IceSword in English (detect rootkits, etc.)

The English version/translation of the most powerful rootkit and invisibles detector from China is available for free:

http://www.xfocus.net/tools/200509/1085.html

filename: IceSword_en1.12.rar

Below the program description there is written “mirror”. Try both servers, for the download is very slow and unreliable (server overloaded) ! If you didn’t get the full 564 kB, try again later.

This program is intended for savvy puter users :smiley:

That application is not capable of detecting rootkits.
Better use the rootkit detector from Sysinternals.

Eddy, it certainly does:

http://itmanagement.earthweb.com/columns/executive_tech/article.php/3512621

Nicolas

I got a system where there is a 17 bytes data mismatch between the Windows api and the raw data hive. That util is not picking it up. Therefor it is not capable of detecting rootkits.

I see, that’s why. IceSword is of course a tool and not infallible considering the latest tricks. The problem is we are hit by the latest viruses. It’s Cyberwar !

How did Ewido ? ( http://www.ewido.net/en/features/ ) I’m quite impressed by its capabilities (version 3.5, latest update). It even found the remnants of viruses I acquired during a Firefox trial a few months ago. Firefox did not completely uninstall and I didn’t notice >:(.

Edit: Since I also use Rootkit Revealer (Sysinternals) I looked it up. According to the manual, the discrepancy found by Eddy is not necessarily a sign of a rootkit. Regarding the lenght of only 17 bytes, it may be due to a change during scanning. Of course, it should be investigated further.

The author of HackerDefender has promised to defeat IceSword and we should take that seriously.