Recently my pc is infected with a Trojan call Beast. I managed to remove its autostart entry and deleted the Trojan files. I search the web for the Trojan and found the author website and downloaded the Trojan. Then I try to see if I can connect to my own computer. I looked at the help section and found something rather disturbing:

----------------------------------------------------------------------------------------------------------
As you might know from the previous versions, an important feature of the server is that is using the injecting technology. At the first run the server is injecting in the memory of winlogon.exe (on 9x systems in systray.exe). Afterwards, from winlogon.exe are performing injections in explorer.exe or other hosts, according with the options you chose when building the server. The main benefits of this type of running is that from winlogon.exe are monitoring the other injected applications and, by example, if the Internet Explorer is closed, from winlogon.exe will be started again and injected with the dll. If the server is injected in explorer.exe it won't be visible on any Task Manager, so that could be a good option. When the server is injected in Internet Explorer will be running under the System account on NT, will be visible in Task Manager, but in this way the firewalls could be more easily by-passed. And is not a big deal if it is visible in TaskMgr because in the case when the IE process is closed will be automatically run again Of course, the same running procedure will be performed when the injection occurred in explorer.exe. The server stability is almost 100%, the server can't be crashed by closing the client during a file transfer or other operations). Usually the server (dll) is residing in the windows/system directory. With Beast 2.06, if the victim is a restricted user (guest etc.) the server will be still running and will be located under <Documents and Settings> directory, for the server aren't needed the administrator privileges on NT (2k, XP), but the injection in winlogon.exe cannot take place and few tasks (Passwords Manager, Services Manager, Erase All etc.) cannot be performed.

Beast is pretty hard to remove especially when using injection. In this case, a certain way to get rid of Beast is booting in Safe Mode. I implemented in Beast an extra persistence feature on NT systems (with admin privileges), so whenever the injected (host) process is closed, from the winlogon.exe (unstoppable service...) the server will be injected again. All the servers (loaders) are locked from winlogon.exe, so cannot be deleted. The registry settings are also overwritten at every few seconds...
----------------------------------------------------------------------------------------------------------
So my question is:
1) Does it mean that Firewall become useless to this type of Trojan?
2) How can I detect this "injection"?