Home > Computer > IceSword Displays Processes and Files Hidden from Windows Explorer
Donation Goal
Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)
Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

IceSword Displays Processes and Files Hidden from Windows Explorer

Posted By Raymond In Category: Computer

Nov
25
2009

If you think that enabling “Show hidden files and folders” and disabling “Hide protected operating system files” from Folder Options will show every single hidden files/folders, then you are wrong. Recently I’ve been very busy because I am involved in a “secret” project (will be revealed here soon) that made me spent a lot of time testing a lot of different security tools.

There are some virus/trojan/rootkit that is able to hide itself completely from Windows Task Manager and believe it or not, even the famous Process Explorer and Process Hacker cannot even detect the hidden process. Other than that, when the virus is active, they can also make the file hidden until you cannot locate it using Windows Explorer. I found a tool called IceSword which has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show.


Do note that IceSword isn’t a “click-here-to-delete-rootkits” product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine. One thing I really like about IceSword is it is portable, free and can be used in Safe Mode. Normally tools that is used to detect hidden process and files (such as DeepMonitor and many more) requires a special driver installed and it won’t work in Safe Mode since third party drivers/services are not loaded in that environment.

IceSword Detect Hidden Process and Files

Here’s a piece of bad news that might be a turn off to a lot of people. IceSword is a software made in China by a person called PJF. I know now even more people would stay away from Chinese software because of what IObit did but so far IceSword has a very good reputation. Scanning it in VirusTotal with 41 antivirus and only ClamAV detects it as a threat just because the program is packed/compressed with ASPack.

Anyway I’m just sharing with you on a tool which I found useful and if you’re not comfortable using it, then by all means go ahead and use GMER which is very similar to IceSword. It’s good to have an alternative in case one of it doesn’t work. Here’s a short video demo of IceSword able to detect a folder which is completely hidden from Windows Explorer even if the Folder Options is set to show hidden files and folders.

[ Download IceSword | PJF's Official Website ]


Related posts:
  • A Very Tiny Tool to Monitor Changes in Windows Files, Registry and Processes
  • Reset System and Hidden Attributes for Files or Folders Caused by Virus
  • Easily Access to Nearly 100 Hidden Utilities in Windows XP
  • Detect Hidden Process and Rootkit with DeepMonitor
  • Restoring running programs missing from Windows Tray when Explorer.exe CRASH!
    • Anon

      What did IObit do?

    • CH

      Thanks Ray.

      So, a “Secret Project” testing security products huh?
      Boy, I wish a had a job like yours…

    • hims

      good info ray!

      thanks…..

    • Raymond
    • Latdna

      They steal MalwareBytes virusdbs without permissions.
      More info on here: http://www.malwarebytes.org/forums/index.php?showtopic=29681

    • jcym

      Allegedly, they stole intellectual property from Malwarebytes. Or at least the are supposed to have stolen their detection database and were apparently caught because of a ‘fake’ signature put there for that very purpose by Malwarebytes.

      Just search google with the words iobit and malwarebytes in the search in the search box and you will get 130,000+ hits to peruse at your leisure. The first two when I did it was to a blog about it from each of the companies involved.

    • Stax

      it says ‘Initialize failed’ when I start it.

    • http://alisoft7.blogspot.com Ali Qayyum

      excellent software thanks

    • http://wip330.110mb.com/ Mark

      Thanks for the info – but what DID IObit do???

    • Arafat

      I think this is what IObit did : http://news.softpedia.com/news/Malwarebytes-Accuses-IObit-Plays-Dead-126389.shtml

      They copied Malwarebytes databas.. shame on them..

    • http://wip330.110mb.com/ Mark

      Hey, thanks for the lowdown on IObit…

    • http://www.amirbagheri.ir Amir

      Thanks Ray, totally helpful.
      What’s the difference between this software and “Process Explorer”, or maybe something like portable “Everest”?!

    • Tom

      So it’s still safe to use IObit?

    • Amay Raikar

      Hey Ray,
      there is a similar product with sysinternals by the name Rootkit Revealer.heres the link….http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

      regards,
      amay raikar

    • PImi

      i can’t get the software to work on windows 7 :/

    • http://www.raymond.cc/ Raymond

      @Amay Raikar: Rootkit Revealer cannot be compared with IceSword. Reason is Rootkit Revealer has very little features and it’s actually very outdated (last updated 3 years ago).

      Oh ya, forgot to mention that IceSword currently only works with XP and Vista. Windows 7 not supported yet.

    • luddy

      Thanks for the insight into IObit. Won’t be loading the free copy I got here…ever.

    • Aggressor

      @Raymond: IceSword hasn’t been updated in over 2 years either. When I was using it, it did help me find a few ghost files and processes though.

    • Willem

      I stumbled on IceSword two or three years ago when it was still in its 0.** stages of development. It didn’t even have an English Help file then. It looked so primitive, but was already very good at revealing all hidden processes.

      I eventually dropped it off, mainly because it took quite some time to browse its crude GUI, and besides I didn’t really encounter any problems with my old, old PC — except those many reformats caused by self-inflicted beatings.

      Anyway, IceSword looks like it’s improved a lot, at least cosmetically, and I want to install it permanently in my brand-new (Athlon II X4 620, Windows 7 Pro X64, 6GB RAM) system.

    • John

      Thanks Raymond, but I will not be downloading this because I refuse to use any application made in China or Russia. These two countries produce more than 50% of malware on the Internet today. I am not saying that IceSword has a rootkit/backdoor build in it, but it is NOT open source so you really have no idea what is running in the background when the application is executed. Call me bias, but it is better to be safe than sorry.

    • wrjwr

      Initialize failed when trying to run on vista ?

    • Tim

      Im trying to run this to remove a bad regkey (rootkit) I know where it is, just cant delete so this post would of helped me out alot only that I have the same issue as a few ppl above.
      I get a message saying “Initialize failed”

      Running on Vista Home Basic with Sp2 and all updates

    • http://www.raymond.cc/ Raymond

      Try using Gmer instead if IceSword fails to initialize.

    • CurlySue

      Hi Ray,

      You said, “I know now even more people would stay away from Chinese software because of what IObit did…”

      May I ask what IObit did? I ask because I have been using and recommending SmartDefrag (with enthusiasm) for several months.

      Thank you.

      CurlySue

    • CurlySue
    • http://corporate-videos.my zuwairiaiman

      Thanks for sharing. this is very cool stuff…

    • megahelp

      If you want to download from Megaupload without captchas or countdown timers, here is a trick worth trying out. It helps to convert megaupload links into direct download links.
      Megaupload Direct Download Link Generator

      If you are having a download link from megaupload like

      http://www.megaupload.com/?d=GVOMXHQ2

      then convert it to

      http://www.megaupload.com/mgr_dl.php?d=GVOMXHQ2

      That is, just replace “/?” of the original download URL with “/mgr_dl.php?” just after the “.com/”

      You can place this direct link in download managers for immediate downloads from megaupload.

      No Coundown

      No Captchas

      Maximum Speeed

    • http://www.zuarxpdc.blogspot.com zuarxpdc

      tq raymond for the best software..:-)

    • rvdmast

      So how was this folder made invisable? The movie quality isn’t too good but i didn’t notice anything special about the folder, like special characters or something…

    • Anonymous

      Not working on W7, it says ‘Initialize failed’ when it start

    • @megahelp

      Megaupload waiting time is 25 seconds for free registered users 45 seconds for non register users!
      If you cannot wait for less than a minute then you are NUTS!!

    • duckne55

      tards, just use skipscreen.

    • Mahmoud

      Thanks Ray

    • ianbion

      No problem if IObit gets update from Malware Bytes bcoz, it is important to pass the Knowledge to the others I love chiness coz they are smart enough to manage world technology at the age of 10-13.

      another i cant wait getting another venders update.

      IObit keep on

    • fanboy01

      @ianbion
      ianbion, MBAM did not “pass” their database to IOBit. IOBit stole it from MBAM. You obviously make it sound like MBAM gave permission to IOBIt to use their database but MBAM claims that they didn’t.

      You probably don’t believe that IOBit stole from MBAM.

    • Janine

      When you get the error ‘Initialize failed’ from IceSword you have to turn off the execution permission in Windows and run it with your own credentials or as an administrator user.

    Copyright © 2005-2012 - Raymond.CC Blog