Getting Process... is infected by "JS:ScriptSH-inf [Trj]" virus." - REPEATEDLY

For the last few days, on my nightly scan, I’ve been getting the following 3 messages:

File “Process 3776, memory block 0x01220000, block size
1310720” is infected by “JS:ScriptSH-inf [trj]” virus.
“Scan Drives C: and F:” task used
Version of current VPS file is 090512-0, 05/12/2009

File “Process 3776, memory block 0x055A0000, block size
1310720” is infected by “JS:ScriptSH-inf [trj]” virus.
“Scan Drives C: and F:” task used
Version of current VPS file is 090512-0, 05/12/2009

File “Process 3776, memory block 0x00E20000, block size
1310720” is infected by “JS:ScriptSH-inf [trj]” virus.
“Scan Drives C: and F:” task used
Version of current VPS file is 090512-0, 05/12/2009

Can anyone tell me why Avast is not getting rid of it and how I can get rid of it?

When you open Task Manager and look for process with PID 3776 (provided you didn’t restart the machine yet) - what is it?

Never thought of doing that!

Actually, it’s SpyBot’s TeaTimer

Shouldn’t this be safe?

Thx,

Cash

Isn’t SpyBot encrypting their signatures? ???

Well, it’s a memory scan… so the signatures are probably encrypted on disk, but decrypted in memory.

Sure, but how it should be to avast do not detect it as a false positive? ???

I’m afraid it’s not possible to prevent.

But how does it work until now?
Why does other antispyware do not do the same (result), for instance, MBAM or SAS…

This is similar to the warning I have been receiving after yesterday’s update of my Spyware Terminator/ClamAV. An Avast! trojan horse warning on the same script item, “JS:ScriptSH-inf[trj]” keeps occurring on my machine at start-up. Avast! seems to be seeing this script item after ClamAV’s 5/12/09 update. I and another poster mentioned it (he had a problem with Avast! seeing the script in ClamWin) .

avast! reports “JS:ScriptSH-inf [trj]” - REPEATEDLY & I don’t have SpyBot S & D on my computer.

I’m no software guru, but I am a reasonably good guesser. My take is that Spybot, ClamAV and ClamWin have updated their signature files with a (perhaps non-encrypted) signature of this script/trojan. Avast! now seems to be seeing this signature and warning of an infection.

Oddly, while my Avast! warning pop-up says my computer is infected with a trojan horse, the warning band at the bottom of the screen on start-up says that the file spotted has a “sample of JS:ScriptSH-inf[trj]”.