How to Utilize Stinger

McAfee Stinger is a standalone utility used to detect and remove specific viruses.

McAfee Stinger now detects and eliminates GameOver Zeus and CryptoLocker.

How do you use Stinger?

  1. Download the latest version of Stinger.
  2. Once prompted, choose to save the file to a convenient location on your hard disk, like the Desktop folder.
  3. Once the download is complete, browse to the folder which includes the downloaded Stinger document, and run it.
  4. By default, Stinger scans for conducting procedures, loaded modules, registry, WMI and directory locations known to be employed by malware on a machine to maintain scan times minimal. If necessary, click on the”Customize my scanning” link to add additional drives/directories to your scan.
  5. Stinger has the capability to scan targets of Rootkits, which isn’t allowed by default.
  6. Click the Scan button to begin scanning the specified drives/directories.
  7. By default, Stinger will repair any infected files it finds.
  8. Stinger leverages GTI File Reputation and runs system heuristics at Moderate level . If you select”High” or”Very High,” McAfee Labs recommends that you set the”On threat detection” actions to”Report” only for the initial scan.

    To Find out More about GTI File Reputation see the following KB articles

    KB 53735 – FAQs for Global Threat Intelligence File Reputation

    KB 60224 – The best way to verify that GTI File Reputation is installed properly

    KB 65525 – Identification generically detected malware (International Threat Intelligence detections)

Join Us mcafee labs stinger (64 bit) website

Often Asked Questions

Q: I know I have a virus, but Stinger didn’t detect one. Why is this?
An: Stinger is not a substitute for a full anti-virus scanner. It’s simply supposed to find and remove certain threats.

Q: Stinger discovered a virus it could not repair. What’s this?
A: This is probably because of Windows System Restore functionality using a lock onto the infected document. Windows/XP/Vista/7 consumers should disable system restore before scanning.

Q: Where’s your scan log stored and how do I see them?
Inside Stinger, browse to the log TAB along with the logs are displayed as listing with time stamp, clicking onto the log file name opens the document in the HTML format.

Q: How Which are the Quarantine files stored?
A: The quarantine documents are stored under C:\Quarantine\Stinger.

Q: what’s your”Threat List” option under Advanced menu utilized for?
This listing does not include the results of running a scan.

Q: Why Are there any command-line parameters accessible when conducting Stinger?
A: Yes, the command-line parameters have been exhibited by going to the help menu in Stinger.

Q: I conducted Stinger and finally have a Stinger.opt record, what is that?
A: When Stinger conducts it creates the Stinger.opt file which saves the existing Stinger configuration. After you operate Stinger the next time, your previous configuration is utilized provided that the Stinger.opt file is in exactly the same directory as Stinger.

Is this expected behaviour?
A: as soon as the Rootkit scanning alternative is selected within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) on a McAfee endpoint will be upgraded to 15.x. These files are installed only if newer than what’s on the machine and is required to scan for today’s creation of newer rootkits. In case the rootkit scanning alternative is disabled in Stinger — that the VSCore upgrade will not occur.

Q: Does Stinger perform rootkit scanning when installed via ePO?
A: We’ve disabled rootkit scanning from the Stinger-ePO bundle to limit the vehicle upgrade of VSCore parts as soon as an admin deploys Stinger to tens of thousands of machines. To Allow rootkit scanning in ePO manner, please use these parameters while checking in the Stinger package in ePO:

–reportpath=%temp% –rootkit

Q: How What versions of Windows are encouraged by Stinger?
A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Additionally, Stinger demands the machine to have Web Explorer 8 or above.

Q: What are the prerequisites for Stinger to perform at a Win PE environment?
A: While creating a custom Windows PE image, add support for HTML Application parts using the instructions provided within this walkthrough.

Q: How do I obtain hold for Stinger?
A: Stinger is not a supported program. McAfee Labs makes no guarantees relating to this item.

Q: How can I add customized detections to Stinger?
A: Stinger has the option where a user can enter upto 1000 MD5 hashes as a custom made blacklist. During a system scan, if any files match the custom blacklisted hashes – that the documents will get deleted and noticed. This feature is provided to assist power users who have isolated an malware sample(s) that no detection is available yet in the DAT documents or GTI File Reputation. SHA1, SHA 256 or other hash types are jobless.

  • During a scan, files that fit the hash will have a detection title of Stinger! . Full dat repair is applied on the file.
  • Documents which are digitally signed using a valid certification or people hashes which are already marked as blank from GTI File Reputation will not be detected as a member of the custom blacklist. This is a security feature to prevent users from accidentally deleting documents.
  • Q: How How can conduct Stinger without the Actual Protect component getting installed?
    A: The Stinger-ePO package doesn’t execute Real Protect. In order to operate Stinger without Real Protect becoming installed, do Stinger.exe –ePO

    Enviar comentario

    Tu dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

    Puedes usar las siguientes etiquetas y atributos HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>