Re: err...
If it's something with admin rights then the only way to protect against it is to have an off-line backup that it can't touch.
Perhaps with the large disks available now, we need to go back to the VMS approach of versioning files, so that if I change a file, it keeps a copy of the previous one until I explicitly purge it. If that's built in to the file system then it makes it harder for someone to scramble all the files because it would only create new copies, the old ones would still be there. Provided there are several hoops to jump through to do the purge, it would be hard for the trojan to remove old copies.
As a side benefit, you could have an external audit device attached to which the filesystem would write a log entry time it changed a file so you'd be able to track back and see what changed. Being a write-only device from the perspective of the main system, and not being attached to the network in any other way, it would be helpful in forensic analysis if something bad did turn up. Obviously it can be defeated if a trojan can disturb the filesystem drivers, but even then there's a good chance that it would have to do that by overwriting the driver file on disk (which would create a record) and then forcing the system to reload it.
I guess it comes down to how paranoid you are, what performance penalty you'll accept (AV scanners do load Windows machines quite a bit) and how much you're prepared to pay for a bit more security.