A few days ago I had a false positive Alert re Rat.Haxdoor. After spending many hours googling to find more information, scanning etc, I was relieved to hear back that it was just a false alarm. As it was only one file, the last modified date a long time ago and none of the other AT raised any issues, I had been pretty relaxed. Today, I downloaded the latest radius definitions and redid a scan in safe mode. Everything was clean, no alert re rat.haxdoor anymore nor anything else. I had decided to purchase TDS-3 to be able to use automatic update and real-time protection but wanted to read up on wormguard and some of the other programs also offered by TDS (package deal). I went to the forum to search for more information and was going to ask some specific questions re CPU usage etc when I stumbled upon another thread re scanning of an individual file. As I wanted to try this ( in order to understand more about the working of TDS-3) I started the scan (working in normal (ie not safe Mode) and was shocked when all of sudden I was flooded with alerts. Mind you, this was just a few minutes after having done a full scan in safe mode with no alerts at all. Here is just a selection of the alerts: - worm plea - worm duster - worm bizex - rat.phoenix II - Rat.Glacier - Rat.Sweetheart - Binded.Hir - worm fourseman - Rat Cold.fusion - worm.roach - worm-alal and more. This time they all are in windows/temp\... with the exception of two files that are in windows/system32.\dllcache\ The actual filenames do not sound harmless anymore (like with rat.haxdoor) but I am now looking at something like temp\great virus creation.kit.exe or temp/blabla.vbs. By the way I wrote down all these 33 entries by hand as I could not find any log for this. I am sure there must be log of alerts that can be copied/printed/forwarded? The only log I found is the general log that does not show the alerts. I switched back into safe mode to redo the full scan and the result: no alert whatsoever I am also unable to find any of these suspicious files on my PC though how the program was able to upload these to submit@tds (which I did) if I can't find them with explorer searching for all files incl. hidden files is another mystery to me. Also, looking at some of these threats, they seem to be pretty old and should be covered by NOD32. Finally, having now done a full scan with Trojanhunter showing absolutely nothing, I wonder even more. Even assuming TDS-3 is the better product, surely Trojanhunter should pick up some of the more than 30 alerts? Can someone please tell me what is going on? Where do these worms/trojans come from and why did they not show up in the safe mode scan just before? I am using Opera/ Firefox as browser, do not open strange attachments, do not visit "bad" sites, run a firewall. Btw, the pc is networked - is it possible that the infections come via the network if there are indeed there - I am so frustrated.