I've talked about this nasty bit of spyware before. But just as an example of how aggressive it can be, I just came across a case where someone got the warning on a thin client.
A thin client is a very stripped down and locked down computer. The only thing it has is an operating system, a web browser, and a link to Citrix to access some software. It also doesn't use administrator rights. It's about as likely to get a virus as a pocket calculator.
Someone here got the XP Antivirus warning that they were badly infected. Of course, it couldn't happen; you have to jump through a lot of very complicated hoops to change software on a thin client. But the spyware insisted the computer was infected and kept sending popups and warning when you tried to leave the page.
They even recurred when the user logged off.
After a shutdown, they were gone. Evidently there was something that remained in memory even if you were logged off, but when a shutdown cleared the memory, it fixed it.
Just one more example of how nasty this spyware is.