IceSword beats Gold version of hackerdefender

Discussion in 'other anti-trojan software' started by James Taylor, Jul 15, 2005.

Thread Status:
Not open for further replies.
  1. James Taylor

    James Taylor Guest

    Go the chinese!!!

    Since I'm one of the few here who actually read and write chinese, it's my duty to read the help file.

    http://itmanagement.earthweb.com/columns/executive_tech/article.php/3512621
    http://itmanagement.earthweb.com/columns/executive_tech/article.php/3508726

    Download here

    http://xfocus.net/tools/8.html
     
  2. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    It is funny that the prevailing wisdom of the "experts" say that a feat of reliably dtecting a roootkit is impossible and yet there are arnarchist that love to defy the convential wisdom and actually innovate.

    More power to those that go against the conventional wisdom and thumbs down to those that attempt to keep alive the Whale Oil industry when light bulbs are available..


    Starrob
     
  3. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    yes, icsword is an excellent tool.
    Here is the latest update. The download address is right under the IceSword 1.10. But it is a chinese version, i didn't find an english version.
     
  4. bte

    bte Guest

  5. swinger

    swinger Guest

  6. Jt3

    Jt3 Guest

    Arnarchistso_O
     
  7. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Be sure you have a backup of your system when you run icesword. can't remember what happened but some of my programs started acting weirdly after running it and I had to reinstall my OS.
     
  8. be aware

    be aware Guest

    Yeah I would be very careful about downloading IceSword it may very well contain a rootkit itself. Don't just automatically download something because it's posted on a security forum like this one, and you think it's safe. I would be very cautious about downloading IceSword or anything from some unknown Chinese website. Just my 2cents.
     
  9. Arup

    Arup Guest

    Since I taught at university level in China, I can tell you, they have some brilliant brains there, far more so than anywhere else and it is not surprising to see good products come out of there in the future, sadly the language barrier remains, I have seen some real good security programs written in Chinese.
     
  10. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    I use it very often and there is no problem on my system.
     
  11. Arup

    Arup Guest

    Shek, do you have the English version of the program?
     
  12. controler

    controler Guest

    I was going to try it for the first time today & this is what I got when clicking on the EXE.

    BoClean:

    07/17/2005 10:09:33: GWGHOST TROJAN VARIANT STOPPED!
    Trojan horse was found in memory.
    C:\DOCUMENTS AND SETTINGS\CONTROLER\DESKTOP\ICESWORD\ICESWORD\COOPERATOR\SCANSTAR.EXE contained the trojan.
    Active trojan horse WAS shut down. System safe.

    waiting for Kevins take on this.

    This is the download link I had.


    http://xfocus.net/tools/200505/1032.html

    controler
     
  13. controler

    controler Guest

    BTW

    does go chinese mean ?

    ~snipped~ as this comment may spark a political discussion which is against our TOS - dog

    controler
     
    Last edited by a moderator: Jul 16, 2005
  14. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    i checked the file mentioned above by jotti and nothing was found.

    Arup--
    sorry, I cannot find the English version.
     
  15. Arup

    Arup Guest

    Shrek,

    No probs, I also scanned with Avast, Clam, Ewido and Anti Vir, no viruses, would be nice to see a English version.
     
  16. controler

    controler Guest

    You are correct sir, Jotti or Virus Total never found anything, only BoClean did. That is why I am waiting for Kevin to get back to me. Usualy when thus happens, it is because someone used some code that is also used in a trojan.
    Let me add two other programs running on my test machine that did not flag the file. TDS-3 & Unhackme. It is most likely a FP.

    The link I provided is for IceSword.RAR. That is the one I downloaded. I am downloading IceSword.110 now and will see.

    controler
     
    Last edited by a moderator: Jul 17, 2005
  17. controler

    controler Guest

    Clicking on the scanstar file in the newer version appears to do nothing on my system.


    controler
     
  18. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    controler,

    I took a peek yesterday. The single file scan didn't raise any flags, but trying to launch scanstar.exe did wake BOClean to action. The same file no longer raises any flags on launch. Presumably a false positive fixed with a definition update.

    Blue
     
  19. controler

    controler Guest

    Hey blue

    Yes that is true a single file scan by dragging the file into BoClean does not do anything but actualy clicking on the file put code yo memory.
    I still have the Original folder and licking on that file sets of BoClean every time.

    After downloading the newer version of that RAR. I never got anything out of BoClean.

    My Boclean shows 07/16/05 09:14:46 as the latest update. Checking for update says I have the latest.

    Shall I send you the RAR I have and you can click on it again? LOL

    When BoClean kicks in & you click YES, it deletes the scanstar.exe.
    Since I am running Windows version of Deepfreeze, I just reboot and get my original scanstar file back.

    controler
     
  20. none-ya

    none-ya Guest

  21. none-ya

    none-ya Guest

    sounds much like Security Task Manager

    - there's the fine print
     
  22. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Can anyone figure out whether th pro-active rootkit detection is different from the kind that ProcessGuard provides? Thanks.

    Rich
     
  23. controler

    controler Guest

    richrf

    I was going to try out the Russian rootkit found at the rookit site but Mc Afee's beta seems to detect that one.

    richrf, have you tried Knoppix's bootable CD yet? It sure has alot of programs on it. Runs off CD & a RAMdisk they create. Comes with two browsers & Sunmicro's office suite , plus a ton a other apps.

    Still trying to figure out how to compare my C: drive with it. for hidden files.

    controler
     
  24. STM isn't a good tool for detecting rootkits. It's very good for other kinds of malware, but it can't be relied on for finding rootkits. Unhackme or RootkitRevealer are far better at this job. ;)
     
  25. usergame

    usergame Guest

Thread Status:
Not open for further replies.