cancel
Showing results for 
Search instead for 
Did you mean: 

MCShield.exe detected as zero access rootkit, why?!

I'm conducting scans with RogueKiller on some infected machines here that all had McAfee Internet Security, and all of a sudden I see a red flag "ZeroAccess Activity Detected" File: "MCShield.exe"

Could anyone explain to me why exactly this software includes a rootkit?

I've removed the software completely, and sorry guys, replaced it HAPPILY with Norton.

17 Replies
exbrit
Level 21
Report Inappropriate Content
Message 2 of 18

Re: MCShield.exe detected as zero access rootkit, why?!

McAfee software contains an anti-rootkit component.  Did it not occur to you that Roguekiller may be incorrectly diagnosing the files?

That would of course be a subject for their support forums.

Re: MCShield.exe detected as zero access rootkit, why?!

I'm unaware of where the correct area to post this would be, I found the whole posting thing more unclear than the intentions of the software...

I'm not certain if it was an incorrect diagnosis or not, but I did find out in some searches that multiple people are having the same problem as this one user had on their machine.

I installed free McAfee on a few other computers at the shop here and ran the same scans:

all 4 of the machines detected MCShield.exe as a rootkit in Roguekiller

1 out of 4 detected ZeroAccess Rootkit Activity in a scan with RKill

All 4 of the systems were brand new and had not previously been connected to the internet until the installation of the McAfee software..........

Hayton
Level 18
Report Inappropriate Content
Message 4 of 18

Re: MCShield.exe detected as zero access rootkit, why?!

Did you read what the developers of RogueKiller said about their program and false positives?

Also have you bothered to look on the RogueKiller forums and read the FAQ and Known Issues?

Known issues - RogueKiller - Adlice forum


3- ZeroAccess/Whatever found in Antivirus process


This is a false detection, due to database loaded in clear in the antivirus process. Please open a new thread on the forum and DUMP the process memory with process explorer to confirm and whitelist.




Tigzy, June 10 2014 :

Processes? - RogueKiller - Adlice forum


It looks like McAfee exposes its database in clear in memory.


So it's detected as ZeroAccess.




I'll try to find a way to avoid this detection. Thanks


Re: MCShield.exe detected as zero access rootkit, why?!

Appreciate the answers guys, I haven't looked at them since they were in french as far as I could tell.  Thank you though, it was simple curiosity that led me to ask.  I've never encountered that before today, it's always alarming when you see ZeroAccess.

exbrit
Level 21
Report Inappropriate Content
Message 6 of 18

Re: MCShield.exe detected as zero access rootkit, why?!

Alarming indeed and sorry you had trouble navigating these forums.  They were recently "upgraded" and are bamboozling everyone, including us Moderators.

Maybe you should think again about using RogueKiller.    I would have thought things like that would only be necessary if all else failed in a severely infected machine for instance.

We never recommend tools like that unless under the supervision of the forums that specialize in analysing Hijackthis logs, like BleepingComputer, Malwarebytes etc.

Re: MCShield.exe detected as zero access rootkit, why?!

Ex_Brit

I am a member of Bleepingcomputer forums, going through their malware training at the moment.  I am also a computer technician by trade, thank you though.

exbrit
Level 21
Report Inappropriate Content
Message 8 of 18

Re: MCShield.exe detected as zero access rootkit, why?!

Well all the best and good luck with the dark side (Norton).

;-)

Re: MCShield.exe detected as zero access rootkit, why?!

The dark side..............  You actually like McAfee products..?  Like for real, this isn't just a huge joke like I've always thought?

OPERATION TOVAR comes to mind.....?

exbrit
Level 21
Report Inappropriate Content
Message 10 of 18

Re: MCShield.exe detected as zero access rootkit, why?!

I wouldn't volunteer here if I didn't.

Have had very few problems with McAfee.  Had many with other brands over the years.