McAfee Stinger is a standalone utility used to detect and remove certain viruses. It finds and removes threats identified below the”Threat List” option under Advanced menu options in the Stinger program.
McAfee Stinger now detects and removes GameOver Zeus and CryptoLocker.
How do you use Stinger?
- Download the most recent version of Stinger.
- Once prompted, choose to save the file to a suitable location on your hard disk, such as the Desktop folder.
- When the download is complete, browse to the folder that contains the downloaded Stinger document, and run it.
- The Stinger interface will be shown.
- By default, Stinger scans for conducting procedures, loaded modules, registry, WMI and directory locations known to be used by malware to a system to maintain scan times minimum. If needed, click on the”Customize my scanning” link to include additional drives/directories to your scan.
- Stinger has the ability to scan goals of Rootkits, which isn’t allowed by default.
- Click on the Scan button to start scanning the specified drives/directories.
- Stinger Requires GTI File Reputation and operates network heuristics at Moderate level by default. If you choose”High” or”Very High,” McAfee Labs recommends that you put the”On threat detection” actions to”Report” just for the initial scan.
To Find out More about GTI File Reputation visit the following KB articles
KB 53735 – FAQs for International Threat Intelligence File Reputation
KB 60224 – How to confirm that GTI File Reputation is installed correctly
KB 65525 – Identification generically detected malware (Global Threat Intelligence detections)
Frequently Asked Questions
Q: I know I have a virus, but Stinger didn’t find one. Why is this?
A: Stinger is not a replacement for an entire anti virus scanner. It’s just designed to detect and remove specific threats.
Q: Stinger found a virus that it could not fix. What’s this?
A: That is probably because of Windows System Restore functionality using a lock to the infected file. Windows/XP/Vista/7 consumers should disable system restore prior to scanning.
Q: Where’s the scan log stored and how do I see them?
Within Stinger, browse into the log TAB along with the logs will be displayed as record of time stamp, clicking on the log file name opens the file in the HTML format.
Q: How Which would be the Quarantine files stored?
A: The quarantine documents are saved under C:\Quarantine\Stinger.
This list doesn’t include the results of running a scan.
Q: Are there some command-line parameters available when conducting Stinger?
A: Yes, the command-line parameters are displayed by going to the help menu inside Stinger.
Q: I conducted Stinger and finally have a Stinger.opt record, what is that?
A: When Stinger runs it creates the Stinger.opt document that saves the recent Stinger configuration. When you operate Stinger the second time, your prior configuration is used as long as the Stinger.opt document is in exactly the same directory as Stinger.
Q: Stinger updated elements of VirusScan. Is this expected behavior?
A: whenever the Rootkit scanning option is chosen within Stinger preferences — VSCore files (mfehidk.sys & mferkdet.sys) on a McAfee endpoint will be upgraded to 15.x. These files are installed only if newer than what’s about the system and is required to scan for today’s creation of newer rootkits. If the rootkit scanning option is disabled in Stinger — the VSCore update will not occur.
Q: How Does Stinger work rootkit scanning when installed via ePO?
A: We’ve disabled rootkit scanning from the Stinger-ePO package to limit the auto update of VSCore parts when an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO manner, please utilize the following parameters while checking in the Stinger bundle in ePO:
For detailed directions, please refer to KB 77981
Q: How What versions of Windows are backed by Stinger?
In addition, Stinger requires the system to have Internet Explorer 8 or over.
Q: What are the prerequisites for Stinger to perform at a Win PE environment?
A: While creating a custom Windows PE image, add support to HTML Application components using the instructions provided in this walkthrough.
Q: How can I get help for Stinger?
A: Stinger isn’t a supported program. McAfee Labs makes no guarantees about this product.
Q: How How can I add custom made detections into Stinger?
A: Stinger has the option where a user can enter upto 1000 MD5 hashes as a custom blacklist. Throughout a system scan, even if any documents fit the custom blacklisted hashes – the files will get deleted and detected. This feature is provided to help power users who have isolated a malware sample(s) that no detection can be found yet from the DAT documents or GTI File Reputation. To leverage this attribute:
- From the Stinger interface goto the Advanced –> Blacklist tab.
- Input MD5 hashes to be discovered either through the Enter Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be included in the scan. SHA1, SHA 256 or other hash kinds are jobless.
- During a scan, files that match the hash is going to have detection name of Stinger! . Complete dat fix is put on the detected file.
- Documents which are digitally signed using a valid certificate or people hashes which are already marked as clean in GTI File Reputation will not be detected as a member of their custom made blacklist. This is a security feature to prevent customers from accidentally deleting documents.
Q: How How can run Stinger with no Actual Protect component getting installed?
A: The Stinger-ePO package doesn’t execute Real Protect. To Be Able to conduct Stinger without Real Protect becoming installed, do Stinger.exe –ePO