The only way I can think of a trojan to 'inject' its code would be to bind itself with a trusted application and then get the application to run..ofcourse the firewall would show that the trusted application had changed from the last time it accessed the net