Hi all,
People, you mustn't not mix tool with the software and because of favoritism to little confuse people.
Shouldn't be exaggerated and laud some software without giving any explanation. You all mising some big point here.
Btw, it isn't
McShield but
MCShield alias for
My
City (forum)
Shield.
Like I've sad, you are mixing the two different things: USBFix and MCShield are not the same and probably never will be ! !
USBFix is a portable (executive) tool. MCShield is a installation program. If just a someone was run both tool (run USBFix and install MCShield) it would understood the difference as a fact.
Btw, do NOT get me wrong, USBFix is a valid and usefull tool, yes. I have been used this more than 'few' times for advanced diagnostics, testing...etc
USBFix is not a stranger to me. Congratulations to competition, it's nice to have this kind of software as alternative.
But let's reconcile with the fact:
USBFix is mainly for trained eye only. Only someone who knows what he's doing can use USBFix.
You can not expect e.g. my sister to use USBFix. She doesn't even know that she have MCShield installed on computers (who does everything in auto mod without knowing that something is preformd), not to mention of using USBFix.
While USBFix is for trained eyes, MCShield is noob ready + has RTM (real-time monitor) module. Again, for note, do not let yourself be underestimated MCShield develop and years of experience.
Authors of MCS program are two men who were among the first people in
ASAP Alliance, later emerged and UNITE alliance. MCShield is successor of former USBNoRisk, once great (and only of his kind at that time) diagnostic tool as it is today USBFix.
At that time USBNoR. was the only tool of this type, but only for trained eyes.
When there was USBNoR. tool, it did not exist USBFix nor any other similar tool. Then, the authors decided to write a better program that anyone can use (for noob and IT users),
not to stay only at advanced diagnostic tool level that would be limited only for IT sector.
Let's return to USBFix and MCShield era. As a fix tool (USBFix) have a purpose to preform system diagnostics and target known malware or to script that.
Active softwer (MCShield's RTM) have the effect of real-time provide protection and prevent infection of any USB based malware as a portable (USB) device to your PC.
In addition, MCS shall remove all malware from USB device, without exception. With MCShield all your USB devices will stay clean. MCS's official description:
" MCShield is an antimalware program designed to prevent infections transmitted via removable drives. "We believe that cleaning malware from the computer itself should be left for AV/AM program or some other tool. MCShield as a program should not interfere in AM/AV's malware cleaning process. MCS does not seek malware on the host system. Not designed for it and that isn't MCS's job. His job is clearly stated in the description. To make shure USB devices are clean.
What MCS does on system is searching for the root partition and mointpoint2 reg keys (I think that I haven't forgotten something).
As for the VBS/VBE script worms, for these reasons, we have these standalone tool named Anti-vbs/vbe tool.
http://www.mcshield.net/download/tools/Anti-VBSVBE/It should be stated that this type of worm is not complicated to remove from the system. It can be done with the simple batch file. All you have to do is to kill 'wscript.exe' process BC that is what it holds the worms.
When process is killed, you can delete the malware, whichever way you want, even manually. As for removing the infection from USB device, it can be done with FRST and CMD:' utility without using MCShield program or USBFix tool.
For this reason, I stated the following !
If host mashine is malware free (again, this is job for some AV/AM program), and if AV program does not interfere in the MCS's work,
I guarantee that MCShield shall clean all malware from all USB devices using the powerful combination of different heuristics engine for detections USB based malware.
MCS prevents infection from some file infector transferred via USB (like Sality) as well as other dangerous worms like Conficker, Stuxnet, Flame, Crypt known and unknown...
With heuristics of: AntiAutorun, AntiScript, AntiLNK, pair of AntiMimics routines, three AntiReplicator routines, AntiRimecud, known bad file/folder names check, AntiEsfury (stands for folder name heur. few similar routines), AntiCryptoLocker (USB based), hashes, general/blended file heuristics (files are checked in 6 ways), CheckFileSignatures ...etc, I feel comfortable to say: I guarantee that MCShield will keep you USB drives clean.
--- --- --- --- --- --- ---
To comment above posted posts
@SosVirus (El Desaparecido)
Hello and welcome to avast!.
For some time I follow your work. USBFix is great tool, good job.
I'm not authorized to answer private message on this forum..
You can do that with 20 post, not before. Forum rules.
@g3nvery better than McShield which forces you to script behind because it doesn't delete all the infection
Stating this fact at least you should explain to people how this malware works, not to get far confusion. Such publicly claiming this is a serious accusation.
So
@all, allow me to clarify this in the simplest possible terms:
These script worms has the job to seek any posible USB attached device and to copy his malware file on USB device in attempt for future spreading or re-infections and vice versa.
*This means:
- If USB device is infected and host system if clean, malware from USB shall load malware o host system.
- If USB device is clean and host system is infected, malware from host shall load malware setting and files on USB device.
Result: If you attempt to clean USB device while host system is infected, re-infections occur. If you attempt to clean host system while attached USB device is infected, re-infections occur.
Let's go further ... If MCShield attempt to preform his job (to clean malware from USB) he will do that. MCS shall targets this malware family using more than one routines. But if host system is infected
(precisely, if AV/AM program does not do his part of job as they should) it turns out that MCShield doesn't complete disinfection, but it does. The trick is, if malware is still alive and loaded on host, re-infections on USB will occur. MCShield shall target the infection again . . re-infection . . and loop may occour.
It is not true that MCS does not do his job, it's actually the other way around. MCShield does his job as it should but some other program doesn't do the job from his side.