Windows Bot/Trojan/Backdoor scanner

[Andrew Hecox <ahecox () uchicago edu>]

greetings!

... as the subject implies, I'm looking for something to scan for 
backdoor software on the Windows platform. For example, if a system has
been compromised by a worm such as msblast or bugbear which installs a
backdoor, I'd like to be able to scan the system to see if anyone has
taken advantage of *that* backdoor to install another piece of malicious
software like an IRC bot.

The primary complication is that software would only be used in situations
where it was scanning machines AFTER they had been infected some other
virus. No software (like tripwire, etc) can be installed before the
infection.

First question- obviously there is lots of software that will search for
trojans but is there any which will be cutting edge enough to catch the
vast majority of the latest and greatest remote control malware?

Second question- if so, is any of it substantially better the regular
antivirus software?

Finally- given the problem of trying to detect whether a random system
in the wild has faced additional compromises (in a cost-effective manner),
is there a better solution to the problem? The current *best* solution is
to re-format the system (better safe the sorry) but that situation may be
getting untenable given limited resources.

SwatIt came to mind but I don't have any meaningful evidence relating to
its effectiveness.

any ideas, comments, or suggestions are greatly appreciated.

-cheers!

-Andrew


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------