Hi! I've been looking over a lot of threads in this forum, and they have been very helpful--this seems like a terrific forum! I recently had a scary brush with some trojans and would greatly appreciate any help that y'all could provide. Yesterday, I accidentally opened a malicious .exe file--which spawned at least two trojans that my antivirus (Avira AntiVir) notified me about. Regrettably, by accident, I clicked "Allow" (see below)--thinking I was allowing my antivirus take care of them, when instead I was allowing the trojans access to my computer... Virus or unwanted program 'TR/Downloader.Gen [trojan]' detected in file 'C:\Windows\SysWOW64\eventcrreate.exe. Action performed: Allow access Date/Time: 4/4/2010, 7:56:16 PM Virus or unwanted program 'TR/Downloader.Gen [trojan]' detected in file 'C:\Windows\SysWOW64\rdrleakkdiag.exe. Action performed: Allow access Date/Time: 4/4/2010, 7:56:16 PM I caught my mistake, though, and immediately had Avira run a scan, which re-detected them, however, Avira ran into problems trying to quarantine them: The file 'C:\Windows\SysWOW64\rdrleakkdiag.exe' contained a virus or unwanted program 'TR/Downloader.Gen' [trojan] Action(s) taken: An error has occurred and the file was not deleted. ErrorID: 26003. The file could not be deleted! Attempting to perform action using the ARK library. The file could not be copied to quarantine! The driver could not be initialized. The file could not be selected for deletion after the restart. Possible cause: Access is denied. Date/Time: 4/4/2010, 7:57:07 PM The file 'C:\Windows\SysWOW64\eventcrreate.exe' contained a virus or unwanted program 'TR/Downloader.Gen' [trojan] Action(s) taken: An error has occurred and the file was not deleted. ErrorID: 26003. The file could not be deleted! Attempting to perform action using the ARK library. Access to the rootkit scan was denied. The file could not be selected for deletion after the restart. Possible cause: Access is denied. Date/Time: 4/4/2010, 7:57:07 PM After finishing the scan with these two error messages indicating that the file could not be selected for deletion after restarting, Avira (still?) gave me a message about needing to restart to quarantine the trojans. So, I clicked "Yes" to restart, and after that, I restarted again into Safe Mode and ran a full system scan with Avira, which came up with nothing: Scan ended [The scan has been done completely.]. Number of files: 782724 Number of folders: 32307 Number of malware: 0 Number of errors: 0 Date/Time: 4/4/2010, 9:41:43 PM Wondering what happened to the two trojans, I looked in Avira's quarrintine, and -what do you know- there they were! A couple hours later, at 11:24:20 PM, I also completed a scan using Spybot - Search & Destroy, which detected a Fraud.Sysguard malware in my registry (this is the first time in a long time that Spybot has detected anything other than tracking cookies, so I'm thinking that this is connected in some way?). Since then, I've run another full scan using Avira AntiVir, run more Spybot scans, installed COMODO Firewall, run a Windows Defender scan, and a Hitman Pro scan... They haven't turned up anything. So, anyways, this is the first time a trojan has gotten this far on my poor new computer, and I'm feeling kinda paranoid--my question is: am I safe now? Why did Avira say it could not delete the file after restart, and then still told me to restart to remove them, and then the two trojans magically appeared in quarantine--is that fishy? Secondly, if the trojans are safely quarantined now, for the period of time that they were allowed access in my computer, should I worry about changing the passwords I have saved in Firefox for various websites (like my e-mail, ebay, amazon), etc.?