I have recently come across one of these and thought it might be of use to share some stuff I found.
I really dont know all that much about rootkits but information can be found.
http://www.techsupportalert.com/issu....htm#Section_0
For a basic informational read go here
http://ct.cnet-ssa.com.com/clicks?c=...-ssa&ds=5&fs=0
That being said I have found several programs to assist with detection and removal
F-Secure has one called blacklight found here
http://www.f-secure.com/blacklight/
Another is Ewido which can be found here
http://www.ewido.net/en/download/
Sysinternals also has one which can be found here
http://www.sysinternals.com/Utilitie...tRevealer.html

Here is some advise from a user on the cnet forums
Thanks to him for posting this

A way of seeing them yourself in XP or 2k also has come up which is below

First, some minor elaboration: Most rootkits install themselves as a device which, itself, can be seen.
In a Command window (Start -> Run -> CMD<enter>, type
SET DEVMGR_SHOW_NONPRESENT_DEVICES=1<enter>, then
DEVMGMT.MSC<enter>
The device manager will appear; but, will also include every device ever installed on the system. Click VIEW -> Show Hidden Devices and you'll be set.

Most rootkits will be in the Non Plug and Play devices and COM3 or the IPX/SPX protocol are two I have found more than once.

What that device driver does is to mask a string by intercepting all API calls to the O/S, thereby hiding the process, registry entries, and files containing that string. The string itself is configured by the author so, for example, if the string is BIG_BAD_GUY, any entry containing that string will be hidden.