I was surfing when suddenly OAhelp.exe popped up asking for permission for a connection. Being a trusted source (folder location same), I gave it permission. After sometime Avira popped up with the message that oahlp.exe was affected by malware. From its report file: Scan process 'OAhlp.exe' - '1' Module(s) have been scanned Module is infected -> <C:\Program Files\Tall Emu\Online Armor\oahlp.exe> [DETECTION] Contains recognition pattern of the WORM/IrcBot.3075576 worm Immediately I scanned it with MBAM on-demand. It did not find anything. Now I am wondering is it a Avira False Positive? But oahlp.exe did ask for connection which is unusual. Did anyone else using Avira and Online Armor face this? How will I know if Online Armor is really affected? EDIT: This happened just after I updated Avira today. I use Avira Premium Security Suite without the firewall. Thanks.