Yes, this is a custom scan. But I changed the settings months ago. The process was never detected before. It was detected only after I updated to 100926-1 last night.
Btw, there were similar problems with avastsvc as FP back in March:
The detection isn’t on avastSvc.exe, but on the signatures it loaded into memory
In general, any security application can load some signatures (fragments of malicious code used to detect the real threats) into memory - they are located in data segments (instead of executable code).
These items in scan results are not the files but the virus is detected in memory allocated to security_program_name.exe process - because of this no action is available.
So when you elect to scan memory it isn’t too surprising if it detects signatures loaded into memory, even those loaded by avastSvc.exe. Now I suspect you may have run another scan recently that meant some signatures were loaded, before you ran the custom scan including memory. An unfortunate coincidence.
I have just run a memory scan and no alert not doubt if I ran a custom scan with some other areas to be scanned it might load some signatures to speed the scan and trip the memory scan part of the custom scan.
Personally I see little point in running a custom scan, nor including memory or archives. The whole idea of the resident on-access scanners is to prevent malware getting on to your system and also to scan it before allowing it to run. This in my way of thinking depreciates the necessity to do on-demand scans.
However, I do a weekly scheduled pre-defined, Full System scan and that essentially scans files that are a) at risk of infection and b) if infected present an immediate risk. So a custom scan exceeding that level of scanning is going to be scanning files that aren’t a target of infection or present an immediate risk. Most of the files scanner would otherwise be dormant or inert.
Thank you for a comprehensive and lucid response, David. I suspected as much.
There is a similar FP (which is not really an FP, coming to think of it) with AdAware’s AV signatures: they are loaded to memory and Avast identifies the resulting processes as malware. Good for Avast!!! It proves how vigilant Avast is.