If you are allowed to reboot the system into trusted media, the Microsoft Research Ghostbuster technique (developed by Yi Min Wang et al) will provably detect ALL persistant & stealthy rootkits unless the rootkit author wants to try to solve the AV virus detection problem to detect the in-system che...

[ more ]