Thank you for this report. As several people have reported this, here's my copied response:
This stuff pops up from time to time, and so far it has always been false positives. Some googling suggests runw and other pyinstaller bootloaders have been wrongly flagged before. upnpc.exe has also been a problem several times–it is the tool I use to create UPnP port forwards when you request inside the client, which is a function trojans usually do as well, so I can see why anti-virus might misunderstand what my program does.
If it is any reassurance, my windows build is 64-bit, so I presume the 32-bit bootloader is never run. I also checked the checksums, and the v230 runw.exe matches v229's byte-for-byte, and github verifies that upnpc_win32.exe hasn't changed for seven months:
https://github.com/hydrusnetwork/hydrus/tree/master/bin
The runw.exe is from Pyinstaller 3.3.dev0+d3e0cb4, which pip tells me is the latest release for my machine. I can't find a direct link to the exe to compare on my end, but if you know how to chase it down, the hashes of the exe I have are:
md5 BEA1AD92BB85AE8A626592FB165CB112
sha256 E2AF151CEE45109880BD5A2EC81528337B13CA1E479FFDE560A15355F2115DF9
I suspect the virus alert is the result of an overly paranoid anti-virus update rather than my dev machine being infected, although I obviously can't be certain. Please let me know if you discover anything new.