[Import] ice blade icesword 1.22 beta version released

Pjf, author of ice blade icesword, released the latest version of icesword 1.22, which is said to have mainly enhanced some features. enhanced some minor functions, such as ads detection, process/driver signature check, BHO deletion, ssdt recovery, inline hook detection, module/Registry/file search, etc. although the updated feature has many "chicken ribs" (author's primitive), it is the first time that an icesword version has added so many small features. You can download it and test it.

Sorry for the delay, because the boss's work has been completed in the first two months. In the past few days, a bit of code has been added according to the highest requirement of "Voice", and some kernel functions have been enhanced.

MD5: 4c90de8c7e956cd56f13413b390f0dec
Note: This is only an English test version. Generally, you do not need to download it first. Please give feedback to enthusiastic friends When discovering bugs. Thank you.
The following features are added:

1. Find modules)

2. search functions in the Registry bar (find, find next)

3. The search functions in the file bar are ads enumeration (including or not including subdirectories) and common file searching (find files)

The above is the most demanding and indeed helpful for finding malware
4. Delete the BHO column and restore the ssdt column (Restore)

This item is an item of "chicken ribs", which can be added or not. For example, you can manually delete a BHO user.
Ssdt restoration is even more useless: the first version released a few years ago gave the current value and original value of the ssdt item. The so-called restoration is to write back the original value in 4 bytes, at that time, it was not provided to consider that, on the one hand, ssdt hook, a "abusive" surface technology, had no impact on the operation of is, on the other hand, it is often used as a normal anti-virus software rather than malware (malware is too easy to discover ), therefore, we feel that providing the software to common users will only let them destroy their own anti-bot service. But some friends mentioned it, just add some code.
5. Advanced scan: the scan module in the third step is provided for some advanced users. Generally, do not restore the items that are first displayed, because they are not modified by the operating system or required by icesword, restore will crash the system or icesword will not work properly.
In fact, the earliest icesword will also restore some malicious Inline hooks of kernel execution bodies and file systems, but it does not prompt users. Now I think it may be helpful for advanced users to analyze themselves like SVV. In addition, some items in the restore will be repeated (IAT hook and inline modified hook). It does not matter if you are too lazy to check the restore. Do not do other things during scanning. wait patiently.
If you have installed software such as Kabbah, it may be troublesome to check the results: too many modifications ......
6. Hide the signature items (View-> hide signed items ). Select the process, module list, driver, and service in the menu. Note that refresh the four columns after the selection will be slow, so be patient. During the running process, system-related functions will actively connect to the outside world to obtain some information (for example, go to crl.microsoft.com to obtain the certificate revocation list). Generally, you can use the firewall to disable it, therefore, it is not surprising that there is a connection after the selection. It is done by M $.
7. The others are the enhancement of the internal core functions. There are a lot of fragmentation, so I will not elaborate on it. Observe the view-> init state when using it. If it is not "OK", the initialization is incomplete. Please report it.

Download: ice blade icesword 1.22
Source: http://www.gins.cn/blog/post/165.html