Everything Search is a great program, something that puts Microsoft to shame for not coming up with this themselves and causing its users to waste millions of hours waiting for the retarded Folder Search to find a file. I have donated to this program and encourage others to try and do the same.
Now for my question. If I correctly understand how the program works and how rootkits hide themselves, then Everything Search is an ideal tool to search for a rootkit by its name. One type its name into the search box and since Everything Search is not dependent on Microsoft directory access APIs, the hiding technique of the rootkits (i.e., via hooks installed by nefarious drivers), those files will be visible in plain view. Obviously, then if you go to Windows Explorer with the path, you wont see them, but you will know for sure they're there.
Is the above is indeed the case?
If it is, then I think it will be useful information to publish on the site - yet another virtue of this amazing program.
General discussion related to "Everything".
2 posts • Page 1 of 1