I haven’t a great deal of faith in a-squared and based on the file name alone security.js this file might well be packed and or encrypted and that may be what is detected (seeing some on the VT results).
You can open it in notepad or other text editor and you would see it is packed/encrypted (weird) text rather than plain javascript.
As you said packed and encrypted file. Other results:
Comodo Malware Scan results
• File Info
Name Value
Size 44950
MD5 1e3261612f743a261a96a6df3e7cc2c1
SHA1 faa1c8c27380adcdab4a1545c4b81074711f5dd0
SHA256 e2fcbb2330182eaa72b3317e2375f9a5668216c950d5b1026596b201d0fb4fa9
Process Failed
• Verdict
Auto Analysis Verdict
Not Rated as Suspicious
DrWeb online av sanner:
Checking: Security.JS
Engine version: 5.0.0.12182
Total virus-finding records: 557242
File size: 43.90 KB
File MD5: 1e3261612f743a261a96a6df3e7cc2c1
Security.JS - Ok
The code, some flag as JS.Wonka, contains a certain functionality for encrypting scripts that may have malicious intent. This does not necessarily mean that a virus has been found. It merely means that HTML code was found which attempts to activate additional executable code without the user’s express permission, but this code was not found in a temp file but in SRWare;s browser resources/content file,
I gave you an online link to the original code that was flagged by a-squared, Fortinet, McAfee and Sophos, I did not want to give it here on the forums for obvious reasons, but I am curious if you also now consider this Security.JS a FP,