How to Use Stinger

McAfee Stinger is a standalone utility used to detect and remove certain viruses. It is not a substitute for full antivirus protection, but a specialized tool to assist administrators and users when dealing with contaminated system. It finds and eliminates threats identified below the”Threat List” option under Advanced menu options in the Stinger program.

McAfee Stinger now detects and removes GameOver Zeus and CryptoLocker.

How can you utilize Stinger?

  1. Download the most recent version of Stinger.
  2. When prompted, choose to save the document to a suitable location in your hard disk, like your Desktop folder.
  3. Once the downloading is complete, browse to the folder that includes the downloaded Stinger document, and execute it.
  4. The Stinger interface will be shown.
  5. By default, Stinger scans for conducting procedures, loaded modules, registry, WMI and directory places known to be employed by malware onto a system to maintain scan times minimum. If necessary, click the”Customize my scanning” link to include additional drives/directories to your scan.
  6. Stinger has the capacity to scan targets of Rootkits, which is not allowed by default.
  7. Click on the Scan button to start scanning the specified drives/directories.
  8. By default, Stinger will repair any infected files that it finds.
  9. Stinger leverages GTI File Reputation and conducts network heuristics at Moderate level by default. If you select”High” or”Very High,” McAfee Labs recommends you place the”On threat detection” action to”Report” just for the initial scan.

    To Find out More about GTI File Reputation visit the following KB articles

    KB 53735 – FAQs for Worldwide Threat Intelligence File Reputation

    KB 60224 – The best way to confirm that GTI File Reputation is installed correctly

    KB 65525 – Identification generically found malware (Global Threat Intelligence detections)

More Here At our site

Often Asked Questions

Q: I know I have a virus, however, Stinger didn’t detect one. Why is this?
A: Stinger is not a substitute for a full anti-virus scanner. It’s simply supposed to detect and remove certain threats.

Q: Stinger found a virus that it could not fix. What’s this?
A: This is most likely due to Windows System Restore functionality having a lock on the infected document. Windows/XP/Vista/7 users must disable system restore before scanning.

Q: Where is your scanning log saved and how do I view them?
Inside Stinger, navigate to the log TAB along with the logs will be displayed as record of the time stamp, clicking onto the log file name opens the file in the HTML format.

Q: Where are the Quarantine files stored?

A: The Threat List provides a list of malware that Stinger has been configured to discover. This listing doesn’t comprise the results of running a scan.

Q: Why Are there some command-line parameters available when running Stinger?
A: Yes, even the command-line parameters have been displayed by going to the help menu inside Stinger.

Q: I ran Stinger and finally have a Stinger.opt record, what is that?
A: When Stinger runs it generates the Stinger.opt record that saves the existing Stinger configuration. After you operate Stinger the second time, your prior configuration is utilized as long as the Stinger.opt document is in exactly the same directory as Stinger.

Q: Stinger updated components of VirusScan. Is this expected behavior?
A: as soon as the Rootkit scanning alternative is selected within Stinger tastes — VSCore documents (mfehidk.sys & mferkdet.sys) to a McAfee endpoint is going to be updated to 15.x. These files are set up only if newer than what’s on the machine and is needed to scan for today’s generation of newer rootkits. In the event the rootkit scanning option is disabled inside Stinger — that the VSCore update won’t happen.

Q: How Does Stinger perform rootkit scanning when installed via ePO?
A: We have disabled rootkit scanning in the Stinger-ePO bundle to set a limit on the vehicle upgrade of VSCore parts when an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO mode, please use these parameters while checking in the Stinger package in ePO:

–reportpath=%temp% –rootkit

Q: What versions of Windows are supported by Stinger?
In addition, Stinger demands the device to have Internet Explorer 8 or above.

Q: Which are the prerequisites for Stinger to perform at a Win PE environment?
A: whilst creating a custom Windows PE picture, add support for HTML Application components using the directions provided in this walkthrough.

Q: How How can I obtain help for Stinger?
An: Stinger isn’t a supported application. McAfee Labs makes no guarantees concerning this item.

Q: how How can I add customized detections into Stinger?
A: Stinger gets the choice where a user may input upto 1000 MD5 hashes as a custom blacklist. During a system scan, even if any documents match the habit blacklisted hashes – the documents will get detected and deleted. This feature is provided to assist power users who have isolated an malware sample(s) that no detection can be found yet in the DAT files or GTI File Reputation. To leverage this attribute:

  1. From the Stinger port goto the Advanced –> Blacklist tab.
  2. Input MD5 hashes to be detected either via the Input Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be included in the scan. SHA1, SHA 256 or other hash kinds are jobless.
  3. During a scan, all files that match the hash will have a detection name of Stinger! . Complete dat fix is put on the detected file.
  4. Files which are digitally signed using a valid certification or people hashes that are already marked as blank from GTI File Reputation won’t be detected as part of their custom blacklist. This is a security feature to prevent customers from accidentally deleting files.

Q: How How do conduct Stinger without the Real Protect component getting installed?
A: The Stinger-ePO package does not execute Real Protect. To Be Able to operate Stinger without Real Protect getting installed, do Stinger.exe –ePO

Leave a Reply

Your email address will not be published. Required fields are marked *