Hi,

Let me explain.
This malware is not new because it uses a technique of spreading which is known to be abused. MCShield covers the spread of malware (this mode of spreading) in two different routines.
The thing is it malware itself. Spreading goes in this way

  • For each removable drive:
  • Copies the malicious vbs (whose launch provides the next step)
  • For each removable drive:
  • For each file USB: \ file.ext do the S + H and creates USB: \ file.lnk (which starts cmd.exe, which starts malware itself)
  • For each folder USB: \ folder do the S + H and creates USB: \ folder.lnk (which starts cmd.exe, which starts malware itself)

In translation:
When malware is first transferred from the USB device to the host computer, it has been installed on host PC and started to perform his malicious duty.
To protect himselves, or to prolong their survival, he is waiting for any attached USB device for spread or re-installation (If AV has deleted the malware from the host computer) of any additional USB devices. This means that the malware is active on both the host computer and the USB device and attempting to transferred their malicious files to each other.

MCShield is USB malware based tool. It shall not seek malware on host mashine. MCShield shall clean malware from USB device but to delete the malware on the host machine you shall need another malware-removal tool. MCShield is a tool that does what others can not, removes malware from USB devices.

To remove this malware, you should first clean the malware from the host machine, and then to disinfect all USB devices with MCShield.
If the malware is cleaned only from the host machine, USB malware shall only re-infect host masine. And vice versa …