I started having a problem yesterday where if I have Thunderbird open, I continue to get numerous 'Threat Found' notifications from Windows Defender regarding 2 Trojan viruses. * Trojan:Script/Wacatac.B!ml * TrojanDownloader:Win32/Nemucod!ml Below I've included the file paths for 'Affected Files'. If I uninstall Thunderbird completely, run the virus scans / clean laptop and then re-install Thunderbird, will that help the situation? What about my actual email service? I've already changed my password but I don't how these files arrived (I don't know from which email) and so looking at header for IP to block isn't a useful setup (yet). Given the file paths (see below), are these coming in via email and how do I stop it if I don't know which emails they are coming in on, specifically the part1788:Package.zip files. Here's what I've noticed: 1. Once I close Thunderbird and finish running removal and scans with Windows defenders, the Threat notifications stop. As soon as I open Thunderbird, the notifications start up again. 2. Yesterday, emails I sent late in the day had attachments such as part2.YaqiOQSc.bq3wtLf4 . Does this mean that I am now passing on infected files?! See uploaded image for an example of these attachments. Help please!! ************ Affected items: file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part5063:Your-Generated-Divi-child-theme-template-by-DiviCake.zip) file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part8412:cf7-lasso-v1.2.zip) file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part1788:Package.zip) file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part1793:FP.zip)