Article from http://www.gfi.com/mailsecurity/wptrojans.htm. Good article, but keep in mind the sponsor sells the "solution"....

Excerpt....

Anti-virus software recognizes only a portion of all known Trojans and does not recognize unknown Trojans....

If the person planning to attack you finds out what anti-virus software you use, for example through the automatic disclaimer added to outgoing emails by some anti-virus engines, he will then create a Trojan specifically to bypass your virus scanner engine....

To effectively protect your network against Trojans, you must follow a multi-level security strategy:

- implement gateway virus scanning and content checking at the perimeter of your network for email, HTTP and FTP - It is no good having email anti-virus protection, if a user can download a Trojan from a website and infect your network.

- implement multiple virus engines at the gateway - Although a good virus engine usually detects all known viruses, it is a fact that multiple virus engines jointly recognize many more known Trojans than a single engine.

- quarantine/check executables entering your network via email and web/FTP at the gateway. You have to analyze what the executable might do....

Thats all very well (joining multiple antivirus engines), if you think you can pull it off.. What i have experienced is that one antiviruse sees anothers virus definitions as a virus, it also sees every file on your system "infected" beacause it may have been "marked" as you may find out moving from zonealarm to mcaffee. You ask it to clean all the files and it TOTALLY screws up your system, and thats problem number one.

Number two is many more ports can be opened etc and the current firewalls i've seen most networks running haven't support for ipv6. This could also lead to more holes as it is trying to read 9AkjNk::8787da::khdkjh::73879837 As a ipv4. This MAY cause a buffer overflow (i doubt it) or confuse the filtering system....

Number three is no matter how many virus definitions there are they can be so easilly edited, if you have a root kit on a shelll, you could set a crond service with the kernel name or something else, and have it every 5 hours run a background process to change the file size (root kit) by adding or removing white spaces (zeros) and rename it? Thing is, when all the antivirus stop all the viruses, which wont happen i hope, there will be nothing left.. But i think computers are only limited by their spec, not by imagination.

Use a trojan scanner get TDS-3

http://tds.diamondcs.com.au

And Port Explorer while there ! shows ports in use and maps them to processes, and shows them in red if they are running "hidden"

the method on win i use for every trojan is....
0)install an anti-virus(also update it)and a well knowed firewall
1)netstat throw command for the connectios.if i see something suspicious i proceed to the second step
2)alt_ctrl_del for listing the running proccesses.if you know your system very good you will found out what is the suspicious file
3)find it and delete it after killing it from the proccesses
4)open registry and find the startup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion <- the usual way a trojan can make itself bootable.find and delete the suspicous keys from the folders run,runonce etch..
5)the steps 1-4 are my method of removing any trojan....even tha undetectable.
6)if you want to be more insane install a keylogger and take a look at the logs..mabe you will found out that someone is using your computer!

usefull info....

10x m8s !

Dillinja well that's the method i use for common trojans.....not for well hide trojans(don't figure out that yet).anyway http://www.hackingdynasty.com/ is very good!they have some excellent manuals

You cant see all trojans in proces bar !You even cant find the infected file becouse it isnt shown in your computer lol!Once i was exsperimenting with the my friends exsperimental file when i run it ,it has bypased firewall ,proces box ,and i was looking for it i dindnt find it anywhere (I know the name of it)......
NEW TROJANS ARE COMING,NEW TEHNOLOGIES(LAN BYPAS,ROOTKIT,AKA)

CHECK this trojan out you wont belive!
I will send you a private mesage ,becouse i dont want to make it dedected.....


bye

I have a habit which i would like to share with u all.

I INFECT MYSELF FOR FUN

Heres a link on an Anti-Trojan Review. You may find the information interesting.



Anti-trojan Software

Well the latest best protection is here

Stop ALL current and probably future DLL trojans and Rootkits, as well as more. Stop termination of AV / FW and modification of those processes (like patching them to not alarm on anything)

Process Guard, www.diamondcs.com.au/processguard

Infect yourself for fun while you play with this well you can TRY

so how do many of you get infected by trojans (game trainers, files of this forum, etc), my simple solution is to run suspect files in good ol vmware to see what they do

although saying that theres no harm in a bit more protection

VMWare is just the perfect solution pity its not free
most trojans dont know they are in VMWare the only danger then is something that does know and pretends to be a nice program Even the mighty KAV misses some packed DLL trojans do a google about it

Trojans become hard to detected
packers
hex edit
and u culde be infcted with atrojan in a web pages .html .php or .ram .swf
cheers

What I find interesting is the push of the dialers to the user via the web browser. Pretty smooth.

Yeah.. best thing to protect yourself from trojans is good firewall rules + PestPatrol (PestPatrol rated 10/10 on Anti-Trojan.org software reviews).By the way don't forget to update Pestpatrol database with new trojans signatures, otherwise that software will be worhtless.
I'm using this combination for more than a year... didn't have any problems.