WINDOWS\$HF_MIG$\KB2592799\SP3QFE\AFD.SYS was detected. Ran another administrative account scan of the Windows folder, it comes up clean. Directly scanned the file itself under Adm. and it came up clean. I don't understand why it keeps coming up clean under an administrative account, but as dirty under the limited account. All of my other software programs have come up clean (Avira, Malwarebytes, Spybot, Blacklight Rootkit) and I ran the file through Virus Total and Jotti and both came up clean. Each SAS scan I ran, I made sure the program was completely up to date.
ETA: Another scan under the limited account with SAS detected two more threats, as well as the original, but 0 threats with the administrator account: