I may be off base here but if the Scheduled Scan detected the threat and the On-Access scan did not, it should mean that the C2.class was never accessed / executed.
What happens if you right-click on the file and ask VSE to scan it?
Also, try opening the file with Notepad++ and saving it again, that should kick off the On-Access Scanner alert.
When was the file created? Was it before th deployment of DAT 6671?
It is strange behaviour but trying some of these may give you a clue to why it managed to evade detection.