actually the pen drive was not opening this is not mine,
the mcschield were detected 49 infections
is an excellent tool that can not miss in a computer.but the question is this reason that I came here
avast detected some
so will some time analyzing this type of malware is not detected by any antivirus generally
modifies the file name for this file is cmd.exe with the recycler folder also found on the memory card when you submit to analyze fully or adds virus in quarantine with this case
the result you can see nothing has been found
but the one who actually detected except mcshield
was the kaspersky removal tool
this behavior quite suspicious
in the last month I had sent two samples 20 trojan mschield malware protection , this respectively
were changed by VBS:houdini [ trj ] , avast detected this virus , but I referred to the malware did the damage caused compressed into zip but so far has not added in detection.
Also another point that avast has difficulty detecting viruses with double extensions , an example autorun.exe.vir that this was only found in quarantine i did with another tool , the malware tried to hide or sneak in some folder or camouflage , as had already done a scan and avast did not find anything.
Also another point that avast has difficulty detecting viruses with double extensions , an example autorun.exe.vir
Files that contain the .vir file extension are infected computer files that have been renamed by an anti-virus application.
This is done to keep the file from running on a user's computer.
I do not understand why this issue did not prevent malware minor damage to the flash drive
in fact been modified by win32: malware-gen
also known as the kaspersky trojan dropper.win32.injector.idcf
Let me explain.
This malware is not new because it uses a technique of spreading which is known to be abused. MCShield covers the spread of malware (this mode of spreading) in two different routines.
The thing is it malware itself. Spreading goes in this way
For each removable drive:
Copies the malicious vbs (whose launch provides the next step)
For each removable drive:
For each file USB: \ file.ext do the S + H and creates USB: \ file.lnk (which starts cmd.exe, which starts malware itself)
For each folder USB: \ folder do the S + H and creates USB: \ folder.lnk (which starts cmd.exe, which starts malware itself)
In translation:
When malware is first transferred from the USB device to the host computer, it has been installed on host PC and started to perform his malicious duty.
To protect himselves, or to prolong their survival, he is waiting for any attached USB device for spread or re-installation (If AV has deleted the malware from the host computer) of any additional USB devices. This means that the malware is active on both the host computer and the USB device and attempting to transferred their malicious files to each other.
MCShield is USB malware based tool. It shall not seek malware on host mashine. MCShield shall clean malware from USB device but to delete the malware on the host machine you shall need another malware-removal tool. MCShield is a tool that does what others can not, removes malware from USB devices.
To remove this malware, you should first clean the malware from the host machine, and then to disinfect all USB devices with MCShield.
If the malware is cleaned only from the host machine, USB malware shall only re-infect host masine. And vice versa …