Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
I haven't had a chance to look at it yet, but the good folks at sysinternals have released a tool named RootkitRevealer. It looks like it works by comparing two scans, one very low-level and one high-level which will include the bogus results intercepted by the rootkit. Any diff means the rootkit is present and hiding/changing data.
https://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml