Norton AV detected it upon download as:

In reference to securityresponse.symantec.com/security_response/writeup.jsp?docid=2...:

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec�s community of users and therefore are likely to be security risks.

I killed the SS32.exe process then updated Malwarebytes and run a scan, it found the threat > in User APPDATA>Roaming folder I deleted all traces of the SS32
Files Detected: 1
C:\Users\Emer\Documents\Downloads\Document_948357853____.exe (Trojan.Downloader.VM) -> Quarantined and deleted successfully.
Did as you advised downloaded Vipre Rescue Scanner and run it.
Turned on the UAC and all seems ok except that the malware has deleted all my restore points!

I do use Malwarebytes on a regular basis. I updated the definitions and yes it did find the offending malware.
Files Detected: 1
C:\Users\Emer\Documents\Downloads\Document_948357853____.exe (Trojan.Downloader.VM)[/b[/u]] -> Quarantined and deleted successfully.

If you want a thorough scan for rootkits and malware, go to forums.majorgeeks.com and see the Malware Removal subforum

Think you're gonna have to live with your deleted restore points, or should that be live without restore points?

I've done all as you advised plus run as many antivirus and malware applications as I could find, to make sure the pc is clean of ss32.exe turned UAC to max protection and then I created a restore point.

Thanks a million for your help.

I received an email from a trusted friend with an attachment for a picture of a document asking me to help �I cannot see or download this, help please�.

I suggest that you recommend to your friend, they change their email password.

May not be the case. Ive had emails from "friends" with their name in the subject and a dodgy link .Clearly wasnt them but at the same time we are only friends on Facebook, dont have each others email addresses.

From reading around, its a common thing with Facebook, especially as friends lists and email addresses are often not made private

In reply to a post by ggremlin:

I received an email from a trusted friend with an attachment for a picture of a document asking me to help �I cannot see or download this, help please�.

I suggest that you recommend to your friend, they change their email password.

I did ask my friend if he had personally sent me the email, which he confirmed, as I wanted to establish if his email or other social account had been hacked.

I have changed my passwords as a precaution, which I do now and again and have told him to do likewise.

In reply to a post by scopio:

I did ask my friend if he had personally sent me the email, which he confirmed

Why did he send you a virus? He could have clicked on it just as well as you and infected his PC instead of yours.