How to Use Stinger

Stinger uses next-generation scan technology, including rootkit scanning, and scan performance optimizations. It detects and eliminates threats identified below the”Threat List” option under Advanced menu choices in the Stinger application.

McAfee Stinger now detects and removes GameOver Zeus and CryptoLocker.

How can you utilize Stinger?
  • When prompted, choose to save the file to a suitable place on your hard disk, like your Desktop folder.
  • When the downloading is complete, browse to the folder which includes the downloaded Stinger file, and run it.
  • By default, Stinger scans for conducting procedures, loaded modules, registry, WMI and directory locations known to be used by malware onto a system to maintain scan times minimal. If needed, click on the”Customize my scanning” link to include extra drives/directories to your scan.
  • Stinger has the ability to scan goals of Rootkits, which isn’t allowed by default.
  • Click on the Scan button to begin scanning the specified drives/directories.
  • Stinger leverages GTI File Reputation and conducts network heuristics at Moderate level by default. If you select”High” or”Very High,” McAfee Labs recommends that you set the”On hazard detection” actions to”Report” only for the first scan.

    Q: I know I have a virus, however, Stinger did not detect one. What’s this?
    A: Stinger isn’t a substitute for an entire anti-virus scanner.Read about At website It is simply designed to find and remove certain threats.

    Q: Stinger found a virus that it couldn’t repair. What’s this?
    A: This is most likely due to Windows System Restore functionality having a lock on the infected document. Windows/XP/Vista/7 users should disable system restore prior to scanning.

    Q: How Where is your scan log stored and how do I see them?
    A: By default the log file is saved from where Stinger.exe is conducted. Within Stinger, navigate into the log TAB and the logs are all displayed as record of time stamp, clicking on the log file name opens the document from the HTML format.

    Q: Which would be the Quarantine documents stored?

    This listing doesn’t contain the results from running a scan.

    Q: Are there any command-line parameters available when running Stinger?
    A: Yes, even the command-line parameters have been displayed by going to the help menu inside Stinger.

    Q: I ran Stinger and finally have a Stinger.opt record, what is that?
    A: When Stinger conducts it generates the Stinger.opt document that saves the current Stinger configuration. After you operate Stinger the next time, your prior configuration is utilized as long as the Stinger.opt file is in the same directory as Stinger.

    Q: Stinger updated components of VirusScan. Is this expected behaviour?
    A: When the Rootkit scanning alternative is selected within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) to a McAfee endpoint will be upgraded to 15.x. These files are installed only if newer than what’s about the system and is needed to scan for the current generation of newer rootkits. In the event the rootkit scanning option is disabled inside Stinger — the VSCore update won’t happen.

    Q: How Can Stinger perform rootkit scanning when deployed via ePO?
    A: We’ve disabled rootkit scanning in the Stinger-ePO bundle to set a limit on the vehicle upgrade of VSCore components as soon as an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO manner, please use these parameters while checking in the Stinger bundle in ePO:

    –reportpath=%temp% –rootkit

    For detailed directions, please refer to KB 77981

    Q: What versions of Windows are backed by Stinger?
    In addition, Stinger demands the system to have Web Explorer 8 or above.

    Q: What are the prerequisites for Stinger to perform in a Win PE surroundings?
    A: when developing a custom Windows PE picture, add support for HTML Application parts using the instructions offered within this walkthrough.

    Q: How can I get hold for Stinger?
    An: Stinger isn’t a supported application. McAfee Labs makes no guarantees about this product.

    Q: How How do I add customized detections into Stinger?
    A: Stinger gets the option where a user can input upto 1000 MD5 hashes as a custom blacklist. Throughout a system scan, even if any files fit the habit blacklisted hashes – the files will get deleted and noticed. This attribute is provided to assist power users that have isolated a malware sample(s) for which no detection can be found however from the DAT files or GTI File Reputation. To leverage this feature:

    1. In the Stinger port goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be detected either through the Enter Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be contained in the scanning.
    3. During a scan, documents which fit the hash is going to have detection title of Stinger! . Full dat fix is applied on the file.
    4. Documents which are digitally signed with a valid certificate or people hashes that are already marked as blank from GTI File Reputation won’t be detected as a member of the custom made blacklist. This is a security feature to prevent users from accidentally deleting documents.

    Q: How do conduct Stinger with no Real Protect component getting installed?
    A: The Stinger-ePO package does not fulfill Actual Protect. To Be Able to run Stinger without Real Protect becoming installed, do Stinger.exe –ePO