and prevent it from activating? A friend sent me a trojan in December for me to check and I would like to send this trojan to you so you can experiment with it. I am very curious if PG could have stopped this thing. I want to know more about it and what program(s) if any, may have prevented it. The trojan is called Edepol.b and some information on it can be found here... http://www.sophos.com/virusinfo/analyses/trojedepolb.html If PG could not have stopped it, what do you think could have? My friend was told he most likely got infected with it via browser injection. My friend found this in very early December 2005 and at the time it was not detectable by any AV in the world. He sent it to several AV companies and they confimed it was a new variant. He saw a file on his computer he felt was suspicious so he did a scan with several programs. He sent it to me to check as well and the only thing that detected it was Microsoft Antispyware. That Micrsoft Antispyware was the only program able to detect it surprised me. The file was also uploaded to the 2 sites that have multi engine scanners (jotti, etc. ) and not 1 AV program there detected it. I had it checked against all of the programs below on my end and like his results, only Microsoft Antispyware was able to detect it... Dr. Web antivirus Kaspersky antivirus FSecure Blacklight BETA * Microsoft antispyware Webroot SpySweeper Ewido eTrust PestPatrol Lavasoft Ad-aware Spybot Search and Destroy Spyware Doctor CWShredder UnHackMe I ran the trojan on a old Windows 98 computer that's not connected to the net. When you run the trojan it disappears and places files in the windows system folder. The main file, kernel32.exe, is the one that disappears. Then it creates dpnsvr32.exe, plugin1.dat and SysPr.prx from what I can see. It also makes a registry entry. Would you like this trojan for testing? I'm just curious as to what could have stopped it since it was undetectable to AV at the time. Let me know either way if you want it or not. Thank you. P.S. Here is what some AV companies told him... This program is for sure malware, but requires some advanced processing. It acts like a true malware (packed with an unknown protector, copies itself into system directory and registry, and deletes the original file then. Software based firewall, if any on the machine might not alert about the Trojan trying to connect to the Internet. This is because; the Trojan uses the Internet Explorer to connect to the Internet. Thank you for your email. The file kernel32.exe that you sent to us for analysis was a Trojan, Troj/Edepol-B. Thank you for submitting the file "kernel32.exe". The file is indeed malicious and should be deleted. Detection will be added for this file in the next database update. It is a variant of Trojan called Bifrose or Bifrost.