Spybot-S&D (http://www.safer-networking.org/en/index.html) has a new plug-in that checks for rootkits.
-{ Quote: "Beginning with the first updates in march we have added new anti rootkit plugins for Spybot - Search & Destroy." }-
Also RootAlyzer (http://forums.spybot.info/showthread.php?t=24185)
-{ Quote: "The RootAlyzer is a single tool which goes through the file system, the registry and process related lists." }-

Hm, looks like this tool tries to collect all the handles into your system and analyze it. If malware blocks it- this RootAlyzer just hangs and no more. I'm just curious, who was the programmer of this "anti-rootkit"?

-{ Quote: "Hm, looks like this tool tries to collect all the handles into your system and analyze it. If malware blocks it- this RootAlyzer just hangs and no more. I'm just curious, who was the programmer of this "anti-rootkit"?" }-

Hello Ilya,

Did you test it with real samples or is this an educated guess?

I just runned it as untrusted and looked throught the block log events. This thing simply hangs. Also, if to take into account the way it works, it can be bypassed easy way.