- Mar 8, 2013
- 22,627
As I already mentioned, I am member of MCShield developing team, so I decided to wrote an article about this program, and it's capabilities. I find out that you mentioned this tool through discussions, but I saw few incorrect statements (I ain't blame you), so I am here to correct it 
I am member of AMF (Anti Malware Fighter) at Mycity.rs forum, and over the years there were a significant number of people that got infected with malware spreading via removable drives. Firsty bobby wrote an tool called USBNoRisk that was able to scan and remove malware traces on removable drives.
But we needed realtime protection, and this is how MCShield was born. Current version is 2.5.4.20, and new version is in beta testing.
You can find MCShield at this adress --> http://www.mcshield.net/
Now let's move on it's capabilities.
MCShield (You should not confuse it's name with mcshield module/driver from McAfee) is tool designed to prevent(remove) infections transmitted via removable drives. This means that when you plug-in usb into your computer, MCShield will automatically scan it and inform you whether drive is clean or infected/cleaned.
It's GUI is pretty simple and looks like this
http://img845.imageshack.us/img845/4167/capturexy.jpg
http://img850.imageshack.us/img850/2289/slikar.png
When you plug-in USB and it is scanned you get pop-up like this (saying it's clean)
http://img546.imageshack.us/img546/9484/slikab.png
Of course you can get the message that USB is infected and cleaned.
MCShield stores it's work withing log files. Logs are located at %programdata%\MCShield
You have two log types:
- allscans - contain all scans since the time program is installed
- lastscan - last scan
Example of the initial scan when computer starts:
Example of clean drive:
Example of infected drive (Virus:W32/Ramnit)
Another worm busted
And finally Stuxnet and Conficker
Stuxnet used Win32/CplLnk.A exploit, but got busted
As you can see scan time is very short, couple of seconds, but of course, it vary of number of files within USB.
Another feature is that MCShield gathers MD5, and shows it within log, so you can easily check MD5 on VirusTotal.
MCShield has ability to restore attributes, except that you need to manually tick option Always unhide items on flash driver within Scanner tab.
I am not going to compare other similar tools like Panda USB Vaccine or Bitdefende USB Immunizer, because these are just autorun blockers, and they couldn't match with MCShield, because they are not able to remove malware. MCShield has world class heuristics, and contain abilities to detect much more hidden malware.
That's just a short presentation, you can find more explanations on MCShield web adress.
If you need any question, I am here to answer.
Greetings
I am member of AMF (Anti Malware Fighter) at Mycity.rs forum, and over the years there were a significant number of people that got infected with malware spreading via removable drives. Firsty bobby wrote an tool called USBNoRisk that was able to scan and remove malware traces on removable drives.
But we needed realtime protection, and this is how MCShield was born. Current version is 2.5.4.20, and new version is in beta testing.
You can find MCShield at this adress --> http://www.mcshield.net/
Now let's move on it's capabilities.
MCShield (You should not confuse it's name with mcshield module/driver from McAfee) is tool designed to prevent(remove) infections transmitted via removable drives. This means that when you plug-in usb into your computer, MCShield will automatically scan it and inform you whether drive is clean or infected/cleaned.
It's GUI is pretty simple and looks like this
http://img845.imageshack.us/img845/4167/capturexy.jpg
http://img850.imageshack.us/img850/2289/slikar.png
When you plug-in USB and it is scanned you get pop-up like this (saying it's clean)
http://img546.imageshack.us/img546/9484/slikab.png
Of course you can get the message that USB is infected and cleaned.
MCShield stores it's work withing log files. Logs are located at %programdata%\MCShield
You have two log types:
- allscans - contain all scans since the time program is installed
- lastscan - last scan
Example of the initial scan when computer starts:
Example of clean drive:
Example of infected drive (Virus:W32/Ramnit)
Another worm busted
And finally Stuxnet and Conficker
Stuxnet used Win32/CplLnk.A exploit, but got busted
As you can see scan time is very short, couple of seconds, but of course, it vary of number of files within USB.
Another feature is that MCShield gathers MD5, and shows it within log, so you can easily check MD5 on VirusTotal.
MCShield has ability to restore attributes, except that you need to manually tick option Always unhide items on flash driver within Scanner tab.
I am not going to compare other similar tools like Panda USB Vaccine or Bitdefende USB Immunizer, because these are just autorun blockers, and they couldn't match with MCShield, because they are not able to remove malware. MCShield has world class heuristics, and contain abilities to detect much more hidden malware.
That's just a short presentation, you can find more explanations on MCShield web adress.
If you need any question, I am here to answer.
Greetings
