I ran into an interesting issue today. We have a Mac Pro running Mac OS X 10.7.4, Parallels 7.0.15104 and Avast 7.0 (37264). We use this station to run six virtual copies of Windows so the web department can test out sites using various versions of Internet Explorer, Firefox, etc. under Windows XP, Vista and 7. Aside from this, the Mac isn't used for anything else -- but since it's got a public-facing Internet connection, I'm running antivirus software on the Mac host system just to be safe. The Windows environments are all running Microsoft Security Essentials -- we want them to be as close to "standard" Microsoft systems as possible, so running an Avast product isn't really an option.
Today, I notice the screen had some Avast "infection detected" warnings on-screen. I reprinted two of them below -- as you can see in the file path, one refers to the W7-IE9 environment and the other to W7-IE8 environment, so these are in two separate virtual systems. There was a third warning for the XP-IE8 environment as well but I didn't copy it down and it seems there's no log of it anywhere I can find anymore.
I verified that Security Essentials in all these environments were up-to-date, then ran full scans. None of them had any log of a past malware detection, nor did they turn up anything during the full scan.
I'm not sure if we had a malware incident or not. For one, the two reports listed below refer to two different pieces of malware. I googled for info on the malware listed, and the Bleah-D appears to be a decade-old boot sector infector. Although it's certainly possible one of my web developers was proofing a site that is infected, I don't think a website would be infected with a boot-sector virus. And if they were proofing an infected site under multiple environments, I'd think the warnings would show the same infection, not different ones. So I'm wondering if these were some kind of false positives.
Anyone got any ideas? Thanks in advance.
avast! Filesystem shield has detected a threat.
Infection: Marburg/Segi
File: /Users/spectrum/Documents/Parallels/W7-IE9.pvm/{6a770076-d08e-4bb6-b52c-8ed58f91aba7}.mem
Process: /Library/Parallels/Parallels Service.app/Contents/PlugIns/Parallels VM.app/Contents/MacOS/prl_vm_app
UID: 501
avast! Filesystem shield has detected a threat.
Infection: Bleah-D
File: /Users/spectrum/Documents/Parallels/W7-IE8.pvm/{15de1555-2102-4e81-bf3a-9e99e956af04}.mem
Process: /Library/Parallels/Parallels Service.app/Contents/PlugIns/Parallels VM.app/Contents/MacOS/prl_vm_app
UID: 501