The WTLib is completely safe and harmless. (At least to your computer....)
The recommendation to turn off active AV scanning is a little dated but was very common a few years ago. Prior to Vista, second rate products like Norton actually patched the Windows kernal, with potentially unpredictable results, especially during installation when dll's and other components need to be registered. (Boy did they cry like stuck pigs when they realized they had to start over from scratch)
Some AV products today cannot be turned off. Period. (Yes, you can manually stop the services, but they will restart themselves in minutes) Sophos is a good example.
Let's assume just for fun that there was something malicious in the WTLib. Does anyone think that your AV software would protect you from it? Wrong, wrong, wrong......
AV software does monitor for certain, blatant "virus like" behavior, but the protection is still primarily signature based. What this means is that potential malware is either submitted to the AV vendor for examination or they find it themselves using a "honeypot." They examine the code and if it really is malware, they will give it a name and add a signature to the detection database.
The new detection database will go out to consumers on the next scheduled update, unless the malware is unusually dangerous, in which case the reputable AV vendors will do an emergency update. But until that happens, your AV software won't detect it and it will be completely invisible unless you know what to look for. And that's the weakness of signature based detection. It only works with known malware.
Typically, the bad person or persons who created the malware in the first place will now subtly alter it and reintroduce it into the "wild." That's why you get endless variants of the same virus, like Vundo-A, B, C, D, E, F, G, H, I,...on and on and on. But that is a little risky each time it's done. What is the next logical thing once a piece of malware is discovered? --A search for the guilty party.
Let's assume just for the sake of discussion that you are a virus writer. How do you get your malware into the wild without getting caught? Do you send it in an email to your ex? Bad idea. Do you distribute it on a software CD with your name on it? Terrible idea. Remember that this is illegal. People that get caught are prosecuted. What happened to Jeffry Parson, creator of the Blaster worm? He was caught and convicted of creating it's B variant and sentenced to a prison term.
Jehovah's Witnesses are never going to distrubute malware on their CD. You don't do things that are illegal with that obvious a trail leading back to your front door. --And please nobody start with the, "If you agree to it in the EULA it's legal" nonsense