I recently downloaded a keygen from the internet.
I scanned it with Avast! which didn't warn me about a virus/trojan.
I executed the file. After a few seconds my firewall (sygate personal) informed me that the file "mspatchsec.exe" in "windows/system32" tries to connect to some strange IP.
I declined access and deleted the file which actually did the job!
But why didn't Avast! see it?
I can send you the file for further testing, do you want that?
(I would have to download it again from the Overnet-Network but I have it in front of my eyes right now, it's still around there, now with a txt-warning from other users).