[jukofyork]

[ QUOTE ]
I certainly don't mean to imply anything bad by that, just that theres no way I could verify such... maybe Juk with his mad ASM skills could [img]/images/graemlins/smile.gif[/img]

[/ QUOTE ]
The sad thing is that it's almost impossible to be 100% sure for any reasonable size application. In theory it's possible to pack something away deep inside a segment and then have some code that unpacks and/or drops it based on a semi-random condition being met. It could take weeks/months/years on a decent sized executable just checking execution paths to make sure this doesn't happen (not that I think their is anything wrong with this app or that many would go to this much trouble to hide a Trojan...).

Blocking stuff from Internet access and using something like ProcessGuard (or a DLL injection blocking firewall) is probably your best line of defence, although some virus scanner may be able to pick up on potential new threads by using a heuristic scoring system (this tends to work better for new [or polymorphic] viruses though, as they have a more well defined set of functional blocks that must be implemented for each and every virus).

Juk [img]/images/graemlins/smile.gif[/img]