Tonight I made the mistake of downloading an infected file. Shortly after running it I got a popup message saying my file would be encrypted, and I think it gave me the option of taking action (i.e. paying to decrypt my files) then or else I would be notified about it when I restarted Windows. Anyway, so far I have run scans with 360 Internet Security, MBAM and Hitman Pro, and TDSSKiller - all of which did not detect the Trojan. Currently I am running scans with both Avast and Baidu PC Faster in the hope of finding it. I know that it is active in my system as the hard drive light is constantly showing activity, which is not normal. I have checked the run and runonce sections of the registry and found nothing unusual. It is quite possible that the Trojan is running as iexplore.exe as I don't have IE running and whenever I kill the process it returns. However it is running from the usual IE install location, but interestingly What's My Computer Doing? shows the process name in all uppercase letters (task manager doesn't) In case Avast finds nothing, has anyone got any suggestions on what else to try? I scanned the infected download with VirusTotal (after my system became infected) and it was only detected by Trend Micro, and then just as a generic Trojan, so I don't have any specific name for it to use to search for removal instructions or AVs which detect it. I do realise that restoring from a clean image is the best option here. But, while I do have one, it is not recent. Doing a clean install is quite simply never an option for me. The only time I ever do a clean install is in cases of extreme corruption to Windows which is not possible to fix, and I don't have a backup.