The MSR article Why It’s A Bad Idea For Stealth Software To Hide Files had me stumble across a project of MSR, Strider. According to the description, it is "a black-box, state-based, and component-based approach to systems management and diagnostics. The statistical data analyses that we produce and the infrastructures and tools that we build help users manage their systems today and help developers design new operating systems with better manageability tomorrow."
I really like the idea of Strider Ghostbuster that is outlined in the article - to convince you to read it yourself, I'll show the overview diagram of what Ghostbuster does (Figure 1. The ScanDiff approach to exposing file-hiding software [from the aforementioned article]):
Ghostbuster allows you to find rootkits, keyloggers and other malware that hides itself from plain directory listing. How is it done? Perform a directory listing on the infected machine (step #1), boot from a WinPE CD and scan again (step #2), and then compare the two scans (step #3). You'll see immediately what was hidden, and it takes only around 15 minutes to do this - absolutely neat!
Closing words: be sure to check out the References section of the article!