No idea, personally - this is a relatively new field of development. (Aside: I wish we could just have one malware detector for everything - that actually worked - rather than virus checker, dedicated trojan checkers, rootkit detectors (subset of trojans), spyware checkers, browser hijack detectors, ad infinitum.) It would make sense to take this query over to Sysinternals' forum where you're more likely to find lots of people who have already played with this.