McAfee Stinger is a standalone utility used to discover and remove details viruses. It’& rsquo; s not a substitute for full anti-viruses defense, yet a specialized device to aid administrators as well as individuals when taking care of contaminated system. Stinger utilizes next-generation check technology, consisting of rootkit scanning, and check performance optimizations. It identifies and also removes threats recognized under the “” Threat Checklist”” choice under Advanced food selection choices in the Stinger application.
McAfee Stinger now finds and also removes GameOver Zeus and also CryptoLocker.
Just how do you make use of Stinger?
- Download the latest version of Stinger.
- When triggered, choose to save the data to a hassle-free place on your hard disk, such as your Desktop computer folder.
- When the download is complete, browse to the folder that contains the downloaded and install Stinger documents, as well as run it.
- The Stinger interface will certainly be displayed.
- By default, Stinger checks for running procedures, loaded modules, registry, WMI and directory site locations understood to be utilized by malware on an equipment to keep scan times minimal. If essential, click the “” Personalize my scan”” link to add added drives/directories to your scan.
- Stinger has the capacity to scan targets of Rootkits, which is not enabled by default.
- Click the Check switch to start scanning the specified drives/directories.
- By default, Stinger will repair any type of contaminated documents it locates.
- Stinger leverages GTI File Reputation and runs network heuristics at Tool level by default. If you select “” High”” or “” Very High,”” McAfee Labs recommends that you set the “” On hazard discovery”” action to “” Record”” just for the first scan.
To read more regarding GTI Data Credibility see the following KB short articles
KB 53735 – Frequently Asked Questions for Worldwide Risk Knowledge File Credibility
KB 60224 – How to confirm that GTI Documents Credibility is set up correctly
KB 65525 – Recognition of generically identified malware (International Risk Intelligence discoveries)
Frequently Asked Questions
Q: I recognize I have an infection, however Stinger did not spot one. Why is this?
A: Stinger is not a substitute for a full anti-virus scanner. It is just made to discover as well as eliminate certain risks.
Q: Stinger located a virus that it couldn'’ t fixing. Why is this? A: This is probably as a result of Windows System Bring back functionality having a lock on the infected documents. Windows/XP/Vista/ 7 users need to disable system bring back prior to scanning.
Q: Where is the check log saved and how can I see them?
A: By default the log data is saved from where Stinger.exe is run. Within Stinger, browse to the log TAB as well as the logs are shown as listing with time stamp, clicking the log documents name opens the file in the HTML layout.
Q: Where are the Quarantine submits stored?
A: The quarantine documents are kept under C: \ Quarantine \ Stinger.
Q: What is the “” Hazard Listing”” option under Advanced food selection used for?
A: The Threat Listing offers a listing of malware that Stinger is set up to discover. This checklist does not include the results from running a scan.
Q: Exist any kind of command-line parameters offered when running Stinger?
A: Yes, the command-line parameters are shown by going to the assistance menu within Stinger.
Q: I ran Stinger and currently have a Stinger.opt data, what is that?
A: When Stinger runs it creates the Stinger.opt documents that conserves the current Stinger arrangement. When you run Stinger the following time, your previous setup is utilized as long as the Stinger.opt data is in the very same directory site as Stinger.
Q: Stinger upgraded parts of VirusScan. Is this expected behavior?
A: When the Rootkit scanning choice is selected within Stinger choices –– VSCore documents (mfehidk.sys & & mferkdet.sys) on a McAfee endpoint will certainly be upgraded to 15.x. These data are mounted only if more recent than what'’ s on the system and is required to check for today’& rsquo; s generation of newer rootkits. If the rootkit scanning option is disabled within Stinger –– the VSCore upgrade will not occur.
Q: Does Stinger do rootkit scanning when deployed by means of ePO?
A: We’& rsquo; ve handicapped rootkit scanning in the Stinger-ePO bundle to restrict the vehicle upgrade of VSCore components when an admin deploys Stinger to thousands of machines. To allow rootkit scanning in ePO setting, please utilize the following specifications while signing in the Stinger bundle in ePO:
— reportpath=%temperature%– rootkit
For detailed directions, please describe KB 77981
Q: What versions of Windows are supported by Stinger?
A: Windows XP SP2, 2003 SP2, View SP1, 2008, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Furthermore, Stinger requires the maker to have Internet Explorer 8 or above.
Q: What are the demands for Stinger to implement in a Victory PE environment?
A: While creating a custom Windows PE image, include support for HTML Application components making use of the directions supplied in this walkthrough.
Q: Just how can I get assistance for Stinger?
A: Stinger is not a supported application. McAfee Labs makes no warranties concerning this product.
Q: How can I add custom detections to Stinger?
A: Stinger has the choice where a user can input upto 1000 MD5 hashes as a custom-made blacklist. During a system scan, if any type of files match the custom-made blacklisted hashes – the data will obtain detected as well as erased. This feature is offered to assist power customers that have actually separated a malware sample(s) for which no detection is readily available yet in the DAT data or GTI File Track Record. To utilize this function:
- From the Stinger interface goto the Advanced–> > Blacklist tab.
- Input MD5 hashes to be identified either via the Enter Hash button or click the Tons hash Listing switch to point to a text file consisting of MD5 hashes to be included in the check. SHA1, SHA 256 or other hash kinds are in need of support.
- During a check, documents that match the hash will certainly have a detection name of Stinger!<>. Complete dat repair service is applied on the discovered data.
- Files that are digitally authorized using a legitimate certification or those hashes which are already marked as clean in GTI Data Reputation will certainly not be found as part of the custom blacklist. This is a safety attribute to prevent individuals from unintentionally erasing data.
Q: How can run Stinger without the Real Protect element obtaining installed?
A: The Stinger-ePO package does not implement Genuine Protect. In order to run Stinger without Real Protect obtaining mounted, implement Stinger.exe