It is common for virus scanners to report false positives with win32-loader.exe because it uses the NSISdl plugin from NSIS which is often also used by malware writers. Incompetent anti-virus authors mistake NSISdl for being part of the malware and then report it as being the virus instead of the other parts of the malware. Below are some examples of the resulting false positives.

Suspected virus in win32-loader.exe

Symantec antivirus considered win32-loader.exe infected with Trojan.ADH.SMH:

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.ADH.SMH
File: C:\Users\XXX\Downloads\win32-loader.exe
Location: Unknown Storage
Computer: YYY
User: XXX
Action taken: Cleaned by Deletion
Date found: Wednesday, January 14, 2015  12:31:00 PM

-- ?ilgiz 2015-01-14 21:30:33

McAfee-Gateway  906 ms  Aug 15 2014 (More than 21 weeks ago)    Artemis!37A1016D0D97

DrWebGateway    2501 ms Aug 15 2014 (More than 21 weeks ago)    Tool.Vpatch.2

Symantec        2859 ms Aug 14 2014 (More than 21 weeks ago)    Trojan.ADH.SMH

Norman  1172 ms Aug 14 2014 (More than 21 weeks ago)    winpe/Suspicious_Gen4.GUKNW

Windows 7

A unetbootin project worked on Windows 7:

-- ?ilgiz