Interesting (and remarkably simple) solution for hidden root kit files

Microsoft Research has a short but sweet paper on using hackers' tricks against them, including using differential file system scans (using WinDiff) from infected vs. clean OS boots to detect hidden files. A good read if you're determined to attempt cleanup of an infected system (generally not recommended) instead of flattening the machine and rebuilding it (generally the safer course):

 

https://research.microsoft.com/research/pubs/view.aspx?tr_id=775