Been working with Velvet most of the day on "the evil key-virus thingamajig".
Tried as I might, I couldn't get rid of the positive, and then I tried something completely insane.(after having built three different wallets)
I renamed the coin into 331337-qt and replaced any instances of 1337 in the source code with 331337.(which included the name of the registry keys written by the wallet) and recompiled the source into a qt wallet.
opened the wallet, so it wrote it's registry key and then ran malwarebytes
Guess what?........no more positive in malwarebyte.
Same wallet, same code, different name........

So, I guess that means they were flagging a simple string (1337) key label without regard to the contents of the key, which were harmless and the same as any other windows wallet registry key.
Thus it's TRUELY a false positive.

Just as a sidenote, the wallet I compiled from the github source code is 700kb+/- smaller than the wallet offered megadownloads.nz.

I don't know and can't say exactly what that 700kb is.
it might be simple differences between the two build environments,(libraries and compiler optimzation, etc,etc) but 700kb seems like an awful lot of difference.
So I can't say either pro or con with any degree of confidence whether that 700kb was a woolie-booger or not......by I do know my wallets clean.
Velvet has a copy of the new wallet I compiled, He'll probably run it through it's paces for a bit to test all the functionality, and then release it.
It still throws the false positive because it's still named 1337-qt and it still writes the 1337 registry key.....but now at least he and I know it's a false positive without any doubt.

P.S. if anyone wants to follow in my footsteps to confirm my findings......by all means, have at it, and report back.