How to Utilize Stinger

Stinger uses next-generation scan technology, including rootkit scanning, and scan performance optimizations.

McAfee Stinger now finds and removes GameOver Zeus and CryptoLocker.

How do you use Stinger?
  • Once prompted, choose to save the file to a convenient place on your hard diskdrive, such as your Desktop folder.
  • When the downloading is complete, navigate to the folder which includes the downloaded Stinger file, and execute it.
  • By default, Stinger scans for running procedures, loaded modules, registry, WMI and directory locations known to be employed by malware on a machine to keep scan times minimum. If necessary, click the”Customize my scan” link to add additional drives/directories to a scan.
  • Stinger has the capacity to scan targets of Rootkits, which is not enabled by default.
  • Click on the Scan button to start scanning the specified drives/directories.
  • By default, Stinger will repair any infected files that it finds.
  • Stinger Requires GTI File Reputation and conducts network heuristics at Moderate level . If you select”High” or”Very High,” McAfee Labs recommends that you set the”On threat detection” action to”Report” only for the initial scan.

    To learn more about GTI File Reputation visit the following KB articles

    KB 53735 – FAQs for Worldwide Threat Intelligence File Reputation

    KB 60224 – The best way to confirm that GTI File Reputation is set up properly

    KB 65525 – Identification of generically found malware (Global Threat Intelligence detections)

  • Read more stinger download chip 64 bit At website Articles

    Often Asked Questions

    Q: I know I have a virus, but Stinger did not find one. What’s this?
    An: Stinger is not a replacement for a full anti virus scanner. It is only designed to detect and remove certain threats.

    Q: Stinger discovered a virus that it couldn’t repair. What’s this?
    A: That is most likely due to Windows System Restore performance using a lock onto the infected document. Windows/XP/Vista/7 consumers should disable system restore before scanning.

    Q: how Where is your scanning log stored and how do I see them?
    A: By default the log file is stored in where Stinger.exe is run. Within Stinger, navigate into the log TAB along with the logs have been displayed as list of time stamp, clicking on the log file name opens the document from the HTML format.

    Q: How Which would be the Quarantine documents stored?
    A: The quarantine documents are stored under C:\Quarantine\Stinger.

    This listing doesn’t contain the results from running a scan.

    Q: Why Are there any command-line parameters available when conducting Stinger?
    A: Yes, the command-line parameters are exhibited by going to the help menu inside Stinger.

    Q: I conducted Stinger and finally have a Stinger.opt file, what’s that?
    A: When Stinger conducts it generates the Stinger.opt document which saves the current Stinger configuration. When you conduct Stinger the next time, your prior configuration is used provided that the Stinger.opt file is in the identical directory as Stinger.

    Q: Stinger updated elements of VirusScan. Is this expected behavior?
    A: whenever the Rootkit scanning option is chosen within Stinger tastes — VSCore files (mfehidk.sys & mferkdet.sys) to a McAfee endpoint will be upgraded to 15.x. These documents are set up only if newer than what’s about the machine and is required to scan for the current creation of newer rootkits. In case the rootkit scanning alternative is disabled inside Stinger — that the VSCore update won’t occur.

    Q: How Does Stinger work rootkit scanning when deployed through ePO?
    A: We have disabled rootkit scanning from the Stinger-ePO bundle to restrict the vehicle upgrade of VSCore components as soon as an admin deploys Stinger to thousands of machines. To Allow rootkit scanning in ePO mode, please use these parameters while checking in the Stinger bundle in ePO:

    –reportpath=%yolk% –rootkit

    Q: How What versions of Windows are backed by Stinger?
    A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Additionally, Stinger requires the machine to get Web Explorer 8 or over.

    Q: What are the requirements for Stinger to do at a Win PE environment?
    A: While developing a custom Windows PE image, add support for HTML Application components using the directions given within this walkthrough.

    Q: How can I obtain service for Stinger?
    An: Stinger is not a supported program. McAfee Labs makes no warranties concerning this item.

    Q: How How do I add custom detections to Stinger?
    A: Stinger has the choice where a user may input upto 1000 MD5 hashes as a custom made blacklist. During a system scan, if any files match the habit blacklisted hashes – that the documents will get deleted and detected. This attribute is provided to help power users who have isolated an malware sample(s) for which no detection is available however from the DAT documents or GTI File Reputation. To leverage this attribute:

    1. In the Stinger interface goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be discovered either via the Input Signal Hash button or click on the Load hash List button to point to a text file containing MD5 hashes to be included in the scan. SHA1, SHA 256 or other hash types are unsupported.
    3. During a scan, all files which match the hash is going to have detection title of Stinger! . Total dat fix is used on the found file.
    4. Documents which are digitally signed using a valid certificate or those hashes which are already marked as clean from GTI File Reputation won’t be detected as part of their customized blacklist. This is a safety feature to prevent users from accidentally deleting files.

    Q: How do conduct Stinger without the Actual Protect component getting installed?
    A: The Stinger-ePO package doesn’t fulfill Actual Protect. In order to conduct Stinger without Real Protect becoming installed, do Stinger.exe –ePO