This is strange. This morning, Defender started its usual scan at 10.00.29
am, and stopped at 10.03.21. Moments later, my AVG Security suite's Resident
Shield leapt into action and declared it had found a virus - ciadoor.13 - in
mirc.exe (which is now held in the virus vault while I decide what to do).

This seems odd. I haven't actually used MIRC for over a year (indeed it
wasn't really worth installing it). During that time, mirc.exe has been
scanned hundreds of times by a whole range of scanners, both online and
on-board, and has come up clean.

So here are my questions:
1. The timing coincidence seems suspicious. Is there any way that the ending
of Defender's automatic scan could have triggered a false positive in the AVG
resident shield?
2. Just to be safe, I'd like to submit this mirc.exe file to one of those
multiple scan online tests, but I presume I need to I release it from the
virus vault in order to do so? Any advice would be appreciated.

Hi Alan,

My guess would be that the WinDefend scan touched the files, which AVG then
probably scanned on WD's open, which resulted in the detection. I've seen
this pretty frequently - an OnAccess scanner that doesn't know about an
OnDemand scanner can do such things.

WinDefend actually does a bunch of "consolidation" of repeated detections
that AV scanners tend to cause.

Regards,
Joe

"Alan D" <(E-Mail Removed)> wrote in message
news:358D535D-AF66-4364-8BC8-(E-Mail Removed)...
> This is strange. This morning, Defender started its usual scan at 10.00.29
> am, and stopped at 10.03.21. Moments later, my AVG Security suite's
> Resident
> Shield leapt into action and declared it had found a virus - ciadoor.13 -
> in
> mirc.exe (which is now held in the virus vault while I decide what to do).
>
> This seems odd. I haven't actually used MIRC for over a year (indeed it
> wasn't really worth installing it). During that time, mirc.exe has been
> scanned hundreds of times by a whole range of scanners, both online and
> on-board, and has come up clean.
>
> So here are my questions:
> 1. The timing coincidence seems suspicious. Is there any way that the
> ending
> of Defender's automatic scan could have triggered a false positive in the
> AVG
> resident shield?
> 2. Just to be safe, I'd like to submit this mirc.exe file to one of those
> multiple scan online tests, but I presume I need to I release it from the
> virus vault in order to do so? Any advice would be appreciated.

"Joe Faulhaber[MSFT]" wrote:

> My guess would be that the WinDefend scan touched the files, which AVG then
> probably scanned on WD's open, which resulted in the detection. I've seen
> this pretty frequently - an OnAccess scanner that doesn't know about an
> OnDemand scanner can do such things.
>
> WinDefend actually does a bunch of "consolidation" of repeated detections
> that AV scanners tend to cause.

Thanks for this Joe. Actually the issue is resolved completely now, and the
full story can be read over in 'General', in the 'ciadoor.13' thread (useful
reading if you have difficulty sleeping I should think!)