Basically I have some FLAC files that microsoft security essentials has picked up as trojans, before I even did anything with the files, so they are currently sitting dormant.
I understand that in order for the files to actually do anything, they have to be run as executable code, which in theory, is impossible for a FLAC file. But are there any known exploits in older FLAC decoders that could possibly allow a trojan to run itself? (ie, a buffer overrun or something like the windows picture viewer TIFF exploit).
I disagree with Nessuno, though, about running from an unprivileged user. Unprivileged user accounts aren't good enough because of the way Microsoft products handle privilege separation. If you suspect that something might be virus infected then you *must* open it in a virtual machine until you've verified that they're clean.
Normally I would say that they are false positives thrown up by MSE's heuristics, except that they are Trojan:JS/Pdfjsc.Y and Exploit:JS/Neosplit.A, in two separate files.
Secondly I'll say that I'm exactly new to computers, and I realise that this at first sounds like kind of a trivial question, so I apologise for that.