OK, this one’s really got me stumped (not to mention worried).
About three weeks ago, I installed the new Microsoft OneCare beta (combo antivirus/firewall suite that MS is planning to sell next year). At the same time, I disabled avast!. Everything was OK with OneCare - virus scans appeared to run fine, with no virus alerts.
Today, I decided to re-enable avast! in order to run a scan - just to see that its findings were consistent with Microsoft’s. Instead, avast! found signatures for three viruses resident in memory that have never showed up before:
Bleah-D
win32:Bolzano-5396
win32:Gremo
avast! cannot clean, move, rename or quarantine any of these viruses (just the following error: “The filename, directory name, or volume label syntax is incorrect”). Actually, during a regular scan (using the GUI), the only option that is provided when the alert pops up for all three of these viruses is to run a boot-time scan - no Clean, Move, Quarantine buttons at all.
After the scan is complete, there are no viruses reported in any of the files on my computer, just those three resident in my memory. [I’ve set avast! to scan all files and all compressed types as well.]
So, I do a boot-time scan (all files, all drives, all compressed files) and avast! tells me there are no viruses found anywhere on my hard drive.
I looked up the three viruses on Google and, while one of them is a Master Boot Record attacker, all three are said to work by infecting executable files on the hard drive.
So, my question is: How can my memory be infected yet not one single file on my hard drive? And, if these kinds of viruses are supposed to be infecting all sorts of files on my system, why haven’t they (or why aren’t they showing up)?
There has to be some file, being run by a program I’ve installed since disabling avast! three weeks ago, that is being loaded in memory and causing these alerts! (I have installed four or five new programs since then, including Microsoft OneCare - but have no reason to suspect OneCare except it’s the only one of them that I can think of having any reason to run in memory at startup).
Are these all false positives (being caused by one program, one would suppose)? Or has some really insidious invasion occurred on my computer that is hiding itself from avast! even when it does a boot-time scan (when no files are inaccessible to it)?
Anyone have any ideas?
Thanks.