Bumping.@GGG, No, although some of us consider Windows to be a complex form of malware. Yes, most likely. It'll disappear after a while. It's common for applications to do this, Adobe Acrobat, GIMP, OpenOffice/Microsoft Office frequently do it as well for a variety of reasons. If the process is taking up a whole bunch of CPU, then that's weird alright (but probably still nothing to be concerned about, things like out of control looping or memory leaks are not rare in software, far more likely to be a bug than a virus). Logically most viruses try to evade detection for as long as possible to prolong the incubation process of copying themselves to everywhere else. LE malware on the other hand is probably aimed at deanonymization, in which case what you want to be looking for is peculiar connections that aren't authorized. This is not usually simple to detect though, malware authors do not usually make their handiwork obvious (and this is why an isolated environment like a VM is great to use as a sandbox to detect malware if you're a security person).--For everybody here is information from the Tor website itself: https://www.torproject.org/download/download-easy.html#warningQuoteDon't open documents downloaded through Tor while onlineThe Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.