It’s not a substitute for full antivirus protection, but an technical instrument to assist administrators and users when dealing with contaminated system.
McAfee Stinger now finds and eliminates GameOver Zeus and CryptoLocker.
How can you utilize Stinger?
Download the latest version of Stinger.
When prompted, choose to save the document to a convenient location in your hard diskdrive, such as your Desktop folder.
When the downloading is complete, browse to the folder which contains the downloaded Stinger document, and run it. If needed, click the”Customize my scanning” link to include extra drives/directories to your scan.
Stinger has the capability to scan targets of Rootkits, which isn’t enabled by default.
Click on the Scan button to begin scanning the specified drives/directories.
By default, Stinger will repair any infected files it finds.
Stinger leverages GTI File Reputation and runs community heuristics at Medium level . If you choose”High” or”Very High,” McAfee Labs recommends that you place the”On hazard detection” activity to”Report” just for the first scan.
To learn more about GTI File Reputation see the following KB articles
KB 53735 – FAQs for Worldwide Threat Intelligence File Reputation
KB 60224 – The best way to confirm that GTI File Reputation is installed correctly
KB 65525 – Identification generically found malware (International Threat Intelligence detections)
Often Asked Questions
Q: I understand I have a virus, but Stinger didn’t find one. What’s this? A: Stinger is not a replacement for a full anti-virus scanner. It is only designed to detect and remove certain threats.
Q: Stinger discovered a virus that it couldn’t repair. Why is this? A: This is most likely because of Windows System Restore functionality using a lock on the infected file. Windows/XP/Vista/7 users must disable system restore before scanning.
Q: how Where’s your scan log saved and how do I see them?
Within Stinger, browse to the log TAB along with the logs will be displayed as record of time stamp, clicking on the log file name opens the document in the HTML format.
Q: Which are the Quarantine files saved?
Q: What is the”Threat List” option under Advanced menu used for?
This list doesn’t include the results of running a scan.
Q: Why Are there some command-line parameters available when conducting Stinger? A: Yes, the command-line parameters are displayed by going to the help menu inside Stinger.
Q: I conducted Stinger and finally have a Stinger.opt record, what’s that? A: When Stinger conducts it creates the Stinger.opt document which saves the recent Stinger configuration. When you conduct Stinger the second time, your previous configuration is utilized provided that the Stinger.opt file is in the same directory as Stinger.
Is this expected behavior? A: whenever the Rootkit scanning option is selected within Stinger tastes — VSCore documents (mfehidk.sys & mferkdet.sys) on a McAfee endpoint is going to be updated to 15.x. These files are set up only if newer than what’s on the machine and is needed to scan for the current creation of newer rootkits. If the rootkit scanning option is disabled in Stinger — the VSCore upgrade won’t occur.
Q: Does Stinger perform rootkit scanning when deployed through ePO? A: We’ve disabled rootkit scanning in the Stinger-ePO package to set a limit on the auto update of VSCore components once an admin deploys Stinger to thousands of machines. To Allow rootkit scanning in ePO style, please use these parameters while assessing in the Stinger package in ePO:
Q: How What versions of Windows are supported by Stinger? A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Furthermore, Stinger demands the device to get Internet Explorer 8 or over.
Q: What are the prerequisites for Stinger to do at a Win PE surroundings? A: whilst creating a custom Windows PE image, add support for HTML Application components utilizing the directions provided within this walkthrough.
Q: How How can I obtain assistance for Stinger? A: Stinger isn’t a supported application. McAfee Labs makes no guarantees relating to this item.
Q: How How can I add custom made detections into Stinger? A: Stinger gets the choice where a user can input upto 1000 MD5 hashes as a customized blacklist. During a system scan, even if any files fit the habit blacklisted hashes – the documents will get deleted and noticed. This attribute is provided to help power users that have isolated an malware sample(s) for which no detection can be found however from the DAT files or GTI File Reputation.
Input MD5 hashes to be detected either via the Input Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be contained in the scanning.
During a scan, files that match the hash will have a detection name of Stinger! . Total dat repair is used on the found file.
Documents that are digitally signed using a valid certificate or people hashes which are marked as blank from GTI File Reputation will not be detected as part of their custom blacklist. This is a security feature to prevent users from accidentally deleting documents.
Q: How do run Stinger with no Actual Protect component getting installed? A: The Stinger-ePO package does not execute Real Protect. In order to run Stinger without Real Protect getting installed, do Stinger.exe –ePO