Well i can tell you for a fact EQEmu (the version put out by
http://www.eqemu.net) is NOT a trojan or password stealer in any way. If you dont believe me then look at the source yourself (its right in the zip).
Now, there is a chance you could have gotten a doctored version form an un-supported site (the source code can be found almost anywhere).
And to madborg: Everytime someone tries to connect to you even if server is locked, down, or your connecting locally but still using the loginserver you will probably get a message saying soandso is trying to connect and a few opcodes. even though you may think theres no connection from your computer to another.