Some of the more sophisticated viruses I have seen will delete the entire antivirus application, and replace it with icons and user interface elements written into the virus. I think an experimental MyDoom variant did this. These are mostly proof of concept viruses. The other thing I see happening is that the virus will place a script in the root (rootkit) that monitors known antivirus definition files, and replace them with a blank file. Each time the antivirus program downloads an update, the virus simply replaces the definitions with an empty or partial file, set up so the antivirus software can't tell the difference. This is a lot more common, and is usually used by viruses that are trying to turn your computer into a zombie for spam, needing to avoid detection as long as possible.

__________________
The best way to learn anything, is to question everything.