Latest sophos is reporting that ScreenShot Captor Setup is 'exhibiting suspicious behaviour pattern HIPS/ProcMod-003'
Our place is currently under a big attack so I don't want to turn off my AV to send a sample (You can't upload the file while the AV is running as it thinks it is a virus and won't let you select, catch 22) so I thought you might want to.
(This is the setup file and not the program itself)
Edit - http://www.sophos.co.../hipsprocmod003.html
Isn't that a bit of a harsh pro-active alert? Anything that Internet Explorer downloads and runs! Isn't that everything?