We've just released the beta version of a new tool called Packed Driver Detector. Download: http://www.misec.net/products/PDD.exe (No installation required - simply run file) What does this thing do? Drivers are system files that are used in kernel mode to execute system code. Rootkits use a driver (.sys) file to subvert the Windows kernel and hide their presence in the system. Recent rootkits have begun packing and/or encrypting their driver files to make them harder to detect. This tool identifies packed driver files. On an uninfected system there should be no packed driver files. Use this tool to identify any packed driver files on your system. How can I help? This is the first beta release of Packed Driver Identifier. If you want to help out testing it, download and run it to scan your system. If the tool identifies any packed drivers, don't panic. This is the first release of the tool and the identified files are very likely legitimate. Please email the detected driver files to firstname.lastname@example.org along with your scan log. We will analyze the files for you and tell you if they really are something to worry about. It would be very helpful if you could post your scan report even if no packed drivers are identified. This is to help verify that the tool is actually not reporting any packed files on clean systems.