How to Use Stinger

McAfee Stinger is a standalone utility used to detect and remove specific viruses. Stinger utilizes next-generation scanning technologies, such as rootkit scanning, and scan performance optimizations.

McAfee Stinger now finds and eliminates GameOver Zeus and CryptoLocker.

How do you use Stinger?
  • Once prompted, choose to save the document to a convenient location in your hard diskdrive, such as the Desktop folder.
  • Once the download is complete, browse to the folder which contains the downloaded Stinger file, and run it.
  • The Stinger interface will be shown. If necessary, click the”Customize my scan” link to add additional drives/directories for a scan.
  • Stinger has the capacity to scan targets of Rootkits, which is not allowed by default.
  • Click on the Scan button to begin scanning the specified drives/directories.
  • By default, Stinger will repair any infected files it finds.
  • Stinger Requires GTI File Reputation and runs system heuristics at Moderate level . If you select”High” or”Very High,” McAfee Labs recommends you place the”On hazard detection” action to”Report” just for the first scan.

    Q: I know I have a virus, however, Stinger did not detect one. What’s this?
    An: Stinger is not a substitute for an entire anti-virus scanner. It is simply supposed to find and remove certain threats.

    Q: Stinger discovered a virus that it could not repair. Why is this?
    At site from Our Articles
    A: That is probably because of Windows System Restore performance using a lock onto the infected document. Windows/XP/Vista/7 users must disable system restore prior to scanning.

    Q: how Where’s the scanning log stored and how can I view them?
    A: By default the log file is saved in where Stinger.exe is conducted. Within Stinger, browse to the log TAB and the logs will be displayed as listing of time stamp, clicking onto the log file name opens the file in the HTML format.

    Q: How Where would be the Quarantine files stored?
    A: The quarantine documents are saved under C:\Quarantine\Stinger.

    This list does not include the results from running a scan.

    Q: Are there any command-line parameters available when conducting Stinger?
    A: Yes, the command-line parameters are shown by going to the help menu within Stinger.

    Q: I ran Stinger and now have a Stinger.opt record, what is that?
    A: When Stinger conducts it generates the Stinger.opt record which saves the current Stinger configuration. When you run Stinger the next time, your prior configuration is used as long as the Stinger.opt file is in exactly the exact same directory as Stinger.

    Is this expected behaviour?
    A: as soon as the Rootkit scanning option is selected within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) to a McAfee endpoint will be upgraded to 15.x. These files are set up only if newer than what’s about the machine and is required to scan for today’s generation of newer rootkits. If the rootkit scanning alternative is disabled within Stinger — the VSCore upgrade will not happen.

    Q: Can Stinger perform rootkit scanning when installed through ePO?
    A: We have disabled rootkit scanning from the Stinger-ePO bundle to restrict the auto update of VSCore parts as soon as an admin deploys Stinger to thousands of machines. To Allow rootkit scanning in ePO style, please utilize the following parameters while checking in the Stinger bundle in ePO:

    –reportpath=%yolk% –rootkit

    For detailed directions, please refer to KB 77981

    Q: What versions of Windows are encouraged by Stinger?
    A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Furthermore, Stinger demands the machine to get Internet Explorer 8 or over.

    Q: Which are the requirements for Stinger to do in a Win PE surroundings?
    A: whilst developing a custom Windows PE picture, add support for HTML Application parts using the directions offered within this walkthrough.

    Q: How can I obtain help for Stinger?
    An: Stinger is not a supported program. McAfee Labs makes no warranties about this item.

    Q: How How can I add custom made detections into Stinger?
    A: Stinger gets the option where a user may input upto 1000 MD5 hashes as a custom blacklist. During a system scan, if any documents match the habit blacklisted hashes – the documents will get deleted and detected. This feature is provided to help power users who have isolated a malware sample(s) for which no detection can be found yet in the DAT files or GTI File Reputation. To leverage this feature:

    1. In the Stinger interface goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be detected either through the Input Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be contained in the scanning. SHA1, SHA 256 or other hash kinds are jobless.
    3. During a scan, all files which match the hash will have a detection name of Stinger! . Full dat fix is put on the file.
    4. Files which are digitally signed using a valid certificate or people hashes which are already marked as blank in GTI File Reputation will not be detected as part of the customized blacklist. This is a safety feature to prevent users from accidentally deleting files.

    Q: How How do conduct Stinger without the Actual Protect component getting installed?
    A: The Stinger-ePO package doesn’t fulfill Actual Protect. In order to operate Stinger with no Real Protect getting installed, do Stinger.exe –ePO

  • This entry was posted in 1. Bookmark the permalink.