RC> jk> maybe the antivirus software did not find all the infected files
RC> jk> and then it would be safer to format the hard drive instead of
RC> jk> risking that you might get the virus back.
RC>
RC> That's not how AV software works.  If it finds an infection, it will
RC> either clean the file (which may leave it non executable) or tell you
RC> that it can't clean the file and suggest you delete it.
Yes but that was not my point, it was that if the scanner had not found all 
the infected files after an infection, it would be safer to format or at 
least kill all files.
RC> If you subscribe to this last point you raised, then I would suggest
RC> you should format and re-install all your software every time you use
RC> your computer - just in case your scanner missed a virus.
Only if I get an infection, It's better to kill all your executable files, 
just in case, instead of taking a risk.
... nfx v2.9 [C0000]
--- BBBS/D v3.33 How-C
RC> JK> Answer ONE:
RC> JK> You asked "Will it?"
RC> JK> And I answers, Yes it will.
RC>
RC> Incomplete.  You stated "with a virus in memory".  A virus in the
RC> disk read buffer will _not_ infect the system because the contents of
RC> the disk read buffer are not executed.
Well, when a virus is in memory it is not in the disk buffer.
RC> JK> And I answers, Because when the VIRUS is active in memory
RC> JK> it checks all the files that gets executed or accessed, and
RC> JK> if the virus finds a file it want to infect it will infect
RC> JK> it.
RC>
RC> You have changed your position.  You now are stating "the virus is
RC> _active_ in memory".  Your original post said only "in memory".  The
RC> key element here is "active" - and the fact that you didn't mention
RC> that point is _why_ I asked "where in memory" and "what causes the IP
RC> to point to those addresses".
Have YOU ever heard of a virus that just is in memory without doing ANYTHING. 
I have never.
RC> Which doesn't answer the question.  The answer, of course, is because
RC> the virus is _active_ in memory, by definition, the IP will point to
RC> and execute the virus instructions.  The point of that question was
RC> to lead you to the point of saying or appreciating that the virus
RC> must be "active" - meaning that the CPU will, at some point, execute
RC> the virus instructions, and simply being "in memory" wasn't enough.
Yes but of course I know that the virus must be active in memory.
... nfx v2.9 [C0000]
--- BBBS/D v3.33 How-C
---------------