Author Topic: MCShield (MCS)  (Read 14296 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81801
  • No support PMs thanks
Re: MCShield (MCS)
« Reply #30 on: April 05, 2019, 12:16:37 AM »
@ =Snake=
3:  the MD5 is a unique identifier for the file.  Even if the name was changed but nothing else, the MD5 would be the same. 

It may be possible to do a search on virustotal for that MD5 to see if it has been scanned before and what the results were.  I know it is possible to do a search on VT for a files SHA-256 unique identifier, I have done that before, but don't know about MD5 unique identifier.

Thanks for your declarations. I never used VT before.

You're welcome, it can be a helpful tool for confirmation, etc.

It shouldn't matter which machine is used if you are just searching out information on the MD5, if it has been scanned before (or not).  However if you are uploading a file, it would need to be on that system or transfer it to a USB stick which could be connected to any machine and uploaded.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3431
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #31 on: April 05, 2019, 09:28:47 AM »

You're welcome, it can be a helpful tool for confirmation, etc.

It shouldn't matter which machine is used if you are just searching out information on the MD5, if it has been scanned before (or not).  However if you are uploading a file, it would need to be on that system or transfer it to a USB stick which could be connected to any machine and uploaded.
Well, yesterday evening, I tried that link Pondus wrote with my main machine (W7). After ~2 hours without any result, I killed it.
How long will it last normally?
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.8.0[NS,ABP,AOS], TB 60.6.1, MCS, CC 5.60, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35971
Re: MCShield (MCS)
« Reply #32 on: April 05, 2019, 10:49:28 AM »

You're welcome, it can be a helpful tool for confirmation, etc.

It shouldn't matter which machine is used if you are just searching out information on the MD5, if it has been scanned before (or not).  However if you are uploading a file, it would need to be on that system or transfer it to a USB stick which could be connected to any machine and uploaded.
Well, yesterday evening, I tried that link Pondus wrote with my main machine (W7). After ~2 hours without any result, I killed it.
How long will it last normally?
The link i posted goes to the MD5 (you posted)  search result at VT and as you should see it say No matches

Meaning that file has never been uploaded and scanned at VT so you will not get any result
If you had the file (not deleted by MCShield) you could have uploaded and scanned it for a result




EKSAMPLE: Here is scan result taken from a random file from my work computer

https://www.virustotal.com/#/file/eda1b1390404f14443e46a1c399f037f159ef6256ddd0ba17718729d12dc8d60/detection

at top you see SHA-256 / analysis date ... and below the scan result Clean
If you click the detail tab you also find MD5 and SHA-1 
When it was first seen at VT and last scan / who made it if signed .....


EKSAMPLE: with malicious file
Here is a writeup written by TrendMicro about a malicious file(s), at the bottom they list the samples SHA-256 hash.

https://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-iot-malware-updated-with-mining-and-backdoor-commands-targets-wemo-devices/

I dont have this file so cant upload and scan it, but i copy the fist sample hash listed, goes to www.virustotal.com  click the search tab, paste in the hash and search and voila i can see the detction result ... meaning this file has been uploaded and scanned at VT, clicking the details tab show that is was first uploaded  First Submission   2019-03-23 18:39:19

https://www.virustotal.com/#/file/81cbb253ef6ad4803e3918883eed3ec6306ef12e7933c5723bd720d55d13a46a/detection




« Last Edit: April 05, 2019, 10:57:46 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3431
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #33 on: April 05, 2019, 11:42:39 AM »

You're welcome, it can be a helpful tool for confirmation, etc.

It shouldn't matter which machine is used if you are just searching out information on the MD5, if it has been scanned before (or not).  However if you are uploading a file, it would need to be on that system or transfer it to a USB stick which could be connected to any machine and uploaded.
Well, yesterday evening, I tried that link Pondus wrote with my main machine (W7). After ~2 hours without any result, I killed it.
How long will it last normally?
1. The link i posted goes to the MD5 (you posted)  search result at VT and as you should see it say No matches
2. Meaning that file has never been uploaded and scanned at VT so you will not get any result
If you had the file (not deleted by MCShield) you could have uploaded and scanned it for a result
As I try to get all that stuff into my old head, I parted your answer into smaller ones. Let me correct
1: After about 2 hours running VT without any result (it said nothing at all, so I killed it!!!), should I have
    waited longer?
2: My meaning was, that the stick was empty and I still don't know, what MCS has done!  ???
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.8.0[NS,ABP,AOS], TB 60.6.1, MCS, CC 5.60, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35971
Re: MCShield (MCS)
« Reply #34 on: April 05, 2019, 11:50:52 AM »
Quote
1: After about 2 hours running VT without any result (it said nothing at all, so I killed it!!!), should I have waited longer?
NO, file has not been uploaded to VT so my link will not show a result


Quote
2: My meaning was, that the stick was empty and I still don't know, what MCS has done!
Correct, since we dont have the file we will never know what and why


If you want to find out how to use virustotal?
go to youtube and search "how to use virustotal"  and you should find several videos





Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3431
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #35 on: April 05, 2019, 12:05:11 PM »
Quote
1: After about 2 hours running VT without any result (it said nothing at all, so I killed it!!!), should I have waited longer?
NO, file has not been uploaded to VT so my link will not show a result

Quote
2: My meaning was, that the stick was empty and I still don't know, what MCS has done!
Correct, since we dont have the file we will never know what and why

If you want to find out how to use virustotal?
go to youtube and search "how to use virustotal"  and you should find several videos
Hey, now I know a bit more about VT and will get more later. Thanks a lot, Pondus.
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.8.0[NS,ABP,AOS], TB 60.6.1, MCS, CC 5.60, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4232
    • Ambulanta MyCity Forum - ASAP Member
Re: MCShield (MCS)
« Reply #36 on: June 02, 2019, 09:35:42 PM »
Hello,

MCShield may still be competent software and thanks to his auto-routines and behavior MCShield should catch most of the new and old USB related malware.

But yes, unfortunately, MCShield isn't been updated for years. MCS's authors have simple move alone with there private lives. MCShield is now "as-is".

If any FP does occur (and it is likely possible nowadays), users should be able to de-Quarantine and whitelist any files they want from the settings.
« Last Edit: June 02, 2019, 09:45:33 PM by magna86 »

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6016
  • When you think you know, Think Again
Re: MCShield (MCS)
« Reply #37 on: June 02, 2019, 11:06:07 PM »
Thanks for the info and the proggie. ;)
***HP ENVY 15K LT W10 Pro 1903 64Bit/750GB HD/16GB Ram/Avast Premier 19.7.2388 /VS 5.01(WC)/ASB/Mbam 4/Secureline b. 5.4/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 1903 64Bit/1TB HD/8GB Ram/Avast Premier BETA 19.7.2388 /VS 5.01(WC)/ASB beta/Secureline b 5.4/SANDBOXIE/Prey Project 
     
*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2000)18.8.2356/OSA/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
<LAYERED SECURITY SOFTWARE PROTECTION ALL>

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41291
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: MCShield (MCS)
« Reply #38 on: June 03, 2019, 12:35:37 AM »
I've removed it from my systems and my recommended programs list.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pako7

  • Sr. Member
  • ****
  • Posts: 311
  • 9 years with Avast and i still recommend it
Re: MCShield (MCS)
« Reply #39 on: June 06, 2019, 05:22:46 PM »
I've removed it from my systems and my recommended programs list.
Heyy nob3160 why did you remove it?? care to share?
Best Regard
Pako7

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81801
  • No support PMs thanks
Re: MCShield (MCS)
« Reply #40 on: June 06, 2019, 06:40:55 PM »
I've removed it from my systems and my recommended programs list.
Hey bob3160 why did you remove it?? care to share?

I would guess this would be clear, based on what has been said in the topic.

1.  No longer updated
2.  Possible FPs potentially based on the lack of updates.

Based on that the actual user would need to be competent to determine if what is detected is correct or an FP.  My guess, when you are recommending programs you have to have confidence that it isn't going to have a possible adverse effect. 

Whilst Bob is capable to make those decisions for himself, but he can't say that for others who might use it based on his recommendation.
« Last Edit: June 06, 2019, 06:43:58 PM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.494)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41291
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: MCShield (MCS)
« Reply #41 on: June 06, 2019, 11:45:19 PM »
I've removed it from my systems and my recommended programs list.
David hit the nail on the head.
I follow up my Avast sponsored Presentations with tips, recommendations and quite a few free programs.
When a program becomes outdated and is no longer supported, it isn't something I can recommend to people
that in most instances know a whole lot less than I.
They do depend on my recommendations to be something they can depend on.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4232
    • Ambulanta MyCity Forum - ASAP Member
Re: MCShield (MCS)
« Reply #42 on: June 07, 2019, 12:53:31 PM »
Although I do agree with the written above, I just want to point out that if the user has infected USB memory and AV or AM software can't help,
users can freely install MCShield to detect and remove USB related malware.

As I was sad before, MCShield has never been software to relay on his database per se. In early alpha testing, the idea was for MCShield be protable tool with no definition or settings, modern interface, etc. Just a run tool with his heur/engine power and log report. Then the real-time protection was added and this is MCShield we know today.

When I sad FP, in most cases it should be autorun.inf related to no real FP or damaging the legit files or programs. Mark is on should.



But MCShield isn't updated for years and probably will not be in the future so ...yea. Unfortunately.
« Last Edit: June 07, 2019, 12:56:04 PM by magna86 »

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3431
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #43 on: June 08, 2019, 02:02:49 PM »
I'm running MCS everytime while using USB on all my os.
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.8.0[NS,ABP,AOS], TB 60.6.1, MCS, CC 5.60, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41291
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: MCShield (MCS)
« Reply #44 on: June 08, 2019, 02:41:40 PM »
I'm running MCS everytime while using USB on all my os.
Your computer, your choice. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq