How to Use Stinger

It’s not a substitute for full antivirus protection, however, a technical tool to assist administrators and users when dealing with infected system.

McAfee Stinger now detects and removes GameOver Zeus and CryptoLocker.

How do you utilize Stinger?

  1. Download the most recent version of Stinger.
  2. Once prompted, choose to save the file to a suitable place in your hard diskdrive, like the Desktop folder.
  3. Once the downloading is complete, navigate to the folder which contains the downloaded Stinger record, and execute it. If necessary, click the”Customize my scanning” link to add additional drives/directories to your scan.
  4. Stinger has the capability to scan goals of Rootkits, which isn’t enabled by default.
  5. Click on the Scan button to begin scanning the specified drives/directories.
  6. By default, Stinger will repair any infected files it finds.
  7. Stinger Requires GTI File Reputation and operates system heuristics at Medium level by default. If you select”High” or”Very High,” McAfee Labs recommends you put the”On hazard detection” activity to”Report” only for the first scan.

    Q: I understand I have a virus, but Stinger did not detect one. Why is this?
    An: Stinger is not a substitute for an entire anti virus scanner. It’s simply designed to detect and remove certain threats.

    Q: Stinger found a virus it couldn’t repair. Why is this?
    A: This is probably because of Windows System Restore functionality using a lock onto the infected document. Windows/XP/Vista/7 users should disable system restore before scanning.

    Q: How Where is your scan log saved and how can I see them?
    A: By default the log file is stored in where Stinger.exe is run. Inside Stinger, navigate into the log TAB along with the logs are all displayed as record with the time stamp, clicking on the log file name opens the file from the HTML format.

    Q: How Which are the Quarantine documents stored?

    Q: What is your”Threat List” option under Advanced menu used for?
    This list does not include the results of running a scan.

    Q: Are there any command-line parameters accessible when conducting Stinger?
    A: Yes, the command-line parameters are exhibited by going to the help menu inside Stinger.

    Q: I ran Stinger and now have a Stinger.opt record, what’s that?
    A: When Stinger conducts it generates the Stinger.opt record which saves the current Stinger configuration. After you operate Stinger the next time, your previous configuration is used as long as the Stinger.opt document is in the exact same directory as Stinger.

    Q: Stinger updated elements of VirusScan. Is this expected behaviour?
    A: whenever the Rootkit scanning option is selected within Stinger preferences — VSCore files (mfehidk.sys & mferkdet.sys) to a McAfee endpoint is going to be updated to 15.x. These documents are set up only if newer than what’s about the machine and is needed to scan for the current generation of newer rootkits. In the event the rootkit scanning option is disabled inside Stinger — the VSCore update will not happen.

    Q: Can Stinger work rootkit scanning when deployed via ePO?
    A: We have disabled rootkit scanning in the Stinger-ePO bundle to restrict the vehicle upgrade of VSCore components as soon as an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO style, please use these parameters while checking in the Stinger package in ePO:

    –reportpath=%temp% –rootkit

    For detailed instructions, please refer to KB 77981

    Q: How What versions of Windows are backed by Stinger?
    A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. In addition, Stinger demands the system to have Internet Explorer 8 or over.

    Q: What are the prerequisites for Stinger to perform at a Win PE environment?
    A: whilst developing a custom Windows PE image, add support for HTML Application components utilizing the directions given within this walkthrough.

    Q: How can I get help for Stinger?
    An: Stinger is not a supported application. McAfee Labs makes no warranties concerning this item.

    Q: How do I add custom detections into Stinger?
    A: Stinger has the option where a user can input upto 1000 MD5 hashes as a custom blacklist. During a system scan, if any files match the habit blacklisted hashes – the documents will get deleted and detected. This feature is provided to help power users who have isolated an malware sample(s) for which no detection is available however in the DAT files or GTI File Reputation.

  8. Input MD5 hashes to be discovered either via the Input Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be contained in the scan.
  9. During a scan, files which match the hash will have a detection title of Stinger! . Total dat fix is put on the file.
  10. Files that are digitally signed using a valid certificate or those hashes which are already marked as clean from GTI File Reputation will not be detected as a member of their custom made blacklist. This is a safety feature to prevent users from accidentally deleting documents.

Read more At website Articles

Q: How How can run Stinger with no Real Protect component getting installed?
A: The Stinger-ePO package does not fulfill Actual Protect. In order to operate Stinger with no Real Protect becoming installed, do Stinger.exe –ePO