I just upgraded to Bitcoin-QT 0.13.0 on Windows 7 64 bit.
Before anyone asks, yes I verified the download signature against the SHA256SUMS.asc file, whose signature correctly matched that of Wladimir J. van der Laan's PGP key (that I downloaded long ago, before the recent threat announcement).

When I tried to run it for the first time, Avast did a deep scan and quarantined the binary.
Is anyone else having this issue or found a solution?
Could a file that passed signature verification still have an infection?!