PBear, it's ot easy to answer...
Maybe you should run an on-line scanning in all your computer to be sure.
I see no reason to get in panic but just to be sure.
You could try on-line scanning and report what you get.
Thanks for the reply. I checked out a couple of the online scanner services you listed, but couldn't really see the point, as they apparently
don't scan memory or MBR, only files. I can't imagine what they could find that avast!, running at boot time, wouldn't have found.
On the other hand, I'm pretty sure I've isolated the problem: I disabled the four resident components of Microsoft OneCare, then re-enabled them one at a time, rebooting after each change and running an avast! virus scan (just through the memory scan phase).
It all boils down to one resident component of OneCare: Microsoft Malware Protection Service (loaded as a service from "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.EXE -n 4"). After mucking about and rebooting all those times, I finally found that, even with OneCare fully re-enabled, I could simply stop the MSMPSVC service, run an avast! scan and all the virus alerts would go away, re-enable MSMPSVC and they'd all come back - the same three virus alerts in memory every time.
Scanning the file itself produces no virus alerts, just what it loads into memory does. I seriously doubt there is any chance of infection, just something in the malware checking routines that it uses that resemble virus signatures themselves.
I suppose it would be difficult to adapt avast! to recognize the presence of this Malware Protection Service and stop throwing false positives about it (since there is nothing suspicious in the executable file, only its memory routines), but it certainly would be desirable. I'm sure a few other people may wind up using the same combination of OneCare and avast!, just because a lot of techies like to see how far they can tweak their systems, and will wind up suffering the same panic I did when they see these false alerts showing up.
Right now, I seem to have a good working solution having both programs running simultaneously and both working properly, as I want to continue testing the Microsoft program while still preserving features that OneCare doesn't currently provide - mainly, the ability to do daily backups of just selected areas of the hard drive and resident protection for eMail, P2P, IM and scripts. I've turned
off avast!'s Standard Shield so OneCare can continue doing that task, while leaving avast! to do the rest, then tested OneCare with EICAR to make sure it was still functioning with avast! loaded into memory (it went berserk the instant I saved the EICAR file and plagued me about it until I deleted the file - which is great).
The main drawback of OneCare's antivirus component at this point (and something MS will probably improve) is the inability to customize scheduled virus scans (it will only do the entire system), which is impossible to live with more often than the default-scheduled once a month. With avast! loaded in tandem, I can go on doing my quick, 2-3 minute daily scans of just the most vulnerable areas (memory, startup programs, system folder, download folder, temp folder, eMail folder and browser cache) - although, I'm now going to have to put up with avast! finding three viruses in memory every time a scan is run (at least for the time being). I guess I can live with that.
Best regards.