dunno.. last time this happened it was on the old server as things weren't set up correctly.
Everything is ok and clean on this server so the file that was infected might just have been left behind or uploaded by me at some point by accident. That URL isn't used on it's own so possibly it's been there for while.
EDIT: Just checked again and the URL gets called when there's no avatar image. Might be that as it's trying to get an image and the file isn't one that browser doesn't open it but the antivirus still pops up.