Some of the applications that are included in the Sysinternals suite should be installed on every computer such as Rootkit Revealer, Autoruns, Process Explorer and Regmon. This collection might confuse inexperienced users due to the sheer amount of exectuables that are listed in the main directory. It is difficulty to find out what some of the executables are doing, do you know for instance what psfile.exe will do ?

It would have been nice if at least a readme file would have been included to make it easier to understand the executables. A gui would have been even better. I would advise everyone to visit the Sysinternals website to lookup the programs before you execute them.

Related posts

• Zoom It (4)
• Tweak Vista Freeware (3)
• Top Xp Freeware that every user needs part 3 (5)
• Security and Privacy Complete (0)
• Page Defrag (3)

There is no way that I have enough time to write about all features of IceSword. I therefor decided to mention the most important ones and leave the rest up to you. The process tab of IceSword is one of the most important ones when it comes to detecting rootkits. Icesword will color most hidden processes red which means it is a good idea to take a look at those first. Some rootkits are not colored however so a second look never hurts. You are able to terminate a process by right clicking and selecting Terminate Process.

A good idea is to check the compare the findings with other programs. Use a process explorer that shows the amount of processes but is able to view hidden processes. Compare that number with the number in Icesword and you should have the same amount of processes, if not take a closer look and compare the results.The Mitec Process Viewer is a good tool for this for example.

The ports tab lists all open ports and their applications. Compare the applications with the one that you´ve started. If you see for example that iexplorer.exe is currently connected to the internet but you are not using this program, well you know that you should block the connection and check what´s going on. IceSword should show the same connections that the command netstat -an shows. If they differ something is not right.

The Kernel Module tab in Icesword colors hidden drivers red. The BHO tab (Browser Helper Objects) should be empty if you are not using Internet Explorer but Firefox for example. If you see something in there search for it using Google to see if it is spyware or not.

As you can see it is not that easy to use Icesword compared to other rootkit scanners that work by clicking on the scan button. Iceswords biggest advantage is the fact that it offers more information which is good if you know what you are doing or how to search for the information that you need.

Alternatives to Icesword are still the sysinternals rootkit revealer and blacklight from f-secure.

Related posts

• How to scan your Linux-Distro for Root Kits (2)
• How to check your system for rootkits (0)
• Dvd Rootkit on the way (3)
• AVG Anti Rootkit free (3)
• Yahoo marks dangerous search results (4)