I apology for not having replied earlier, I just saw this thread.
First, I would like to introduce myself. I am member of MC AMF Tim, (Malware Removal Tim from MyCity/Ambulanta forum). I am also member of development and beta team of MCShield program. And yes, I also participate as a malware removal helper on the avast! forum.
Let's start with the name, shall we?
'MC' in the name stands as alias for 'MyCity forum' (my home forum). The result is MCShield (not McShield). Our intention was never to confuse people and make them believe that MCS has something with McAfee.
...and that it works well in tandum with Avast.
[ ... ]
However I would appreciate a response from you guys as to whether this is actually a good bit of kit (maybe even a new startup venture?) or whether it is just more malware advertising itself as something it is not.
Starting from v3, MCShield has digitally signed all executable components. Therefore, there is no need to talk abaut is MCShield valid or not. MCS does not have any driver component therefore MCS can not cause a BSOD, nor conflicts with other security software. MCS is here as additional security software, as help to AV, or it can be used as malware removal tool.
Avast scans USB devices on attachment by default, so it would seem that MCShield is duplicating what Avast already does. Whether MCShield is more effective I can't say as I haven't done any comparative testing.
This is a quote from one of the MCS's authors, dr_Bora.
Important thing to note is that MCShield's heuristics are not what you're used to see in an average antivirus. When I say heuristics, I do not talk about detections based on compilers, exe compressors, partial signatures, etc. like in the case of an AV, but I'm talking about recognizing "static behavior" (basically, what the files and the folders on a flash drive "look like"). So, the program tries to recognize malware by analyzing the file system; files and folders - their characteristics and relations to other files and folders on the drive. These analyses are based on algorithms designed to be "triggered" by a "behavior" (what they do on a flash drive in the process of infection) of different worm families using various methods to initiate the infection (autorun functionality, exploits or simply tricks to make the user to run malware).
2nd layer protection for USB drives: MCShield
In other words, to clarify:
If user has configured so, Antivirus will scan USB device for malware executable files, Yes, but AV will scan USB relying on their definition. So, only if AV known for certain file and detects as malware, or part of the malware, it will attempt the removal process. Malware is constantly being improved, malware intentions is to stay undetected by AV (that's the malware's job, right?) and to install & load itself on the user's computer. This causes the spreading and load of malware to hosts system as well and thus results as difficult removal.
Unfortunately, the real picture is that a lot of malware passes through the active protection module that AV provides and as proof you have full rooms with issue in malware removal forums.
MCS is free and specialized USB Anti-Malware program created by Malware Removal Experts. MCS's generic scanner will scan, verify and block any USB based malware that uses known vector attack. While average AV waits for for sample, or waits for definition, MCShield has the power to detect and remove all known and most (if not all) world-wide, still undiscovered and unknown (USB based) malware.
If host mashine is malware free (and this job for AV), MCS shall clean all your USB devices from any form of malware.
Moreover, when I say "USB based malware" I do not think of autorun.inf (which again by itself is just a trigger for real malicius executive file) you all need to know this:
Autorun/autoplay is just one of the old ways the infection can be started. There are many other, newer methods of spreading malware from USB to a Host system and modern malware indeed exploits all new vector attack.
MCS covers all that ...
Therefore, currently MCShield has the following auto-routines:
AntiAutorun, AntiScript, AntiLNK, pair of AntiMimics routines, three AntiReplicator routines, AntiRimecud, known bad file/folder names check, AntiEsfury (stands for folder name heur. few similar routines), AntiCryptoLocker (USB based), hashes, general/blended file heuristics (files are checked in 6 ways), CheckFileSignatures ...etc
If you have a addition question, please post. Any feedback is good feedback. ;)
Edited by magna86, 26 February 2014 - 09:47 PM.