Your system management utilities can’t see it… spyware checker can’t spot it… and antivirus/anti-trojan products can’t block it. It can be written as spyware, a virus or trojan. And Windows can’t do anything about it. It’s a rootkit.

Rootkits hide themselves by returning bogus information to queries. For example, when Task Manager displays the active processes, a rootkit removes itself before returning the list.

The Bad News: Catching a rootkit is difficult, time-consuming work. It requires system shutdown, special software, and a lot of clerical sleuthing.

The Good News: You can catch most rootkits. You can vanquish rootkits lurking in memory by simply rebooting. Then use RootkitRevealer to spot persistent rootkits. According the the authors, this freeware utility “successfully detects all persistent rootkits published at rootkit.com, including AFX, Vanquish and HackerDefender.”

Screenshot: RootkitRevealer exposes the HackerDefender rootkit

RootkitRevealer works for Windows NT 4, Windows 2000, Windows XP and Windows 2003. Just be prepared to spend a very, very long weekend.