This application http://www.geocities.com/turbotramp2/samurai.html purports to "clean" a system which is infected by a rootkit. In order to do this it restores the SDT and thereby cleans any API hooks: "DISABLE ROOTKITS: Clear existing rootkits and prevent future loading. This solution hooks system calls to prevent the loading of rootkits and refreshes the kernel’s system call table to clear existing rootkits. This solution also contains a user interface that informs the operator when attempts are made to load device drivers during normal operation. This can only be accomplished with the Samurai HIPS." In theory, this should work. In practice, I still can't see the installed Hacker Defender rootkit ... Can anybody confirm this slightly disappointing result?