First off, try this for yourself and see if it works: set your system clock to the year 1980, and see if KAV resident protection is still active. If not, then good, because this problem is happening for me. I've forgotten most of my knowledge of DOS commands, but I do know that it's possible to write a batch file using the DATE command to change the system time. So here's the theoretical possibility: a piece of malware that includes such a batch file to kill the KAV on-access scanner, then drops its payload. Thoughts?