Same file, different scan result, how come?

A same file was being downloaded.
AVAST caught it and named it as Win32:Bifrose-AJ[Trj]

But,
if I disable the real-time shield, finish the download and manually scan the file, it is detected as
Win32:PePatch-BL[Trj] AND Win32:Graybird-BD[Trj].

How can one file be named differently. If the manual scan result can be explained as there is more than a threat embedded in that file, why is it detected by Web Shield as Win32:Bifrose-AJ[Trj]?

Thank you very much

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see

alternative
Jotti http://virusscan.jotti.org/en
VirSCAN http://virscan.org/

The Web Shield might have detected it during the download with the stream-scan (i.e. based on a partial file only), while the manual scan had the complete file to work with.

When there are multiple detections inside of one object (and I won’t try to define what an object exactly means, that would be rather complex - but at least one of your two detection has been inside of an unpacked archive), only one of the detections is shown, chosen by some rules… so it’s not so surprising that WebShield shows a different detection than the manual scan (for a file that’s detected with multiple signatures).

Thank you very much