It goes through all your runnning procceses (and their modules: DLLs) and scans them for a virus which can be active in memory - the virus can also inject itself into other process’ space.