EverythingSearch and rootkits

General discussion related to "Everything".
Post Reply
duongthuan
Posts: 1
Joined: Wed Oct 11, 2017 1:36 pm

EverythingSearch and rootkits

Post by duongthuan »

Hi David,

Everything Search is a great program, something that puts Microsoft to shame for not coming up with this themselves and causing its users to waste millions of hours waiting for the retarded Folder Search to find a file. I have donated to this program and encourage others to try and do the same.

Now for my question. If I correctly understand how the program works and how rootkits hide themselves, then Everything Search is an ideal tool to search for a rootkit by its name. One type its name into the search box and since Everything Search is not dependent on Microsoft directory access APIs, the hiding technique of the rootkits (i.e., via hooks installed by nefarious drivers), those files will be visible in plain view. Obviously, then if you go to Windows Explorer with the path, you wont see them, but you will know for sure they're there.

Is the above is indeed the case?

If it is, then I think it will be useful information to publish on the site - yet another virtue of this amazing program.

Thanks
Christian.Sirolli
Posts: 2
Joined: Thu Dec 07, 2017 3:42 pm

Re: EverythingSearch and rootkits

Post by Christian.Sirolli »

You could test this out. Use VirtualBox to set up a virtual hard drive with a Windows OS on it, and download and install a rootkit to it and see if you can find it with Everything.
Post Reply