When you start the system, the trojan server loads on the RAM. Antivirus doesn't do much to take care of trojans, it's made for the virii. However, it does detect some well known trojans in the wild. Therefore, updating and running the scan is nothing more than really pretending that you are safe; nevertheless, it's better than having no security at all. Just a couple of quick suggestions to you: - run netstat on the command prompt, and see what all ports are opened. Close all the suspicious ports, coz' you'd hardly need any of them to be opened -- even 80, which is http.. as long as you're not running an Apache or any other web server on your machine. -check the startup program files under c:\windows\documents and settings\all users\startup files and kill(delete) the executable files that are new to the system. If you need further assistance on it, email me or add your questions on this thread. Here are the vulnerable ports that are prone to trojan attacks.... LOCK 'EM UP::::: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ port 2 Death port 20 Senna Spy FTP server port 21 Back Construction, Blade Runner, Doly Trojan, Fore, Invisible FTP, Juggernaut 42 , Larva, MotIv FTP, Net Administrator, Senna Spy FTP server, Traitor 21, WebEx, WinCrash port 22 Shaft port 23 Fire HacKer, Tiny Telnet Server - TTS, Truva Atl port 25 Ajan, Antigen, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy port 31 Agent 31, Hackers Paradise, Masters Paradise port 41 Deep Throat, Foreplay or Reduced Foreplay port 48 DRAT port 50 DRAT port 59 DMSetup port 79 CDK, Firehotcker port 80 AckCmd, Back End, CGI Backdoor, Executor, Hooker, RingZero port 81 RemoConChubo port 99 Hidden Port port 110 ProMail trojan port 113 Identd Invisible Deamon, Kazimas port 119 Happy99 port 121 JammerKillah port 123 Net Controller port 133 Farnaz port 142 NetTaxi port 146 Infector port 146 (UDP) - Infector port 170 A-trojan port 180 (TCP/UDP)amanda port 334 Backage port 420 Breach port 421 TCP Wrappers trojan port 456 Hackers Paradise port 513 Grlogin port 514 RPC Backdoor port 531 Rasmin port 555 Ini-Killer , Net Administrator, Phase Zero, Phase-0, Stealth Spy port 559 (TCP/UDP)teedtap port 605 Secret Service port 666 Attack FTP, Back Construction, Cain & Abel, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre port 667 SniperNet port 669 DP trojan port 692 GayOL port 777 AimSpy, Undetected port 808 WinHole port 911 Dark Shadow port 999 Deep Throat, Foreplay or Reduced Foreplay, WinSatan port 1000 Der Späher / Der Spaeher port 1001 Der Späher / Der Spaeher, Le Guardien, Silencer, WebEx port 1010 Doly Trojan port 1011 Doly Trojan port 1012 Doly Trojan port 1015 Doly Trojan port 1016 Doly Trojan port 1020 Vampire port 1024 NetSpy port 1026 nterm port 1042 BLA trojan port 1045 Rasmin port 1049 /sbin/initd port 1050 MiniCommand port 1054 AckCmd port 1080 WinHole port 1081 WinHole port 1082 WinHole port 1083 WinHole port 1090 Xtreme port 1095 Remote Administration Tool - RAT port 1097 Remote Administration Tool - RAT port 1098 Remote Administration Tool - RAT port 1099 Blood Fest Evolution, Remote Administration Tool - RAT port 1170 Psyber Stream Server - PSS, Streaming Audio Server, Voice port 1200 (UDP) - NoBackO port 1201 (UDP) - NoBackO port 1207 SoftWAR port 1212 Kaos port 1234 Ultors Trojan port 1243 BackDoor-G, SubSeven , SubSeven Apocalypse, Tiles port 1245 VooDoo Doll port 1255 Scarab port 1256 Project nEXT port 1269 Matrix port 1313 NETrojan port 1338 Millenium Worm port 1349 Bo dll port 1434 (UDP) MS-SQL port 1492 FTP99CMP port 1524 Trinoo port 1600 Shivka-Burka port 1777 Scarab port 1807 SpySender port 1966 Fake FTP port 1969 OpC BO port 1981 Bowl, Shockrave port 1999 Back Door, TransScout port 2000 Der Späher / Der Spaeher, Insane Network port 2001 Der Späher / Der Spaeher, Trojan Cow port 2023 Ripper Pro port 2080 WinHole port 2115 Bugs port 2140 The Invasor port 2140 (UDP) - Deep Throat, Foreplay or Reduced Foreplay port 2155 Illusion Mailer port 2234 (TCP/UDP)directplay port 2255 Nirvana port 2283 Hvl RAT port 2300 Xplorer port 2339 Voice Spy - OBS!!! namnen har bytt plats port 2339 (UDP) - Voice Spy - OBS!!! namnen har bytt plats port 2345 Doly Trojan port 2565 Striker trojan port 2583 WinCrash port 2600 Digital RootBeer port 2716 The Prayer port 2773 SubSeven , SubSeven 2.1 Gold port 2801 Phineas Phucker port 2989 (UDP) - Remote Administration Tool - RAT port 3000 Remote Shut port 3024 WinCrash port 3127 mydoom port 3128 Squid Proxy port 3129 Masters Paradise port 3150 The Invasor port 3150 (UDP) - Deep Throat, Foreplay or Reduced Foreplay port 3456 Terror trojan port 3459 Eclipse 2000, Sanctuary port 3700 Portal of Doom - POD port 3791 Total Solar Eclypse port 3801 Total Solar Eclypse port 4000 Skydance port 4092 WinCrash port 4242 Virtual Hacking Machine - VHM port 4321 BoBo port 4444 Prosiak, Swift Remote port 4567 File Nail port 4590 ICQ Trojan port 4950 ICQ Trogen (Lm) port 5000 Back Door Setup, Blazer5, Bubbel, ICKiller, Sockets des Troie port 5001 Back Door Setup, Sockets des Troie port 5002 cd00r, Shaft port 5010 Solo port 5011 One of the Last Trojans - OOTLT, One of the Last Trojans - OOTLT, modified port 5025 WM Remote KeyLogger port 5031 Net Metropolitan port 5032 Net Metropolitan port 5321 Firehotcker port 5343 wCrat - WC Remote Administration Tool port 5400 Back Construction, Blade Runner port 5401 Back Construction, Blade Runner port 5402 Back Construction, Blade Runner port 5512 Illusion Mailer port 5550 Xtcp port 5555 ServeMe port 5556 BO Facil port 5557 BO Facil port 5569 Robo-Hack port 5637 PC Crasher port 5638 PC Crasher port 5742 WinCrash port 5760 Portmap Remote Root Linux Exploit port 5882 (UDP) - Y3K RAT port 5888 Y3K RAT port 6000 The Thing port 6006 Bad Blood port 6272 Secret Service port 6346 (TCP/UDP)BearShare port 6400 The Thing port 6666 Dark Connection Inside, NetBus worm port 6667 ScheduleAgent, Trinity, WinSatan port 6669 Host Control, Vampire port 6670 BackWeb Server, Deep Throat, Foreplay or Reduced Foreplay, WinNuke eXtreame port 6711 BackDoor-G, SubSeven , VP Killer port 6712 Funny trojan, SubSeven port 6713 SubSeven port 6723 Mstream port 6771 Deep Throat, Foreplay or Reduced Foreplay port 6776 2000 Cracks, BackDoor-G, SubSeven , VP Killer port 6838 (UDP) - Mstream port 6883 Delta Source DarkStar (??) port 6912 Shit Heep port 6939 Indoctrination port 6969 GateCrasher, IRC 3, Net Controller, Priority port 6970 GateCrasher port 7000 Exploit Translation Server, Kazimas, Remote Grab, SubSeven 2.1 Gold port 7001 Freak88 port 7215 SubSeven , SubSeven 2.1 Gold port 7300 NetMonitor port 7301 NetMonitor port 7306 NetMonitor port 7307 NetMonitor port 7308 NetMonitor port 7424 Host Control port 7424 (UDP) - Host Control port 7597 Qaz port 7777 Tini port 7789 Back Door Setup, ICKiller port 7983 Mstream port 8080 Brown Orifice , RemoConChubo, RingZero port 8787 Back Orifice 2000 port 8988 BacHack port 8989 Rcon, Recon, Xcon port 9000 Netministrator port 9325 (UDP) - Mstream port 9400 InCommand port 9872 Portal of Doom - POD port 9873 Portal of Doom - POD port 9874 Portal of Doom - POD port 9875 Portal of Doom - POD port 9876 Cyber Attacker, Rux port 9878 TransScout port 9989 Ini-Killer port 9999 The Prayer port 10067 (UDP) - Portal of Doom - POD port 10085 Syphillis port 10086 Syphillis port 10101 BrainSpy port 10167 (UDP) - Portal of Doom - POD port 10520 Acid Shivers port 10528 Host Control port 10607 Coma port 10666 (UDP) - Ambush port 11000 Senna Spy Trojan Generator port 11050 Host Control port 11051 Host Control port 11223 Progenic trojan, Secret Agent port 12076 Gjamer port 12223 Hack´99 KeyLogger port 12345 cron / crontab, Fat Bitch trojan, GabanBus, icmp_pipe.c, Mypic , NetBus , NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill port 12346 Fat Bitch trojan, GabanBus, NetBus , X-bill port 12349 BioNet port 12361 Whack-a-mole port 12362 Whack-a-mole port 12623 (UDP) - DUN Control port 12624 ButtMan port 12631 Whack Job port 12754 Mstream port 13000 Senna Spy Trojan Generator port 13010 Hacker Brasil - HBR port 14500 PC Invader port 15092 Host Control port 15104 Mstream port 15858 CDK port 16484 Mosucker port 16660 Stacheldraht port 16772 ICQ Revenge port 16969 Priority port 17166 Mosaic port 17300 Kuang2 the virus port 17449 Kid Terror port 17499 CrazzyNet port 17777 Nephron port 18753 (UDP) - Shaft port 19864 ICQ Revenge port 20000 Millenium port 20001 Millenium, Millenium (Lm) port 20002 AcidkoR port 20023 VP Killer port 20034 NetBus 2.0 Pro, NetRex, Whack Job port 20203 Chupacabra port 20331 BLA trojan port 20432 Shaft port 20433 (UDP) - Shaft port 21544 GirlFriend, Kid Terror port 21554 Exploiter, Kid Terror, Schwindler, Winsp00fer port 22222 Donald Dick, Prosiak port 23005 NetTrash port 23023 Logged port 23032 Amanda port 23432 Asylum port 23456 Evil FTP, Ugly FTP, Whack Job port 23476 Donald Dick port 23476 (UDP) - Donald Dick port 23477 Donald Dick port 26274 (UDP) - Delta Source port 26681 Voice Spy - OBS!!! namnen har bytt plats port 27374 Bad Blood, SubSeven , SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8 port 27444 (UDP) - Trinoo port 27573 SubSeven port 27665 Trinoo port 29104 NetTrojan port 29891 The Unexplained port 30001 ErrOr32 port 30003 Lamers Death port 30029 AOL trojan port 30100 NetSphere port 30101 NetSphere port 30102 NetSphere port 30103 NetSphere port 30103 (UDP) - NetSphere port 30133 NetSphere port 30303 Sockets des Troie port 30947 Intruse port 30999 Kuang2 port 31335 Trinoo port 31336 Bo Whack , Butt Funnel port 31337 Back Fire, Back Orifice (Lm), Back Orifice russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron / crontab, Freak88, icmp_pipe.c, Sockdmini port 31337 (UDP) - Back Orifice, Deep BO port 31338 Back Orifice, Butt Funnel, NetSpy (DK) port 31338 (UDP) - Deep BO port 31339 NetSpy (DK) port 31666 BOWhack port 31785 Hack´a´Tack port 31788 Hack´a´Tack port 31789 (UDP) - Hack´a´Tack port 31790 Hack´a´Tack port 31791 (UDP) - Hack´a´Tack port 31792 Hack´a´Tack port 32001 Donald Dick port 32100 Peanut Brittle, Project nEXT port 32418 Acid Battery port 33270 Trinity port 33333 Blakharaz, Prosiak port 33577 PsychWard port 33777 PsychWard port 33911 Spirit 2000, Spirit 2001 port 34324 Big Gluck, TN port 34444 Donald Dick port 34555 (UDP) - Trinoo (for Windows) port 35555 (UDP) - Trinoo (for Windows) port 37651 Yet Another Trojan - YAT port 40412 The Spy port 40421 Agent 40421, Masters Paradise port 40422 Masters Paradise port 40423 Masters Paradise port 40426 Masters Paradise port 41666 Remote Boot Tool - RBT, Remote Boot Tool - RBT port 44444 Prosiak port 47262 (UDP) - Delta Source port 50505 Sockets des Troie port 50766 Fore, Schwindler port 51966 Cafeini port 52317 Acid Battery 2000 port 53001 Remote Windows Shutdown - RWS port 54283 SubSeven , SubSeven 2.1 Gold port 54320 Back Orifice 2000 port 54321 Back Orifice 2000, School Bus port 57341 NetRaider port 58339 Butt Funnel port 60000 Deep Throat, Foreplay or Reduced Foreplay, Sockets des Troie port 60068 Xzip 6000068 port 60411 Connection port 61348 Bunker-Hill port 61466 TeleCommando port 61603 Bunker-Hill port 63485 Bunker-Hill port 64101 Taskman / Task Manager port 65000 Devil, Sockets des Troie, Stacheldraht port 65432 The Traitor (= th3tr41t0r) port 65432 (UDP) - The Traitor (= th3tr41t0r) port 65534 /sbin/initd port 65535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Once again, remember ... running a plain antivirus software's nothing but a prank, I work with the virii and trojans, and I come across with hundreds of the modified malicious codes of the renowned trojans that remain unidentified, simply by masking the first couple statements, and jumping the instruction pointer down to the malware before actually executing the correct code. Good Luck ~@~