Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McShield malware remover.. (not McAfee)... is it safe?


  • Please log in to reply
5 replies to this topic

#1 TheHappyOne

TheHappyOne

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 AM

Posted 11 February 2014 - 07:02 AM

Hi,

 

I use Avast but also Malwarebytes.

 

I read somewhere on the net that Avast quite like McShield malware remover (http://www.mcshield.net/) and that it works well in tandum with Avast.

 

However I would appreciate a response from you guys as to whether this is actually a good bit of kit (maybe even a new startup venture?) or whether it is just more malware advertising itself as something it is not.

 

Secondly, I am surprised it is using both a logo and name that looks similar to McAfee.

As I understand it there is a program within McAfee called McShield.exe and the http://www.mcshield.net/  download file is called McShield-setup.exe.  

 

So, I have not downloaded and installed it(even to try it out)  because I could see it maybe as a dubious program (there is no contact address) and maybe being difficult to distinguish between McAfee and McShield.

 

Their site is called http://www.mcshield.net/

 

I don't mind waiting a while for an accurate response, as I realise there may be lots of people suggesting that it is Malware and not to download, - but I would prefer to get your considered, professional opinion.

 

I could of course be completely wrong and it is a  good bit of kit.

 

Thanks

 

TH1


Edited by TheHappyOne, 11 February 2014 - 07:04 AM.


BC AdBot (Login to Remove)

 


m

#2 dls62

dls62

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Berkshire, UK
  • Local time:10:41 AM

Posted 11 February 2014 - 07:52 AM

Quote "MCShield is an antimalware program designed to prevent infections transmitted via removable drives. Lighter, smarter and faster than ever!"

 

Avast scans USB devices on attachment by default, so it would seem that MCShield is duplicating what Avast already does.  Whether MCShield is more effective I can't say as I haven't done any comparative testing.

 

It is interesting to note that a couple of contributors on the Avast forums who are advocating the use of this software are also listed as contributors to the development of MCShield.

 



#3 Will5200

Will5200

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:41 AM

Posted 11 February 2014 - 08:01 AM

Additionally, please feel free to review this WOT discussion, only two comments, and I suspect the first is from someone with an investment in this software:

 

https://www.mywot.com/en/scorecard/mcshield.net?utm_source=addon&utm_content=popup-donuts



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 11 February 2014 - 08:19 AM

MCShield Anti-Malware USB Tool is a lightweight scanner designed to prevent infections transmitted via removable drives (usb, external, camera cards). It's real-time protection is only real-time when you plug-in an external. MCShield should not be confused with mcshield.exe which is a process (module/driver) related to McAfee Anti-virus

* MSChield Documentation & Program Features

There is a lengthy discussion in this topic started by TwinHeadedEagle, a member of the MCShield developing team who sometimes visits our forums.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 magna86

magna86

  • Security Colleague
  • 178 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:41 AM

Posted 26 February 2014 - 09:39 PM

Hi all, :)
I apology for not having replied earlier, I just saw this thread. :(

First, I would like to introduce myself. I am member of MC AMF Tim, (Malware Removal Tim from MyCity/Ambulanta forum). I am also member of development and beta team of MCShield program. And yes, I also participate as a malware removal helper on the avast! forum.


Let's start with the name, shall we? :)
'MC' in the name stands as alias for 'MyCity forum' (my home forum). The result is MCShield (not McShield). Our intention was never to confuse people and make them believe that MCS has something with McAfee.

 

...and that it works well in tandum with Avast.
[ ... ]
However I would appreciate a response from you guys as to whether this is actually a good bit of kit (maybe even a new startup venture?) or whether it is just more malware advertising itself as something it is not.


Starting from v3, MCShield has digitally signed all executable components. Therefore, there is no need to talk abaut is MCShield valid or not. MCS does not have any driver component therefore MCS can not cause a BSOD, nor conflicts with other security software. MCS is here as additional security software, as help to AV, or it can be used as malware removal tool.

 

Avast scans USB devices on attachment by default, so it would seem that MCShield is duplicating what Avast already does.  Whether MCShield is more effective I can't say as I haven't done any comparative testing.


This is a quote from one of the MCS's authors, dr_Bora.

Important thing to note is that MCShield's heuristics are not what you're used to see in an average antivirus. When I say heuristics, I do not talk about detections based on compilers, exe compressors, partial signatures, etc. like in the case of an AV, but I'm talking about recognizing "static behavior" (basically, what the files and the folders on a flash drive "look like"). So, the program tries to recognize malware by analyzing the file system; files and folders - their characteristics and relations to other files and folders on the drive. These analyses are based on algorithms designed to be "triggered" by a "behavior" (what they do on a flash drive in the process of infection) of different worm families using various methods to initiate the infection (autorun functionality, exploits or simply tricks to make the user to run malware).

Source:
2nd layer protection for USB drives: MCShield

 

 

In other words, to clarify:
If user has configured so, Antivirus will scan USB device for malware executable files, Yes, but AV will scan USB relying on their definition. So, only if AV known for certain file and detects as malware, or part of the malware, it will attempt the removal process. Malware is constantly being improved, malware intentions is to stay undetected by AV (that's the malware's job, right?) and to install & load itself on the user's computer. This causes the spreading and load of malware to hosts system as well and thus results as difficult removal.
Unfortunately, the real picture is that a lot of malware passes through the active protection module that AV provides and as proof you have full rooms with issue in malware removal forums.

MCS is free and specialized USB Anti-Malware program created by Malware Removal Experts. MCS's generic scanner will scan, verify and block any USB based malware that uses known vector attack. While average AV waits for for sample, or waits for definition, MCShield has the power to detect and remove all known and most (if not all) world-wide, still undiscovered and unknown (USB based) malware.
If host mashine is malware free (and this job for AV), MCS shall clean all your USB devices from any form of malware.
Moreover, when I say "USB based malware" I do not think of autorun.inf (which again by itself is just a trigger for real malicius executive file) you all need to know this:
Autorun/autoplay is just one of the old ways the infection can be started. There are many other, newer methods of spreading malware from USB to a Host system and modern malware indeed exploits all new vector attack.

MCS covers all that ...
Therefore, currently MCShield has the following auto-routines:
AntiAutorun, AntiScript, AntiLNK, pair of AntiMimics routines, three AntiReplicator routines, AntiRimecud, known bad file/folder names check, AntiEsfury (stands for folder name heur. few similar routines), AntiCryptoLocker (USB based), hashes, general/blended file heuristics (files are checked in 6 ways), CheckFileSignatures ...etc

 

If you have a addition question, please post. Any feedback is good feedback.  ;)
Cheers,


Edited by magna86, 26 February 2014 - 09:47 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:41 AM

Posted 26 February 2014 - 09:47 PM

Thank you for your comments/explanation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users