Yes, I think it is odd that only two of the antiviruses caught it. Also, when I initially removed it from my computer, Spysweeper missed it and Spybot identified it under CoolWWWSearch.
I wonder if this is because the software was developed by my ex and his friend. Maybe these AVs are detecting it because it behaves similarly to other spyware, but it's not exactly the same? Could this explain it?
My ex explained (not that I trust what he says, but it's information and I will use it if it proves to be helpful) that the software was developed using Visual Basic 6. The first file installs the Visual Basic "Libraries" (sorry if the terminology is wrong here; he explained this in Spanish) and the second file is what has the info to make it actually work. He said the program also works with the existing MSN libraries, and that it sits on the "port" and grabs incoming and outgoing messenger messages.
This is an image of the first file he sent, which opens up a program that installs itself in a folder called Fotos. He sent the program together with photographs, so that when I opened the folder to see the pictures the program would create a folder caled Fotos, where it would save all of the photos, and the program as well. He says that the first file is needed for it to work, but the second file is the actual spyware.
Spybot found and got rid of the second file, which installed MsSystem (that's what he named it) in the registry. Then, using Add or Remove Programs, I uninstalled the program called "Fotos" from my computer.
So, would this explain the contradictory AV findings? Should I install VBA or UNA and scan my whole computer to make sure I'm in the clear?