it just depends usually. FOr instance if you downloading a windows movie file which would have and extension of .wmv they could replace the file with a virus name it a song like Garth Brooks.vb.wmv (I think thats how that works.) and then its a visual basic script file but looks like a windows movie file.

Now if you downloading a zip file that has several things in it they could hide the virus inside any of the folders. They could also have a script set up to where the first time you ran the program the virus would run.

As far as teh ISO's I'm not sure. They might be able to.

Yeah Mcaffe is a good virus scanner. I use Norton, some people use AVG, PC Cillin. It just depends on what you like.