======================================================================
I'm still looking for that Microsoft GhostBuster download link.

In the July 24, 2004 Microsoft paper titled "Strider GhostBuster: Why
It's A Bad Idea For Stealth Software To Hide Files" (
http://research.microsoft.com/research/pubs/view.aspx?type=Technical%
20Report&id=775 ), the authors state "We have built a tool called the
Strider GhostBuster that automates most of the ScanDiff steps below ...
running to completion ... in 10 to 15 minutes."

But where can we obtain a download link to Strider Ghostbuster?
======================================================================
Apparently the Strider GhostBuster tool automates the 3 steps below:
======================================================================
Step #1:
We first boot normally into the infected OS and invoke "dir /s /a" to
scan the entire file system. We save the output in a file named
"Infected_Scan.txt" on a disk. The file-hiding software can arbitrarily
interfere with the scanning process and/or arbitrarily modify the output
file . (Note that the user account from which the scan is performed
should be added to the ACLs of the System Volume Information folder and
other folders that by default are not accessible to the user .)

Step #2:
We restart the machine  and this time boot into a clean WinPE CD  [WPE]
that contains a clean version of WinDiff.exe. We invoke "dir /s /a" again
and save the output in the file "Clean_Scan.txt". The hidden file should
appear in this output because the file-hiding software was not running
during the scan.

Step #3:
Finally, we invoke WinDiff.exe to compare the two files
"Infected_Scan.txt" and "Clean_Scan.txt". Any hidden file should be
revealed in the diff result .
======================================================================
Based on this, Microsoft researchers state in this paper that the
documented ScanDiff process above detects all real-world file-cloaking
RootKits, Trojans, and commercial keyloggers. Specifically, these
ScanDiff steps detect Sony BMG Ineptware, Hacker Defender 1.0, Aphex -
AFX Windows Rootkit 2003, Vanquish, and Msvsres.dll; plus the keyloggers
ActMon and ProBot SE; and the commercial flyware Hide Files 3.3, Hide
Folders XP, Advanced Hide Folders, and File & Folder Protector (flyware
being defined as your boss' fly-on-the wall ware).
======================================================================
I'm sure there is a download link to Microsoft Strider GhostBuster
utility somewhere out there. But the closest I can get to is this link
provided in the paper above: http://research.microsoft.com/sm/strider
======================================================================
My question is:
Does anyone really know where to get a Strider Ghostbuster utility?

Pamela Fischer

Pamela
This (Strider) is a Microsoft Research project - the programs involved are
almost certainly undergoing patent applications, and as a result cannot be
published yet.
When they are published, they look as if they are to be directed more
towards the Enterprise market than the home user.

Here is a free program that will find "Rootkits" it is written by the same
person that found the rootkit installation installed by listening to a Sony
music CD a couple of weeks ago.

http://www.sysinternals.com/utilities/rootkitrevealer.html