* Strider GhostBuster will be released either as a research prototype or as part of Microsoft products.
* SysInternals RootkitRevealer, released on February 22, 2005, implements the same hidden-file and hidden-Registry detection techniques used in the Inside-the-box GhostBuster (which includes additional hidden-process and hidden-module detection techniques).
* Simple steps you can take to detect some of today's ghostware:
1. Run "dir /s /b /ah" and "dir /s /b /a-h" inside the potentially infected OS and save the results.
2. Boot into a clean CD, run "dir /s /b /ah" and "dir /s /b /a-h" on the same drive, and save the results.
3. Run a clean version of WinDiff from the CD on the two sets of results to detect file-hiding ghostware (i.e., invisible inside, but visible from outside). See Hacker Defender ghostware files revealed (highlighted) for an example.
4. Note: there will be some false positives. Also, this does not detect stealth software that hides in BIOS, Video card EEPROM, disk bad sectors, Alternate Data Streams, etc.