Hi All, I have discovered a new variant this AM of Win32/TrojanDownloader.Agent.AWF trojan. The virus infects exe's including nod32kui.exe which in turn becomes disabled. The administrative alerts are still sent, but no local warnings are given. The files become hideen and are not visible from command line or win explorer. Ineterestingly they can be copied via the command line, but it is still not possible to view them and they can not be archived either. I was forced to copy the files via a mapped drive to a Linux samba share ans zip them from the shell. Rootkit cloaking is not evedent using rootkit revealer. Anyone else seen this yet?