If you are allowed to reboot the system into trusted media, the Microsoft Research Ghostbuster technique (developed by Yi Min Wang et al) will provably detect ALL persistant & stealthy rootkits unless the rootkit author wants to try to solve the AV virus detection problem to detect the in-system checker when it runs

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/537/2014#2014