It is common for virus scanners to report false positives with win32-loader.exe because it uses the NSISdl plugin from NSIS which is often also used by malware writers. Incompetent anti-virus authors mistake NSISdl for being part of the malware and then report it as being the virus instead of the other parts of the malware. Below are some examples of the resulting false positives.
Suspected virus in win32-loader.exe
Symantec antivirus considered win32-loader.exe infected with Trojan.ADH.SMH:
https://deb.debian.org/debian/tools/win32-loader/stable/win32-loader.exe Scan type: Auto-Protect Scan Event: Security Risk Found! Security risk detected: Trojan.ADH.SMH File: C:\Users\XXX\Downloads\win32-loader.exe Location: Unknown Storage Computer: YYY User: XXX Action taken: Cleaned by Deletion Date found: Wednesday, January 14, 2015 12:31:00 PM
-- ?ilgiz 2015-01-14 21:30:33
- My online scan of the file showed 4 scanners detecting a security issue in the file:
McAfee-Gateway 906 ms Aug 15 2014 (More than 21 weeks ago) Artemis!37A1016D0D97 DrWebGateway 2501 ms Aug 15 2014 (More than 21 weeks ago) Tool.Vpatch.2 Symantec 2859 ms Aug 14 2014 (More than 21 weeks ago) Trojan.ADH.SMH Norman 1172 ms Aug 14 2014 (More than 21 weeks ago) winpe/Suspicious_Gen4.GUKNW
A unetbootin project worked on Windows 7: