If you think that enabling “Show hidden files and folders” and disabling “Hide protected operating system files” from Folder Options will show every single hidden files/folders, then you are wrong. Recently I’ve been very busy because I am involved in a “secret” project (will be revealed here soon) that made me spent a lot of time testing a lot of different security tools.
There are some virus/trojan/rootkit that is able to hide itself completely from Windows Task Manager and believe it or not, even the famous Process Explorer and Process Hacker cannot even detect the hidden process. Other than that, when the virus is active, they can also make the file hidden until you cannot locate it using Windows Explorer. I found a tool called IceSword which has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show.
Do note that IceSword isn’t a “click-here-to-delete-rootkits” product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine. One thing I really like about IceSword is it is portable, free and can be used in Safe Mode. Normally tools that is used to detect hidden process and files (such as DeepMonitor and many more) requires a special driver installed and it won’t work in Safe Mode since third party drivers/services are not loaded in that environment.
Here’s a piece of bad news that might be a turn off to a lot of people. IceSword is a software made in China by a person called PJF. I know now even more people would stay away from Chinese software because of what IObit did but so far IceSword has a very good reputation. Scanning it in VirusTotal with 41 antivirus and only ClamAV detects it as a threat just because the program is packed/compressed with ASPack.
Anyway I’m just sharing with you on a tool which I found useful and if you’re not comfortable using it, then by all means go ahead and use GMER which is very similar to IceSword. It’s good to have an alternative in case one of it doesn’t work. Here’s a short video demo of IceSword able to detect a folder which is completely hidden from Windows Explorer even if the Folder Options is set to show hidden files and folders.
[ Download IceSword | PJF's Official Website ]
Related posts:
When you get the error ‘Initialize failed’ from IceSword you have to turn off the execution permission in Windows and run it with your own credentials or as an administrator user.
@ianbion
ianbion, MBAM did not “pass” their database to IOBit. IOBit stole it from MBAM. You obviously make it sound like MBAM gave permission to IOBIt to use their database but MBAM claims that they didn’t.
You probably don’t believe that IOBit stole from MBAM.
No problem if IObit gets update from Malware Bytes bcoz, it is important to pass the Knowledge to the others I love chiness coz they are smart enough to manage world technology at the age of 10-13.
another i cant wait getting another venders update.
IObit keep on
Thanks Ray
tards, just use skipscreen.
Megaupload waiting time is 25 seconds for free registered users 45 seconds for non register users!
If you cannot wait for less than a minute then you are NUTS!!
Not working on W7, it says ‘Initialize failed’ when it start
So how was this folder made invisable? The movie quality isn’t too good but i didn’t notice anything special about the folder, like special characters or something…
tq raymond for the best software..:-)
If you want to download from Megaupload without captchas or countdown timers, here is a trick worth trying out. It helps to convert megaupload links into direct download links.
Megaupload Direct Download Link Generator
If you are having a download link from megaupload like
then convert it to
That is, just replace “/?” of the original download URL with “/mgr_dl.php?” just after the “.com/”
You can place this direct link in download managers for immediate downloads from megaupload.
No Coundown
No Captchas
Maximum Speeed
Thanks for sharing. this is very cool stuff…
Ahh…
I see what it may be.
news.softpedia.com/news/Malwarebytes-Accuses-IObit-Plays-Dead-126389.shtml
Hmmm…
Hi Ray,
You said, “I know now even more people would stay away from Chinese software because of what IObit did…”
May I ask what IObit did? I ask because I have been using and recommending SmartDefrag (with enthusiasm) for several months.
Thank you.
CurlySue
Try using Gmer instead if IceSword fails to initialize.
Im trying to run this to remove a bad regkey (rootkit) I know where it is, just cant delete so this post would of helped me out alot only that I have the same issue as a few ppl above.
I get a message saying “Initialize failed”
Running on Vista Home Basic with Sp2 and all updates
Initialize failed when trying to run on vista ?
Thanks Raymond, but I will not be downloading this because I refuse to use any application made in China or Russia. These two countries produce more than 50% of malware on the Internet today. I am not saying that IceSword has a rootkit/backdoor build in it, but it is NOT open source so you really have no idea what is running in the background when the application is executed. Call me bias, but it is better to be safe than sorry.
I stumbled on IceSword two or three years ago when it was still in its 0.** stages of development. It didn’t even have an English Help file then. It looked so primitive, but was already very good at revealing all hidden processes.
I eventually dropped it off, mainly because it took quite some time to browse its crude GUI, and besides I didn’t really encounter any problems with my old, old PC — except those many reformats caused by self-inflicted beatings.
Anyway, IceSword looks like it’s improved a lot, at least cosmetically, and I want to install it permanently in my brand-new (Athlon II X4 620, Windows 7 Pro X64, 6GB RAM) system.
@Raymond: IceSword hasn’t been updated in over 2 years either. When I was using it, it did help me find a few ghost files and processes though.
Thanks for the insight into IObit. Won’t be loading the free copy I got here…ever.
@Amay Raikar: Rootkit Revealer cannot be compared with IceSword. Reason is Rootkit Revealer has very little features and it’s actually very outdated (last updated 3 years ago).
Oh ya, forgot to mention that IceSword currently only works with XP and Vista. Windows 7 not supported yet.
i can’t get the software to work on windows 7 :/
Hey Ray,
there is a similar product with sysinternals by the name Rootkit Revealer.heres the link….technet.microsoft.com/en-us/sysinternals/bb897445.aspx
regards,
amay raikar
So it’s still safe to use IObit?
Thanks Ray, totally helpful.
What’s the difference between this software and “Process Explorer”, or maybe something like portable “Everest”?!
Hey, thanks for the lowdown on IObit…
I think this is what IObit did : news.softpedia.com/news/Malwarebytes-Accuses-IObit-Plays-Dead-126389.shtml
They copied Malwarebytes databas.. shame on them..
Thanks for the info – but what DID IObit do???
excellent software thanks
it says ‘Initialize failed’ when I start it.
Allegedly, they stole intellectual property from Malwarebytes. Or at least the are supposed to have stolen their detection database and were apparently caught because of a ‘fake’ signature put there for that very purpose by Malwarebytes.
Just search google with the words iobit and malwarebytes in the search in the search box and you will get 130,000+ hits to peruse at your leisure. The first two when I did it was to a blog about it from each of the companies involved.
They steal MalwareBytes virusdbs without permissions.
More info on here: malwarebytes.org/forums/index.php?showtopic=29681
I am guessing Raymond means this
good info ray!
thanks…..
Thanks Ray.
So, a “Secret Project” testing security products huh?
Boy, I wish a had a job like yours…
What did IObit do?