Rkdetect is a Little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender or hidden spyware/adware. Tool is very simple. It enumerates services on remote computer through WMI (user level) and Services Control Manager (kernel level), compares results and displays differences. In this way it may be possible to find hidden services which are usual used to start rootkit. Similar approach can be used to enumerate processes, files, registry keys and anything rootkits can hide. Real kernel level rootkit can not be detected this way.
