We got the common mail supposed to be from MS containing the Swen32 worm. When someone clicked the Pack65.exe file in the mail program (Agent) it gets written to Windows/Temp (by the mail program) and avast! dectected it at once (as it should). BUT I couldn't delete it from the avast! dialog warning as it was in use by Windows, and a full scan showed that it was in memory and that several windows files has been infected/renamed allready (of course avast! repaired this OK).
BUT the question is WHY did the virus get into memory and WHY did avast! allow the virus file to be started.
I have scan both for writing and opening EXE files on, and the warning was shown, but apparently the virus started in the backuground anyway (while avast! displayed the message). Doesn't avast! stop all action in the background? And shouldn't I've gotten a second virus warning (the file was first saved from the mail-program to Windows/Temp, and then it was runned from Windows/Temp after that)?
Suddenly I'm a bit unsure about avast!. McAfee NEVER let a virus into the system, even if I ran it from the mail program.
Any explanation? Any settings that are wrong?
If this can happend inside a mail-program, the same thing will happend if someone click a .EXE file on a web-page (it also first gets saved in folder, and then executet from there)