gHacks technology news » icesword http://www.ghacks.net A technology blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Tue, 24 Nov 2009 03:24:03 +0000 http://wordpress.org/?v=2.8.6 en hourly 1 IceSword the better Rootkit Revealer ? http://www.ghacks.net/2006/07/19/icesword-the-better-rootkit-revealer/ http://www.ghacks.net/2006/07/19/icesword-the-better-rootkit-revealer/#comments Wed, 19 Jul 2006 13:25:44 +0000 Martin http://www.ghacks.net/2006/07/19/icesword-the-better-rootkit-revealer/ IceSword is a new contender for the title of the best rootkit revealing and removing program out there at the moment. It is rather hard to find a working download of IceSword but as always I provide a fast way to download the latest version of Icesword named IceSword1.18.rar. Click the link to download the rootkit scanner from rapidshare. In contrast to other rootkit scanners like Blacklight Icesword can not be run automatically. Icesword only provides perhaps the most powerful utilities to scan your system for rootkits and other information.

There is no way that I have enough time to write about all features of IceSword. I therefor decided to mention the most important ones and leave the rest up to you. The process tab of IceSword is one of the most important ones when it comes to detecting rootkits. Icesword will color most hidden processes red which means it is a good idea to take a look at those first. Some rootkits are not colored however so a second look never hurts. You are able to terminate a process by right clicking and selecting Terminate Process.

A good idea is to check the compare the findings with other programs. Use a process explorer that shows the amount of processes but is able to view hidden processes. Compare that number with the number in Icesword and you should have the same amount of processes, if not take a closer look and compare the results.The Mitec Process Viewer is a good tool for this for example.

The ports tab lists all open ports and their applications. Compare the applications with the one that you´ve started. If you see for example that iexplorer.exe is currently connected to the internet but you are not using this program, well you know that you should block the connection and check what´s going on. IceSword should show the same connections that the command netstat -an shows. If they differ something is not right.

The Kernel Module tab in Icesword colors hidden drivers red. The BHO tab (Browser Helper Objects) should be empty if you are not using Internet Explorer but Firefox for example. If you see something in there search for it using Google to see if it is spyware or not.

As you can see it is not that easy to use Icesword compared to other rootkit scanners that work by clicking on the scan button. Iceswords biggest advantage is the fact that it offers more information which is good if you know what you are doing or how to search for the information that you need.

Alternatives to Icesword are still the sysinternals rootkit revealer and blacklight from f-secure.

Tags: , , ,

Related posts

]]> http://www.ghacks.net/2006/07/19/icesword-the-better-rootkit-revealer/feed/ 1