MCShield Anti-Malware v3.0

Status
Not open for further replies.

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Very nice blue icon in my System Tray, on demand ..

In Stats I read today: Signatures: 2013.9.8.1 - so I have the nevest database .. MCShield v2.7.4.23 pop-up after the start: 'No updates available.'
Another pop-up very pleasant: 'The initial scan is finished. MCShield is now protecting your system.'

In Process Hacker I see MCShieldRTM.exe Real-Time monitor own process (Working Set 8.2 MB, Handles 141, Threads 1). VERY light.

After have plugging the USB key, I look at instant pop-up near the clock: 'Drive J: was scanned. Malware was not detected. '

The must-have nice free software for everyone interested in the defense against malware coming from USB drives.

Thank you TwinHeadedEagle and your MyCity team!

MyCity.rs forums link in Google English: http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3Dhttp://www.mycity.rs/Zastitni-programi/Malwarebytes-Anti-Malware-VS-MCShield.html%26hl%3Den%26biw%3D1213%26bih%3D856%26site%3Dwebhp&rurl=translate.google.bs&sl=sr&u=http://www.mycity.rs/

6fccof1.png
MCShield intro-image.png
 

Amiga500

Level 12
Verified
Jan 27, 2013
661
Well most antivirus software scan any inserted usb drives etc.
So why would i want this as well.?

Also i do not like the fact that many security programs are flagging the site as malicious and this is enough for me to discourage any one from using it.
We know nothing about the so-called "developer" and he may simply be a charlatan taking everyone for a ride.

Thanks.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Amiga500 said:
Well most antivirus software scan any inserted usb drives etc.
So why would i want this as well.?

Also i do not like the fact that many security programs are flagging the site as malicious and this is enough for me to discourage any one from using it.
We know nothing about the so-called "developer" and he may simply be a charlatan taking everyone for a ride.

Thanks.

Hello Mi Amigo,

Yes? AV with Real-time protection and Working Set (Use Memory, RAM Usage) of 8 MB, do you know such tiny piece of software very light on resources, please?
I've installed the new version and no problems here (no false positives from lazy AV who do not renew its databases) ..
Have you read this topic posts, please? Eg. Post #1 by TwinHeadedEagle developer:
'As I already mentioned, I am member of MCShield developing team, so I decided to wrote an article about this program, and it's capabilities. ..
I am member of AMF (Anti Malware Fighter) at Mycity.rs forum, and over the years there were a significant number of people that got infected with malware spreading via removable drives. Firsty bobby wrote an tool called USBNoRisk that was able to scan and remove malware traces on removable drives.'

But we needed realtime protection, and this is how MCShield was born.
'I am not going to compare other similar tools like Panda USB Vaccine or Bitdefende USB Immunizer, because these are just autorun blockers, and they couldn't match with MCShield, because they are not able to remove malware. MCShield has world class heuristics, and contain abilities to detect much more hidden malware.'

Souhrid wrote (Post #30):
'Kaspersky too detect it as a threat,is MC shield digitally signed version .I don't understand.pretty impressed with its detection,removed infection which avast misses.To make sure i sent this infection to virustotal,detected as a threat by 6 engines.Once again a exellent work by MC shield ' ..
TwinHeadedEagle comment: 'That's the example why is MCShield better in removing removable drives infections than any Antivirus ' - and he wrote too: 'I am using MCShield for three years and never had an FP.
MCShield do have FP's but very small amount. MCShield wouldn't be so powerfull without FP's. Beside, every security product do come across FP from time to time.' - 'You have whitelist option for putting files into exclusion list' ..
And this: ' I think you should go through whole topic, so you can judge yourself '


'A great piece of tiny software' (it's not me, but Jamescv7 ..), we think ..
 

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
Amiga500 said:
Well most antivirus software scan any inserted usb drives etc.
So why would i want this as well.?

Also i do not like the fact that many security programs are flagging the site as malicious and this is enough for me to discourage any one from using it.
We know nothing about the so-called "developer" and he may simply be a charlatan taking everyone for a ride.

Thanks.

Yes, majority of security software scans removable drives, but have you asked or examined, how many of them are able to fully clean removable drive that is infected with Gamarue for example. Answer is no one, or maybe a couple of products, I didn't tested all of them. And that is the thing that MCShield does perfectly, it removes the infection completely and repair it's damage (hidden files on USB fo example).
If you want, I can provide you a Gamarue sample, so you can test and see the results ;)

Current VT links:

https://www.virustotal.com/en/url/b59ca27011c39842f746ebb1d4b2872b5c9df5a955b8d847481dea0e9fc05b81/analysis/1379057265/
https://www.virustotal.com/en/file/5dfc09481096baa9b98456a083bb0edbfa7669406eadf6e990d0acd4e5206276/analysis/
https://www.virustotal.com/en/file/e1e5c948bbd2e22377ca737dc660de3d066ae74c8bba26a48bb65d9a9e13716e/analysis/
https://www.virustotal.com/en/file/52dca261eecc268808400da9e5e1c601d51b08a8e6d3e0b34902b029c9e95bea/analysis/
 
  • Like
Reactions: Malware1

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
Amiga500 said:
We know nothing about the so-called "developer" and he may simply be a charlatan taking everyone for a ride.

Thanks.

Well I am here, so ask whatever you want, so you can know me better ;)

I am not a charlatan, I'm just a simple helper, assisting people cleaning their machines, just like our friends Fiery and Kuttus :)
 

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
icepurity8 said:
i would like to know the difference between this program & usb disk security?

Of course that MCShield is much, much better product, but, let's prove it...

I took an infected USB and scanned it with both MCShield and USB Disk Security, and let's see the results...

gzjb.png


Following are the results from MCShield

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 2.7.4.23 / DB: 2013.9.8.1 / Windows 7 <<<


9/14/2013 9:23:07 AM > Drive H: - scan started (no label ~1913 MB, FAT32 flash drive )...



---> Executing generic S&D routine... Searching for files hidden by malware...


---> Items to process: 1

---> H:\SAMSUNG_USB_Driver_for_Mobile_Phones_v1_3_2300_0.exe > unhidden.



>>> H:\SAMSUNG_USB_Driver_for_Mobile_Phones_v1_3_2300_0.lnk - Malware > Deleted. (13.09.14. 09.23 SAMSUNG_USB_Driver_for_Mobile_Phones_v1_3_2300_0.lnk.893109; MD5: cbace5ee27fb8ccc671146e496134d32)

>>> H:\zdlgyuuxzz.vbs - Malware > Deleted. (13.09.14. 09.23 zdlgyuuxzz.vbs.528358; MD5: d16cfa4e700b47f0a129430514dcf4c4)

>>> H:\New folder.lnk - Malware > Deleted. (13.09.14. 09.23 New folder.lnk.839254; MD5: a30fab2dbb6d150e842db6bcf35cd37c)

>>> H:\18-ti.lnk - Malware > Deleted. (13.09.14. 09.23 18-ti.lnk.624676; MD5: b0a6ad920275ed7783c501fc3503f7ec)

>>> H:\slike.lnk - Malware > Deleted. (13.09.14. 09.23 slike.lnk.94840; MD5: 8dca1c2f780cb48167f4a0a2cd8c5169)

> Resetting attributes: H:\New folder < Successful.

> Resetting attributes: H:\18-ti < Successful.

> Resetting attributes: H:\slike < Successful.


=> Malicious files : 5/5 deleted.
=> Hidden folders : 3/3 unhidden.
=> Hidden files : 1/1 unhidden.

____________________________________________

::::: Scan duration: 2sec ::::::::::::::::::
____________________________________________


As you can see MCShield not only removed malware, but as well as repaired all damage that is done, that includes unhiding, and removing fake .lnk files, and all that without False Positive detection.


That's one reason, second reason is that MCShield is completely freeware, without ads and hidden toolbars, and at the other side, USB Disk Securite is shareware app, that installed annoying ads and toolbars.

I tested it on this pretty simple malware, what about Gamarue? USB Disk Security doesn't stand a chance...

I already wrote about MCShield capatibilites, so do check a whole thread for answers ;)
 
  • Like
Reactions: Malware1

icepurity8

New Member
Sep 13, 2013
4
Oh :eek:, interesting.

Is there a chance you can totally whitelist autorun.inf?

I know this was very dangerous in the past as malware would use it to spread. Microsoft Updates had patches that fixed it in Win XP. It was also confirmed that it was disabled in all Win7 as a precaution in every edition.

Autorun.inf can be used to set labels over 11 characters on FAT32 file system, which I find interesting.

I don't want it to kept getting deleted / always whitelist a new one as the md5 always changes with every new version.
 
  • Like
Reactions: Malware1

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
If you think that autorun.inf that was renamed or deleted was actually legit, you can whitelist it, by using it's md5. But it's rare case...
 

icepurity8

New Member
Sep 13, 2013
4
Okay thanks :).

I downloaded PortableApps platform & it originally came with autorun.inf file, but VirusTotal came out 1/47 so, I decided to create my own autorun.inf just in case.
 

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
:D

FP is false positive detection, it is shortly said, detection of legitimate file.

If you come across FP, do let me know...
 
  • Like
Reactions: Malware1

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
v 2.8 online :)
 
 
 
v 2.8.3.24: 26th October 2013.
 
- fixed a false detection of a specific folder on flash drives used on Win8.1;
- several other code adjustments for better compatibility with Win8.1;
- added Vietnamese language (thanks to translator Võ Hồng Xuân);
- added Blazilian Portuguese language (thanks to translator Dankar).
 
 
Download --> http://mcshield.net/downloads.html
 
  • Like
Reactions: Malware1

AyeAyeCaptain

Level 1
Feb 24, 2011
585
Just downloaded and installed now, thanks "TwinHeadEagle" (and the rest of the guys who work on it) for your time you spend in order to make a product to keep users just that little bit safer :)
 

Amiga500

Level 12
Verified
Jan 27, 2013
661
Is it not the job of the resident av to scan usb etc so why on earth would i wish to add another program with another running process to perform exactly the same function.?

No thanks.
 

Gnosis

Level 5
Apr 26, 2011
2,779
Anti-malware: straight outa Compton, or straight out the trailer?

All jokes aside; I have never heard of it but am going to look into it.
 
  • Like
Reactions: Malware1

nishaddesilva

Level 3
Aug 26, 2012
257
TwinHeadedEagle said:
v 2.8 online :)
 
 
 
v 2.8.3.24: 26th October 2013.
 
- fixed a false detection of a specific folder on flash drives used on Win8.1;
- several other code adjustments for better compatibility with Win8.1;
- added Vietnamese language (thanks to translator Võ Hồng Xuân);
- added Blazilian Portuguese language (thanks to translator Dankar).
 
 
Download --> http://mcshield.net/downloads.html

Really nice and simple program. Testing it at the moment. Try to add a floating window to "Safely remove device" like Baidu Antivirus 4 has. :D Keep up the good work.

EDIT: MC Shield detected my Windows 8.1 USB drive as malware. Maybe because it changed the icon of the drive. Please fix that.
 
  • Like
Reactions: Malware1

TwinHeadedEagle

Level 41
Thread author
Verified
Mar 8, 2013
22,627
MCShield got a major update :)

v 3.0 is online :)

New website released along with new version.

We released one more tool, that can be used to remove typical vbs/vbe worms from your computer. Combining MCShield + Anti-VBS/VBE you are able to remove this type of worm from USB and your PC.

Changelog:

Code:
v3.0.3.26 v3 final: 25th January 2014.

- completely redesigned user interface with additional features;
- new tab in Control Center: "Status" used to
- - view & change main functions;
- - view system information & main settings;
- new tab in Control Center: "Logs" for easy logfile access and manipulation;
- new tab in Control Center: "MCS Cloud" providing stats and latest news;
- new option "Add Scan with MCShield to drives' menu" in Control Center > General:
- - possibility to start on demand scans via right click menu;
- new option "Visual style" in Control Center > General:
- - possibility to select one of four visual styles;
- new option "Don't scan autorun.inf" in Control Center > Scanner:
- - possibility to completely disable AntiAutorun (processing of autorun files);
- additional heuristics (AntiRep4) for another family of replicating worms (CryptoLocker and similar);
- additional heuristics (AntiScript) for all types of vbscript based worms:
- - on the fly decryption, code format & contents analysis;
- - support for extremely large malicious files;
- improved detection (FME) of worms mimicking legitimate files;
- improved detection (AntiRep3) of several replicating worms;
- added Simplified Chinese language (thanks to translator Anan);
- added Swedish language;
- updated all languages for v3 (except Brasilian Portuguese);
- fixed an issue that caused the MD5 not to be shown for suspicious files in interactive mode;
- improved program initialization time by removing obsolete on-start routines;
- digitally signed all executable components:
- - improving compatibility and ease of use alongside other security software;
- - giving users the possibility to verify the origin and authenticity of the software;
- various other improvements (code stability, graphics, program logic...).



Download MCShield --> www.mcshield.net

Download Anti-VBS/VBE --> http://www.mcshield.net/download/tools/Anti-VBSVBE/
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top