Exactly How to Use Stinger

By Ole Jørgen Sve

McAfee Stinger is a standalone energy utilized to find as well as remove particular viruses. It’& rsquo; s not an alternative to full anti-viruses protection, yet a specialized tool to aid managers as well as customers when handling contaminated system. Stinger utilizes next-generation scan modern technology, consisting of rootkit scanning, and scan efficiency optimizations. It finds and also eliminates hazards determined under the “” Risk Listing”” option under Advanced menu choices in the Stinger application.

McAfee Stinger currently finds as well as gets rid of GameOver Zeus and CryptoLocker.

How do you use Stinger?

  1. Download and install the current variation of Stinger.
  2. When triggered, pick to save the documents to a convenient place on your hard disk, such as your Desktop folder.
  3. When the download is total, browse to the folder which contains the downloaded and install Stinger documents, as well as run it.
  4. The Stinger user interface will be presented.
  5. By default, Stinger checks for running processes, filled components, computer system registry, WMI as well as directory site places understood to be used by malware on a machine to maintain scan times minimal. If necessary, click the “” Customize my check”” link to include added drives/directories to your check.
  6. Stinger has the ability to check targets of Rootkits, which is not enabled by default.
  7. Click the Check switch to start checking the specified drives/directories.
  8. By default, Stinger will certainly fix any contaminated documents it locates.
  9. Stinger leverages GTI Data Track record and also runs network heuristics at Tool level by default. If you choose “” High”” or “” Really High,”” McAfee Labs suggests that you establish the “” On risk discovery”” activity to “” Record”” just for the very first scan.

    To read more concerning GTI File Online reputation see the complying with KB posts

    KB 53735 – FAQs for International Threat Knowledge File Reputation

    KB 60224 – Just how to confirm that GTI File Online reputation is installed correctly

    KB 65525 – Identification of generically spotted malware (International Danger Intelligence detections)

At site mcafee stinger download from Our Articles

Frequently Asked Questions

Q: I understand I have a virus, however Stinger did not spot one. Why is this?
A: Stinger is not a replacement for a complete anti-virus scanner. It is only made to discover and also remove certain risks.

Q: Stinger discovered an infection that it couldn'’ t repair work. Why is this? A: This is more than likely because of Windows System Recover capability having a lock on the contaminated file. Windows/XP/Vista/ 7 individuals need to disable system bring back before scanning.

Q: Where is the check log saved and just how can I see them?
A: By default the log data is saved from where Stinger.exe is run. Within Stinger, navigate to the log TAB as well as the logs are shown as checklist with time stamp, clicking the log documents name opens up the data in the HTML format.

Q: Where are the Quarantine submits kept?
A: The quarantine data are saved under C: \ Quarantine \ Stinger.

Q: What is the “” Threat Checklist”” option under Advanced menu made use of for?
A: The Risk List provides a listing of malware that Stinger is set up to find. This checklist does not have the results from running a check.

Q: Exist any command-line specifications readily available when running Stinger?
A: Yes, the command-line specifications are presented by mosting likely to the assistance food selection within Stinger.

Q: I ran Stinger and also now have a Stinger.opt data, what is that?
A: When Stinger runs it creates the Stinger.opt data that saves the current Stinger arrangement. When you run Stinger the following time, your previous configuration is used as long as the Stinger.opt data remains in the same directory as Stinger.

Q: Stinger upgraded elements of VirusScan. Is this expected behavior?
A: When the Rootkit scanning option is selected within Stinger choices –– VSCore data (mfehidk.sys & & mferkdet.sys) on a McAfee endpoint will certainly be updated to 15.x. These data are installed only if newer than what'’ s on the system as well as is needed to check for today’& rsquo; s generation of newer rootkits. If the rootkit scanning alternative is impaired within Stinger –– the VSCore upgrade will certainly not happen.

Q: Does Stinger perform rootkit scanning when released using ePO?
A: We’& rsquo; ve disabled rootkit scanning in the Stinger-ePO bundle to limit the auto update of VSCore parts when an admin deploys Stinger to thousands of makers. To make it possible for rootkit scanning in ePO mode, please use the adhering to criteria while checking in the Stinger bundle in ePO:

— reportpath=%temperature%– rootkit

For detailed guidelines, please describe KB 77981

Q: What versions of Windows are sustained by Stinger?
A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. On top of that, Stinger calls for the machine to have Web Traveler 8 or above.

Q: What are the needs for Stinger to carry out in a Success PE setting?
A: While creating a custom Windows PE image, add assistance for HTML Application elements making use of the instructions offered in this walkthrough.

Q: Exactly how can I get assistance for Stinger?
A: Stinger is not a sustained application. McAfee Labs makes no assurances regarding this product.

Q: Just how can I include custom detections to Stinger?
A: Stinger has the choice where a customer can input upto 1000 MD5 hashes as a personalized blacklist. Throughout a system check, if any kind of files match the custom-made blacklisted hashes – the documents will get discovered and removed. This function is given to help power users who have isolated a malware example(s) for which no discovery is offered yet in the DAT data or GTI Documents Track Record. To take advantage of this function:

  1. From the Stinger interface goto the Advanced–> > Blacklist tab.
  2. Input MD5 hashes to be spotted either using the Enter Hash button or click the Tons hash List button to indicate a text file having MD5 hashes to be included in the check. SHA1, SHA 256 or other hash kinds are in need of support.
  3. During a scan, documents that match the hash will have a detection name of Stinger!<>. Full dat repair work is applied on the spotted data.
  4. Files that are digitally signed utilizing a legitimate certification or those hashes which are already marked as clean in GTI Data Online reputation will certainly not be discovered as part of the custom-made blacklist. This is a safety and security feature to avoid customers from mistakenly erasing documents.

Q: Exactly how can run Stinger without the Real Protect part getting set up?
A: The Stinger-ePO plan does not carry out Real Protect. In order to run Stinger without Real Protect obtaining installed, execute Stinger.exe