Would you go for MCShield?
Seems very good (in performance and protection).
What do you think?
amf.mycity.rs/mcshield
http://amf.mycity.rs/mcshield/Doc/MCShield_Help_EN.pdf
Oh, it runs side-by-side with avast!
Completely freeware.
Sorry but why use and add on when you can have avast check your USB drive.2nd layer, heuristic and proactive analysis.
If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???Sorry but why use and add on when you can have avast check your USB drive.2nd layer, heuristic and proactive analysis.
If it starts out clean and everything you add is clean, why do you need a second layer or the rest ???If you need (have to) to use other USB sticks in your computer you'll know it...
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0
AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
Wsshell.run(Path + "malicious_file.EXE")
as i understand Panda vaccine will only stop the autorun ....not detect the infection ?
This tool doesn't want to work for me. After the installation I got the Windows pop-up saying that the scanner stopped and would be closed. I disabled scanning removable media and hard drives on the programs start and rebooted. After that the program started well but as soon as I insert a USB-stick I again got the pop-up that the scanner stopped and would be closed.
This tool doesn't want to work for me. After the installation I got the Windows pop-up saying that the scanner stopped and would be closed. I disabled scanning removable media and hard drives on the programs start and rebooted. After that the program started well but as soon as I insert a USB-stick I again got the pop-up that the scanner stopped and would be closed.
Hm...I'll will contact developers.
Start -> All Programs -> MCShield -> Logs
Please attach here:
AllScans.txt
Summary.txt
Just thought I'd say, I use USB alot with shared Flash Drives as this is how I monitor various aspects of my buisness.You're welcome.
Anyway, I read the pdf file supplied, liked what I read and downloaded/install MCShield.
I think it is compac, and find it a very nice tool. Will use it now ;)
One of the small interesting side benefits of staying in touch with whats going on here on the forum. 8) I've mentioned before, I like to read most everything :P
Nice little didi Tech :D
@ Tech,:)
You've also convinced me. Better safe than sorry. :)
Just to be sure. Is this the page to downoad MCShield ?It's where I got it from. :)
http://amf.mycity.rs/mcshield/downloads.html (http://amf.mycity.rs/mcshield/downloads.html)
Because all my Googling sent me to some feature McAfee has also called MCShield.
It's where I got it from. :)
Tech's original post gave you the clue:
amf.mycity.rs/mcshield
Yeah, MCShield is NOT from McAfee. 8)
Well, I do not read Serbian either :-[Neither do I. :)
@George YvesI've just installed it on a computer with WinXP and Avast Free without any third-party anti-spyware. Everything is OK. I'll try to install it again at my home notebook with Vista SP2, Avast Free and SpywareTerminator 2012. I'll do it just to send you the logs.
Hm ... Okay. :-\
Interesting crashes you have received, so your logreports would be very interesting.
Not so much an interesting effect,I find it interesting because it was totally unexpected. It means that MCShield's quarantine folder occurs not to be safe for keeping removed malware.
It means that MCShield's quarantine folder occurs not to be safe for keeping removed malware.What do you mean? Can the malware be automatically executed when moved into the quarantine?
I'll try to install it again at my home notebook with Vista SP2, Avast Free and SpywareTerminator 2012. I'll do it just to send you the logs.Thank you very much for that. ;)
mcshield.support[at]gmail.com
PS: McShield.exe is McAfee related. :)???
http://amf.mycity.rs/mcshield/about.html
Where are you seeing evidence for this affirmation?
When an anti-malware program moves something into its quarantine folder, I expect that no other anti-malware program will find them dangerous. But as I have said above, Avast detected files in MCShield's quarantine as threats and moved them into its own chest. So, if Avast found already quarantined items as threats, I supposed that MCShield's quarantine folder is not safe.It means that MCShield's quarantine folder occurs not to be safe for keeping removed malware.What do you mean? Can the malware be automatically executed when moved into the quarantine?
Hm...I'll will contact developers.Well, I didn't find the logs in the program's folder. Maybe it's because I have Vista SP2, not XP. I found them in C:\ProgramData\MCShield. The files were empty: there were only their names inside them - >>> MCShield AllScans.txt <<< and >>> MCShield Summary.txt <<<.
Start -> All Programs -> MCShield -> Logs
Please attach here:
AllScans.txt
Summary.txt
I just created a bootable USB drive and forgot to take it out of the computer.
When I rebooted, MCShield changed some of the files to make booting impossible......
(not a good moove. :( )
MCShield changed some of the filesDo you have details? I'll drop my recommendation if it is changing files... It shouldn't. It should be only a heuristic scanner.
@bob3160: normally, a flash drive is a storage media and if used that way, false detections should not occur, but there's a number of legit programs (example: Lupo Pen Suite and similar, bootable drives, memory cards used in some devices) that use either different autorun methods or exhibit certain behavior that can often be seen on infected drives.To prevent these FPs, MCS has a whitelist containing hashes of a number of known legitimate files that need to be protected from detection. Unfortunately, I'm the only one that maintains this database and I definitely have no way of knowing about every possible program that would need to be protected from detections.Obviously, false positives must happen from time to time and they are fixed when users report them to me.So, if you show me the logfile of that scan, the files are going to be whitelisted and the detections will not reoccur (I need the log because it contains the MD5s of the files).Thanks for the prompt reply and welcome to the forum dr_bora,
So, unless you go there and start clicking on files you know to be malicious, you won't have any problems.That is the problem. According to a famous Russian writer Anton Chekhov, "If in the first act you have hung a pistol on the wall, then in the following one it could be fired."
Will this work with Windows 8?I'm running Windows 8 so you be the judge. ;)
@bob3160, sorry for the late reply, I was away.They are a part of the original .iso dowload from Microsoft.
The file in the log, setup.exe, is whitelisted in DB 2012.8.31 and won't be detected anymore.
Regarding those folders... They are not from the same scan as the Setup program. Unless you're 100% sure that those are of legitimate origin, just leave them quarantined.
MCShield in action for me for the first time:Exactly what happened to me and made my bootable USB un-bootable.
>>> MCShield v 2.1.4.13 / DB: 2012.8.31.1 <<<
01/09/2012 14:49:04 > Drive H: - scan started (~3817 MB, FAT32 flash drive )...
>>> H:\autorun.inf > Suspicious > Renamed.
>>> H:\SecureII\Windows\SecureII.exe - Suspicious > Renamed. (MD5: a56e7680a6d2940dafa668585a89d5a2)
=> Suspicious files : 2/2 renamed.
____________________________________________
::::: Scan duration: 20s :::::::::::::::::::
____________________________________________
But seems a false positive:
https://www.virustotal.com/file/f1850adf458d0610ad84d6eab622ed49aea2f597375465c088784f0d46727722/analysis/ (https://www.virustotal.com/file/f1850adf458d0610ad84d6eab622ed49aea2f597375465c088784f0d46727722/analysis/)
By the way, the light on the usb stick becomes RED when this happen :)
Is it a coincidence?
For sure it would be better to configure it to "ask" and not to automatically take actions.
From Plug and Play and then Pray to Plug and Play in a Better and more Secure Way...
The only software that is specific for USB, but has to come installed there or on the PC is called MX One Antivirus, it is a Mexican freeware and runs neatly alongside your resident av solution. I did missed the comparison of these two products in this thread. Maybe someone can comment?I tried to install this program. First of all, I want to note that I could not download it from the manufacturer. After clicking on the download button I was redirected to another site that has been blocked by Bitdefender Traffic Lights extension in my Firefox as a site with malicious content. Well, I opened Google Search and found http://mx-one-antivirus.en.malavida.com/ where I downloaded not the installation file but a small program that in its turn downloaded the installation file right on my desctop. After that I started the installation process during which Avast's Autosandbox asked me several times if I want to start every component sandboxed.
<snip> (True Indian managed to do it..... :D :D :D )
There is one more thing to know. There is no perfect softwere. ;D
Unfortunately for me it turned my bootable USB into an unbootable USB.as we do with avast .....also send the info to MCShield support so they can fix the issue
I've removed it some time ago. I needed protection from the bad guys.
I didn't expect the good guys to attack my bootable USB. :(
I did that in the beginning of this topic. :)Unfortunately for me it turned my bootable USB into an unbootable USB.as we do with avast .....also send the info to MCShield support so they can fix the issue
I've removed it some time ago. I needed protection from the bad guys.
I didn't expect the good guys to attack my bootable USB. :(
Hi adotd,
As with all solutions that have to prove themselves, we will keep a scrutinous eye on this one. Might be it gives this second layer of additional protection others do not have, and that is a valuable asset. You know however going on full heuristics does also mean you are meant to meet the next false positive. So there always should be a mix of detection methods involved. Also what I miss is user interaction when some issue has been detected. At least a hash look-up or an indication of the malware type and subtype, so the user might explore what it is all about what is being flagged. There is a might of difference between finding up some packer heuristics for riskware and a highly dangerous file infector of some sort. But as the protection range of this av might be limited to the typical malware for your peripherals like usb sticks, that go under the normal av detection radar, this will make the evaluation of what is being found even more difficult,
polonus
Pondus, nej, inte riktigt.OK ...da er vi naboer ;)
I've moved to Sweden a few years ago from Serbia.
Tech, if detections are still present, I would appreciate MD5s of those files so I can add them to whitelist (I've whitelisted a few files in the last couple of days, could be that they are already fixed).Sorry, I've formated the disk in that occasion as I did not have time to deal with my friend's usb drive.
Is anybody else receiving this error of MCShield on Windows 8 (x64)?
Tech, when exactly this error occurs?Each boot.
Tech, it seems the database is damaged. Run an update and try to scan some drive.There is no update for me...
dr_bora,I've started the question. He is just helping me in the General Forum. I cannot see anything "illegal" on this.
You have your own website and forum. Instead of using avast's forum for advertising and troubleshooting your buggy program, why not use your own?
The first rule should always be "Do no Harm".Dr. Bora, I feel the same. User must be warned (at least it should have a setting for that).
Since this option was pre-checked, the internal hard drives are scanned immediately, as soon as the program runs for the first time.Hmmm... Maybe it should detect if it is a fixed drive or a removable one and not by the letter only...
My interest in testing MCShield was for its removable drive protection (to supplement an anti-virus program). I assume that's the case for most people trying it. So my first question is whether MCShield should even be considering internal hard drives at all? And secondly, why is the hard-drive option pre-selected by default [on the initial run of the program]? I can imagine a less-experienced user panicking when s/he sees some files "deleted" from their main hard drive... and in a worst-case scenario, finding out their system doesn't boot-up again.
Dr. Bora, I feel the same. User must be warned (at least it should have a setting for that).
Automatically quarantine and false positives is a bad user experience...
I didn't belittle simply listed my reasons for no longer using the product.well....there are some that have problems with avast also...
I praise things I like not things that give me problems.
Another important fact is that the authors of MCS program are malware removal experts who have been in this "business" long before me.+1 ..... yepp, thats why it is best to leave this to those who know this stuff best
From this facts, authors know how malware works, and how best to prevent the same from execution.
there's no time to ask about some things, they simply need to be done immediately and implementing any kind of "ask the user" option is not that easy.Well, I think we're talking about drivers and a service... aren't we?
Right now, the user could disable this and won't even know that MCShield have moved a file...there is a log ;)
Log? Will an user look for a log? It should be a visible warning...QuoteRight now, the user could disable this and won't even know that MCShield have moved a file...there is a log ;)
all programs > MCShield > log
Well, I think we're talking about drivers and a service... aren't we?
I now also run Windows8 64Bit and am considering the install on this OS.I'm using at W8 x64.
I now also run Windows8 64Bit and am considering the install on this OS.I'm using at W8 x64.
No, no misunderstandings. I'm just corroborating with your posts.I now also run Windows8 64Bit and am considering the install on this OS.I'm using at W8 x64.
Hi Tech:Ah yes. I was just wondering about the 'quarantine/warning' update referred too.
Maybe I misunderstood the posts. 8)
No, no misunderstandings. I'm just corroborating with your posts.I now also run Windows8 64Bit and am considering the install on this OS.I'm using at W8 x64.
Hi Tech:Ah yes. I was just wondering about the 'quarantine/warning' update referred too.
Maybe I misunderstood the posts. 8)
That's what I'm waiting for. :)No, no misunderstandings. I'm just corroborating with your posts.I now also run Windows8 64Bit and am considering the install on this OS.I'm using at W8 x64.
Hi Tech:Ah yes. I was just wondering about the 'quarantine/warning' update referred too.
Maybe I misunderstood the posts. 8)
No worries ;)
I'm understanding they are working on a 'fix/update' so as to address "no harm first" premise. :)
Just received an Auto Update of MCS to version 2.3.3.17:D
Is this the update talked about in Post #120 (Update in 1-3days)? ???
Thanks, 8)
Believe or not...
MCShield v 2.7.3.22:Already posted where all update notification are posted :)
(8th July 2013)
- improved detection/remediation of all variants of Win32.Gamarue;
- added heuristics for another family of worms (Dunihi.A and similar);
- added Turkish language (thanks to translator Mahsum ÅžEN);
- several changes in the log formatting and details.
If a person is using avast, what reason is there for using MCShield? I realize I am going to read something regarding layers but there can be problems with too many layers and overkill.if you browse this topic....
If I use only avast, am I protected or not?
I have better things to do.naaaa..... if you did you would not have 1454 posts here. ;D
If a person is using avast, what reason is there for using MCShield? I realize I am going to read something regarding layers but there can be problems with too many layers and overkill.
If I use only avast, am I protected or not?
[ ... ]
The reason I asked is because I don't want to read through 11 pages of information that may or may not give me the answer I am wanting. I have better things to do.
Hi,It isn't only free but it's also an excellent product that is constantly being improved.If a person is using avast, what reason is there for using MCShield? I realize I am going to read something regarding layers but there can be problems with too many layers and overkill.
If I use only avast, am I protected or not?
[ ... ]
The reason I asked is because I don't want to read through 11 pages of information that may or may not give me the answer I am wanting. I have better things to do.
MCShield isn't AntiVirus and it never will be.
Having that in mind + considering that I was talking about this recently + everything already has been discussed & explained here ... really don't have nothing to add.
If anyone bothered to read-through this topic just because it has better things to do, then I certainly have better things to do re-writing all over again what has already been discussed. + English is not my first language. MCS is freeware and no one's forcing you to use it if you don't want to.
Thank you Bob for your kind words. We do appreciate. ;) :D
Thank you Bob for your kind words. We do appreciate. ;) :DYou're welcome. You've earned them with your hard work.
Hi,That's some kind of attitude to have with someone who asked a simple question. As I stated before, I don't have the time to read through 11 pages. I just wanted a simple answer.If a person is using avast, what reason is there for using MCShield? I realize I am going to read something regarding layers but there can be problems with too many layers and overkill.
If I use only avast, am I protected or not?
[ ... ]
The reason I asked is because I don't want to read through 11 pages of information that may or may not give me the answer I am wanting. I have better things to do.
MCShield isn't AntiVirus and it never will be.
Having that in mind + considering that I was talking about this recently (me vs Aventador) + everything already has been discussed & explained here ... really don't have nothing to add. If anyone bothered to read-through this topic just because it has better things to do, then I certainly have better things to do than re-writing all over again what has already been discussed. + English is not my first language. MCS is freeware and no one's forcing you to use it if you don't want to.
If I use only avast, am I protected or not?if you only wanted an answer to this?....No security program have 100% detection, that is how safe you are
Your product is a great addition to the free version of avast! :)+1 Would be a great if avast would automatically scan whenever "any" removable media is inserted. 8)
Not bad to add to the paid versions of avast! either.
@Pondus, your posts have proven to be 100% useless to me. Thanks anyway though.of course, since you did not do as suggested. but if you dont have time.....you dont have time
Thanks for the info iroc, argus, and bob. These were the type of answers that I was looking for.
A very good product but it must run in real time.Thanks. :) But MCShield works in real time only when it detects a USB device. Rest of the time it's just waiting the next USB device ...
Immunizing your USB device is better and easier alternative without having another resident program running.I thought I was already explained to you what types of USB Immunizer based_like software actually doing and they just give you a false sense of security.
Thank you Bob for reporting this. :)You can't fix what you don't know.
P.S: :D
MCShield v 2.7.4.23: 15th July 2013.
- improved heuristics for better recognition of legitimate files.
Nothing special, who does not like a popup message when booting Windows :)
In general, the default settings are OK.
same setting as argus ... default...exept i also tic dont show initial notification, to avoid the pop-up when you turn on the computer
- completely redesigned user interface with additional features;
- new tab in Control Center: "Status" used to
- - view & change main functions;
- - view system information & main settings;
- new tab in Control Center: "Logs" for easy logfile access and manipulation;
- new tab in Control Center: "MCS Cloud" providing stats and latest news;
- new option "Add Scan with MCShield to drives' menu" in Control Center > General:
- - possibility to start on demand scans via right click menu;
- new option "Visual style" in Control Center > General:
- - possibility to select one of four visual styles;
- new option "Don't scan autorun.inf" in Control Center > Scanner:
- - possibility to completely disable AntiAutorun (processing of autorun files);
- additional heuristics (AntiRep4) for another family of replicating worms (CryptoLocker and similar);
- additional heuristics (AntiScript) for all types of vbscript based worms:
- - on the fly decryption, code format & contents analysis;
- - support for extremely large malicious files;
- improved detection (FME) of worms mimicking legitimate files;
- improved detection (AntiRep3) of several replicating worms;
- added Simplified Chinese language (thanks to translator Anan);
- added Swedish language;
- updated all languages for v3 (except Brasilian Portuguese);
- fixed an issue that caused the MD5 not to be shown for suspicious files in interactive mode;
- improved program initialization time by removing obsolete on-start routines;
- digitally signed all executable components:
- - improving compatibility and ease of use alongside other security software;
- - giving users the possibility to verify the origin and authenticity of the software;
- various other improvements (code stability, graphics, program logic...).
Thank you both for these kind words. ;)
@schmidthouse
I'm afraid I did not understand you the best. Can you tell me which OS you are using (Win8.1Pro 64Bit? ) and can you please post the ScreenShot of MCS-Control Center?
I see, thanks for SS.
Please just tell me the screen resolution so I can check what may be the problem.
I see, thanks for SS.
Please just tell me the screen resolution so I can check what may be the problem.
Hello.
The problem is related to DPI settings on the PC ("size of text and other items").
We're looking into the possibilities... It's not really the simplest one to fix.
Just tell me this: did you guys change the settings yourself or was it done by Windows?
v 3.0.4.27: 2nd February 2014.
- fixed an issue that caused the scanner to crash on certain locked files;
- updated Vietnamese language.
The quarantine and occasional detections that AVs make in there... Yes, I agree that this is not perfect and the other programmer and I discussed the encryption many times, but we never got to making it. You know, real life, jobs and stuff like that. Hopefully, we'll get to it one day.
Is the quarantine safe? Well, malware in that folder can't start by itself. So, unless you go there and start clicking on files you know to be malicious, you won't have any problems.
If MCshield detect any malware and quarantine it, avast detect that quarantine file and delite it.
As encryption havent add to program is there any other way to avoit this "conflict"?
Encryption is added to MCS's Quarantine. Are you sure you have the latest version installed?
Avast shouldn't touch MCS's Quarantine. If "Quarantine" conflict does exists (there is always a possibility for avast to detects malicious files in MCS's Quarantine based on his heuristics check), little can be done I think except to clear the MCS Quarantine folder as I do not see that as a problem. :)
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
>>> v 3.0.4.27 / DB: 2014.3.10.1 / Windows 7 <<<
12.3.2014. 17:05:17 > Drive F: - scan started (no label ~1960 MB, FAT flash drive )...
>>> F:\AVTORUN\Desktop.ini > ignored (user request). (MD5: f05d6580608901fa2aea2a1e711a8ff4)
> F:\AVTORUN
> F:\AVTORUN\Desktop.ini (MD5: f05d6580608901fa2aea2a1e711a8ff4)
> F:\AVTORUN\slovenec.exe (MD5: eb722f24b9affb0ecaf41cff09d0b241)
>>> F:\AVTORUN - Malware (folder) > Deleted. (14.03.12. 17.07 AVTORUN.45284)
> F:\ZNOJE
> F:\ZNOJE\Desktop.ini (MD5: f05d6580608901fa2aea2a1e711a8ff4)
> F:\ZNOJE\misejaja.exe (MD5: d6f30cf036932f1511c6a66e886a3868)
>>> F:\ZNOJE - Malware (folder) > Deleted. (14.03.12. 17.07 ZNOJE.314628)
> F:\NATASA
> F:\NATASA\Desktop.ini (MD5: f05d6580608901fa2aea2a1e711a8ff4)
> F:\NATASA\pazhin.exe (MD5: d5a130c139ebb1b133916823a065f3b5)
>>> F:\NATASA - Malware (folder) > Deleted. (14.03.12. 17.07 NATASA.118917)
>>> F:\xfl3hx.exe - Suspicious > Renamed. (MD5: 8b1fad2127a9920b4cf2cd6ff9306ce5)
=> Malicious files : 6/6 deleted.
=> Malicious folders : 3/3 deleted.
=> Suspicious files : 1/1 renamed.
____________________________________________
::::: Scan duration: 2min 15sec ::::::::::::
____________________________________________
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Wednesday, March 12, 2014 4:20:49 PM
*
12.3.2014. 17:07:22 C:\ProgramData\MCShield\Quarantine\14.03.12. 17.07 AVTORUN.45284\slovenec.exe|>[UPX] [L] Win32:MalOb-IJ [Cryp] (0)
File was successfully moved to chest...
12.3.2014. 17:07:28 C:\ProgramData\MCShield\Quarantine\14.03.12. 17.07 ZNOJE.314628\misejaja.exe [L] Win32:Evo-gen [Susp] (0)
File was successfully moved to chest...
12.3.2014. 17:07:29 C:\ProgramData\MCShield\Quarantine\14.03.12. 17.07 NATASA.118917\pazhin.exe|>[UPX] [L] Win32:MalOb-AI [Cryp] (0)
File was successfully moved to chest...
Encryption is not added to MCS. Have no idea where you get that information.Juuki believe me, I know. ;D
In my case i insert USB. MCS detected 4 malware, i delite 3 and 1 is ingored.I understand.
%ProgramData%\MCShield\Quarantine
By logs my guess are that MCS has attempt to set and pack the malicious files in his Quarantine but avast! has block that operation. avast! has the routine to scan all new detected USB devices. Conflict may arises when AV (in this case avast!) wants to be the first in scanning, thereby not allowing access to the disk. MCShield attempts to access to disk as well to preform scanning and glitch occurs.
I would recommend as solution to disable that routine to allow MCShield that part of job if you will. That should be the solution for your problem. Or . . set the MCS's Quarantine folder %path% as an exception in avast!. Quarantine is located in programdata folder.Code: [Select]%ProgramData%\MCShield\Quarantine
C:\ProgramData\MCShield\Quarantine\
selected R and W not X so if any file from quarantine folder try to execute it will be scanned by Avast.Anyway, I will preform some additional testing and report to dr_Bora.
Thank you for your feedback.
Also Avast dont scan new detected USB devices, thats why is needed this 2nd layer protection for USB devices. So there is no conflict between Avast and MCS.Not really true. avast! DOES scan any accessed file in the USB devices. Like MCS, it does not scan ALL the files in the USB drive.
@ magna86,
When will MCShield be available for Mac PC's? Thank you.
1)From what I understand MCShield operate on a real time scan whereas avast is on demand when it is regarding a removable drive. So if you choose to scan the removable drive after inserting it will it be the same as MCShield?No .... and MCShield only look for the type of malware that use removable drive to spread when plugged in
2) considering that autorun for windows have been change to autoplay for the user to decide what action to take does this mean that unless the user run the autorun program most threat would not be activated upon inserting?autorun is only one way these malware spread
3) if the removable drive have thousand of file wouldn't that means that it will take at least a few hours to complete scan?
MCShield is an active (preventive) anti-malware program designed to prevent infections transmitted through removable drives.Although I have not seen the actually USB mem-device with a real thousand files, but yes, scanning time may take a while in this case. But in most cases, MCS will verify the files in short. In this example, speed time may depends on disk (HDD) speed and actually speed of USB drive (removable drive) itself.
1) To be more precise, MCS is in idle and waiting for you to attach some USB removable drive and also triggers itself to all possible & known vectors attack that malware can exploit. avast! also monitors the USB device if it is set up in the settings.
The difference between AntiVirus and AntiMalware (MCS) programs is that AV scans are mainly signature based detection. MCS does not need to know is the file malware or not. MCS 'reads them', it reads the file and their executive behavior ...
To read more abaut signature & heuristic detection, you may read what I wrote here some time ago:
http://www.bleepingcomputer.com/forums/t/523938/mcshield-malware-remover-not-mcafee-is-it-safe/?p=3299985
2) USB worms based on autorun.inf file (autorun on XP's and autoplay on newer OS's) are not so common. This is one of the oldest known vectors attack and all AV programs does monitor autorun.inf file and corresponding file (again, only if AV know that file as malware). The ugly truth is different, today malware uses other vectors in order to bypass AV's detection and load itself in host system.
Not knocking the program at all, but it just seems like a waste if proper AV is already in place.if you read all the info in this topic ...especially from magna86 and Dr_bora you will see it is not
=> Malicious files : 23/23 deleted.
=> Hidden folders : 2/2 unhidden.
=> Hidden files : 30/30 unhidden.
Not knocking the program at all, but it just seems like a waste if proper AV is already in place.
Not knocking the program at all, but it just seems like a waste if proper AV is already in place.Nope, it can be quite useful.
Not knocking the program at all, but it just seems like a waste if proper AV is already in place.
Wrong. No single AV product is 100%. new threats are created every hour of every day.
If you are using USB sticks and portable drives you need the extra protection.
Autorun disabled. SAFE surfing goes a LONG way.safe surfing does not help if you insert a infected USB ..... and autorun is just one vector used by those critters
Not knocking the program at all, but it just seems like a waste if proper AV is already in place.
Wrong. No single AV product is 100%. new threats are created every hour of every day.
If you are using USB sticks and portable drives you need the extra protection.
Agreed no AV is 100% and layering a million products isn't 100% either. What extra protection? AV I have scans the drive as it's inserted. Autorun disabled. SAFE surfing goes a LONG way.
QuoteAutorun disabled. SAFE surfing goes a LONG way.safe surfing does not help if you insert a infected USB ..... and autorun is just one vector used by those critters
I understand. Good thing I don't share my drives with anyone.
all those with USB infected computers you find in viruses and worms forum section that came for help, did have AV installed
and if your AV does not have the detection for the latest threat you are infected.
Mcshield gives you a second chance.
I am amazed at how infected some computers can get these days. I don't know how people can screw up so bad.I'm doing this for very, very long time. And trust me, I can not fully figure how they do that. ;D
Hi BlackHawk1 :)
Frequently Asked Questions, here you should have all your answers in Documentation English pdf
http://www.mcshield.net/download.html
Well, there is difference between antivirus and antimalware programs. These are two different things.
Just compare the two probably most popular free products in the security world, Malwarebytes and avast! ...
MCShield is free (non-profit) antimalware program:
- MCS can NOT replace avast! nor any other antivirus.
- do not even try to compare them as they are not the same.
As already been told, AV programs are mainly signature based software. In world, this means that AV has to wait for signature in order to detect in this case the USB based malware or new malware. For this reason, there are various additional anti malware/tools that target either specific infections or come as addition to the primary AV program just as help. MCS is here to help the AV or some other AM program and MCS doesn't need a signature (btw, MCS does have his own database as well) but uses a pattern and varius detection behavior routines in order to detect even new USB based malware as a specialized tool only for this malware type.
That's where the main difference is! This is MCS's job.
For real advanced user, MCShield may not be necessary, but yet again, nor AV is required if IT admin-user know what he is doing.
You mentioned the MCS FP detection. Well, they are now rare but if some FP does occour it is autorun.inf related. Why?
Well, autorun isn't always malware by itself, it is just some form of txt file. autorun.inf is the trigger to the real malware executable file.
What, where and why . . it is explained in some previus dr_Bora's post.
Btw, there is no known 0day USB malware, it is again something ...else. But new and undetected, unknown USB malware does exists.
Btw2, autorun is today the old way (read: unpopular way) to triger/load the malware from USB to system and this exploit apply most on today old XP system, not on Vista and newer OS's, where USB based malware uses some different techniques.QuoteI am amazed at how infected some computers can get these days. I don't know how people can screw up so bad.I'm doing this for very, very long time. And trust me, I can not fully figure how they do that. ;D
... ... ... ...
You mentioned that you have KAV since 1996 and only one infection at that time. How do you know?
Modern malware has the job not to indicate its presence, to be executed without the knowledge of AV/AV and user, some even to delete itself after executing
in order not to leave traces ...etc. So you're now saying that you had no active (just one) malware during that time? Congratulations, but, how do you know and are you 100% shure? ;)
Do you have idea how much I examined the system where some AV's has green notify "you are protected, there is no threads" or simething like that but active malware is loaded on the system and preform his job, most users are unaware the presence of malware because they expect that they will feel some bag in system. No, they will probably not feel any bags or something that indicate the malware presence.
Hardware and core-system is far advanced and fast, user in 80% of cases are not aware that is infected BC the user sees his system in perfectly working state.
Unfortunately, many users ask for help for malware removal only when their AV flag some warning.
facts:
AV is must have, without AV, PC life would be difficult and impossible. But AV are not 100% almighty and sometimes AV need some addition help.
Cheers :)
Anyway the way I see it MCS is for those rare instances and for people who just love to load up on protection of all kinds and put the list of those in their signatures. :) Layered so much the computer looks like a Mummy. ;)it should be installed on evry computer on internet cafe / schools / photo shop ...... any place/computer that use lots of removabe storage devices
How many Word macro viruses do you see these days? HTML virus?Word macro not many....
Anyway the way I see it MCS is for those rare instances and for people who just love to load up on protection of all kinds and put the list of those in their signatures. Layered so much the computer looks like a Mummy.
...but as you know AV also has file reputation, heuristics/behavioral analysis as well.Yes, of course it does. And powerful ones ... But we are talking abaut worms with attempt to transmitted via removable drives.
Authors are done with look what I can write and have moved on to look how much $ I can reap malware.I agree, it is a long known fact. What is the purpose to make an effort just to get something destroyed (unless there is some hidden motive) if you can earn at the same.
Not showing presence... I disagree as most of it these days is quite obvious even when a persons AV misses it, it's there starring them in the face with popups, degraded system performance, fake warnings, etc.Not every malware show his presence. We're not talking about "popular" bad PUP software where user will get the warning abaut installation and changing the home page, and we are not talking abaut rogue/ransomware where this malware has the GUI. We are talking about the hardcoded malware. Eg. keylogers, 0access, TDL3/4, varius MBR based ...etc ...