My recommendation for trojan scanners is...fport.exe for NT/2K, 'netstat -ano' for XP.
Why do I say that? Recently, for a class, I installed netcat on 2K systems, but renamed the file 'inetinfo.exe' and launched it listening to port 80. A/V software doesn't pick it up. Using what most admins already know (ie, maybe 'netstat', maybe TaskManager), no one found the trojan...no one bothered to confirm that IIS was installed or even checked the running services... __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/
