How to Utilize Stinger

Icon By
Icon 0 comments

Stinger uses next-generation scan technology, including rootkit scanning, and scan performance optimizations.

McAfee Stinger now detects and removes GameOver Zeus and CryptoLocker.

How do you use Stinger?
  • Once prompted, choose to save the document to a suitable place in your hard disk, like your Desktop folder.
  • Once the download is complete, navigate to the folder that comprises the downloaded Stinger record, and execute it.
  • The Stinger interface will be shown. If necessary, click on the”Customize my scan” link to include additional drives/directories to your scan.
  • Stinger has the capacity to scan goals of Rootkits, which is not allowed by default.
  • Click on the Scan button to start scanning the specified drives/directories.
  • By default, Stinger will repair any infected files it finds.
  • Stinger leverages GTI File Reputation and runs system heuristics at Medium level . If you select”High” or”Very High,” McAfee Labs recommends you place the”On hazard detection” activity to”Report” only for the first scan.

    To Find out More about GTI File Reputation see the following KB articles

    KB 53735 – FAQs for International Threat Intelligence File Reputation

    KB 60224 – How to confirm that GTI File Reputation is installed correctly

    KB 65525 – Identification generically found malware (Global Threat Intelligence detections)

  • Often Asked Questions

    Q: I know I have a virus, but Stinger did not detect one.Read here mcafee download At our site What’s this?
    A: Stinger isn’t a replacement for a full anti-virus scanner. It’s just supposed to find and remove specific threats.

    Q: Stinger found a virus it could not repair. What’s this?
    A: That is most likely because of Windows System Restore performance using a lock on the infected file. Windows/XP/Vista/7 consumers should disable system restore before scanning.

    Q: How Where is your scan log saved and how do I view them?
    A: By default the log file is saved in where Stinger.exe is run. Within Stinger, navigate into the log TAB and the logs are all displayed as record of time stamp, clicking on the log file name opens the file in the HTML format.

    Q: Where are the Quarantine files stored?
    A: The quarantine documents are saved under C:\Quarantine\Stinger.

    This listing does not comprise the results from running a scan.

    Q: Are there some command-line parameters accessible when conducting Stinger?
    A: Yes, even the command-line parameters have been displayed by going to the help menu within Stinger.

    Q: I conducted Stinger and finally have a Stinger.opt record, what’s that?
    A: When Stinger runs it generates the Stinger.opt file which saves the current Stinger configuration. When you operate Stinger the second time, your previous configuration is used provided that the Stinger.opt file is in exactly the exact same directory as Stinger.

    Q: Stinger updated elements of VirusScan. Is this expected behaviour?
    A: When the Rootkit scanning option is chosen within Stinger preferences — VSCore files (mfehidk.sys & mferkdet.sys) to a McAfee endpoint is going to be upgraded to 15.x. These documents are set up only if newer than what’s on the machine and is needed to scan for today’s creation of newer rootkits. If the rootkit scanning alternative is disabled inside Stinger — that the VSCore update won’t occur.

    Q: How Does Stinger work rootkit scanning when installed via ePO?
    A: We have disabled rootkit scanning at the Stinger-ePO package to set a limit on the vehicle upgrade of VSCore components once an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO mode, please utilize these parameters while checking in the Stinger package in ePO:

    –reportpath=%temp% –rootkit

    Q: What versions of Windows are supported by Stinger?
    In addition, Stinger requires the machine to get Web Explorer 8 or above.

    Q: Which are the requirements for Stinger to execute in a Win PE environment?
    A: While developing a custom Windows PE image, add support to HTML Application components using the directions offered in this walkthrough.

    Q: How How do I get service for Stinger?
    An: Stinger is not a supported application. McAfee Labs makes no warranties concerning this product.

    Q: How How do I add custom made detections to Stinger?
    A: Stinger has the choice where a user may enter upto 1000 MD5 hashes as a custom made blacklist. Throughout a system scan, if any files match the habit blacklisted hashes – the documents will get deleted and detected. This attribute is provided to help power users who have isolated an malware sample(s) for which no detection is available however in the DAT files or GTI File Reputation. To leverage this feature:

    1. In the Stinger port goto the Advanced –> Blacklist tab.
    2. During a scan, all documents which fit the hash is going to have detection name of Stinger! . Complete dat fix is applied on the detected file.
    3. Files that are digitally signed using a valid certification or those hashes which are marked as clean in GTI File Reputation won’t be detected as a member of the custom blacklist. This is a security feature to prevent users from accidentally deleting documents.

    Q: How can run Stinger with no Real Protect component getting installed?
    A: The Stinger-ePO bundle doesn’t execute Real Protect. So as to run Stinger without Real Protect getting installed, do Stinger.exe –ePO