How to Utilize Stinger

McAfee Stinger is a standalone utility used to detect and remove certain viruses. It’s not a substitute for full antivirus protection, but also a technical instrument to assist administrators and users when dealing with infected system.

McAfee Stinger now detects and removes GameOver Zeus and CryptoLocker.

How do you use Stinger?

  1. Download the most recent version of Stinger.
  2. Once prompted, choose to save the document to a suitable place on your hard disk, such as the Desktop folder.
  3. Once the download is complete, navigate to the folder which contains the downloaded Stinger file, and execute it. If needed, click the”Customize my scan” link to include extra drives/directories to your scan.
  4. Stinger has the ability to scan targets of Rootkits, which is not enabled by default.
  5. Click the Scan button to start scanning the given drives/directories.
  6. Stinger Requires GTI File Reputation and runs system heuristics at Moderate level by default. If you choose”High” or”Very High,” McAfee Labs recommends that you set the”On hazard detection” actions to”Report” just for the first scan.

    Q: I understand I have a virus, but Stinger did not detect one. What’s this?
    An: Stinger is not a replacement for an entire anti-virus scanner. It’s only supposed to find and remove certain threats.

    Q: Stinger found a virus that it could not fix. What’s this?
    A: This is most likely because of Windows System Restore functionality having a lock onto the infected document.Read about At website Windows/XP/Vista/7 users should disable system restore before scanning.

    Q: How Where is your scanning log saved and how can I see them?
    A: By default the log file is saved from where Stinger.exe is conducted. Inside Stinger, browse to the log TAB along with the logs will be displayed as record with time stamp, clicking onto the log file name opens the file in the HTML format.

    Q: Where are the Quarantine documents saved?
    A: The quarantine files are stored under C:\Quarantine\Stinger.

    Q: what’s the”Threat List” option under Advanced menu used for?
    A: The Threat List provides a listing of malware that Stinger has been configured to discover. This list does not comprise the results from running a scan.

    Q: Why Are there some command-line parameters accessible when conducting Stinger?
    A: Yes, the command-line parameters have been displayed by going to the help menu inside Stinger.

    Q: I conducted Stinger and finally have a Stinger.opt file, what’s that?
    A: When Stinger conducts it creates the Stinger.opt document which saves the recent Stinger configuration. When you operate Stinger the second time, your previous configuration is employed as long as the Stinger.opt file is in exactly the identical directory as Stinger.

    Q: Stinger updated components of VirusScan. Is this expected behavior?
    A: as soon as the Rootkit scanning option is selected within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) to a McAfee endpoint is going to be upgraded to 15.x. These documents are installed only if newer than what’s about the system and is required to scan for the current generation of newer rootkits. In case the rootkit scanning option is disabled inside Stinger — that the VSCore update will not occur.

    Q: Can Stinger work rootkit scanning when installed via ePO?
    A: We’ve disabled rootkit scanning from the Stinger-ePO bundle to set a limit on the auto update of VSCore components as soon as an admin deploys Stinger to thousands of machines. To Allow rootkit scanning in ePO style, please use these parameters while assessing in the Stinger bundle in ePO:

    –reportpath=%temp% –rootkit

    Q: How What versions of Windows are supported by Stinger?
    Furthermore, Stinger requires the system to have Internet Explorer 8 or over.

    Q: What are the requirements for Stinger to execute in a Win PE environment?
    A: when developing a custom Windows PE picture, add support for HTML Application parts using the directions given in this walkthrough.

    Q: How How do I obtain hold for Stinger?
    An: Stinger isn’t a supported program. McAfee Labs makes no warranties relating to this item.

    Q: How How do I add custom made detections into Stinger?
    A: Stinger gets the option where a user can input upto 1000 MD5 hashes as a custom made blacklist. Throughout a system scan, if any documents fit the habit blacklisted hashes – the files will get deleted and detected. This feature is provided to assist power users who have isolated a malware sample(s) for which no detection is available yet in the DAT files or GTI File Reputation. To leverage this attribute:

    1. In the Stinger interface goto the Advanced –> Blacklist tab.
    2. During a scan, documents which match the hash is going to have detection title of Stinger! . Total dat repair is put on the detected file.
    3. Documents which are digitally signed with a valid certificate or people hashes that are already marked as clean in GTI File Reputation won’t be detected as part of the custom blacklist. This is a safety feature to prevent customers from accidentally deleting documents.

    Q: How How do run Stinger without the Actual Protect component becoming installed?
    A: The Stinger-ePO package doesn’t execute Real Protect. So as to conduct Stinger without Real Protect becoming installed, execute Stinger.exe –ePO

Leave a Reply

Your email address will not be published. Required fields are marked *