How to Use Stinger

How to Use Stinger

It’s not a substitute for full antivirus protection, but an specialized tool to assist administrators and users when dealing with infected system. Stinger uses next-generation scan technology, such as rootkit scanning, and scan performance optimizations.

McAfee Stinger now finds and eliminates GameOver Zeus and CryptoLocker.

How do you use Stinger?
  • When prompted, choose to save the file to a convenient place in your hard disk, such as the Desktop folder.
  • Once the download is complete, browse to the folder which comprises the downloaded Stinger document, and execute it. If necessary, click the”Customize my scan” link to include additional drives/directories to your scan.
  • Stinger has the capability to scan goals of Rootkits, which isn’t allowed by default.
  • Click on the Scan button to begin scanning the specified drives/directories.
  • By default, Stinger will repair any infected files that it finds.
  • Stinger Requires GTI File Reputation and conducts network heuristics at Moderate level . If you choose”High” or”Very High,” McAfee Labs recommends that you set the”On threat detection” activity to”Report” only for the first scan.

    To Find out More about GTI File Reputation visit the following KB articles

    KB 53735 – FAQs for International Threat Intelligence File Reputation

    KB 60224 – The best way to verify that GTI File Reputation is set up properly

    KB 65525 – Identification of generically found malware (International Threat Intelligence detections)

  • Often Asked Questions

    Q: I understand I have a virus, but Stinger did not detect one.Read here At our site Why is this?
    A: Stinger isn’t a substitute for an entire anti virus scanner. It’s just designed to find and remove certain threats.

    Q: Stinger discovered a virus it couldn’t fix. What’s this?
    A: This is most likely because of Windows System Restore performance using a lock on the infected file. Windows/XP/Vista/7 consumers must disable system restore before scanning.

    Q: Where is the scanning log stored and how do I see them?
    Within Stinger, browse to the log TAB along with the logs are all displayed as list of time stamp, clicking on the log file name opens the file from the HTML format.

    Q: How Which would be the Quarantine files stored?

    This list does not comprise the results of running a scan.

    Q: Why Are there some command-line parameters accessible when conducting Stinger?
    A: Yes, even the command-line parameters have been exhibited by going to the help menu inside Stinger.

    Q: I conducted Stinger and finally have a Stinger.opt file, what’s that?
    A: When Stinger conducts it generates the Stinger.opt record which saves the current Stinger configuration. After you operate Stinger the next time, your previous configuration is employed provided that the Stinger.opt document is in the identical directory as Stinger.

    Is this expected behavior?
    A: as soon as the Rootkit scanning alternative is chosen within Stinger tastes — VSCore documents (mfehidk.sys & mferkdet.sys) on a McAfee endpoint will be upgraded to 15.x. These documents are set up only if newer than what’s on the machine and is needed to scan for the current generation of newer rootkits. In case the rootkit scanning option is disabled inside Stinger — that the VSCore upgrade will not occur.

    Q: How Can Stinger perform rootkit scanning when installed via ePO?
    A: We have disabled rootkit scanning in the Stinger-ePO bundle to restrict the vehicle upgrade of VSCore parts once an admin deploys Stinger to tens of thousands of machines. To Allow rootkit scanning in ePO style, please utilize the following parameters while checking in the Stinger package in ePO:

    –reportpath=%temp% –rootkit

    For detailed directions, please refer to KB 77981

    Q: What versions of Windows are backed by Stinger?
    Additionally, Stinger demands the machine to have Internet Explorer 8 or above.

    Q: Which are the requirements for Stinger to do in a Win PE environment?
    A: While creating a custom Windows PE picture, add support to HTML Application parts utilizing the instructions supplied within this walkthrough.

    Q: How How do I get assistance for Stinger?
    A: Stinger isn’t a supported program. McAfee Labs makes no guarantees about this item.

    Q: How How do I add custom detections into Stinger?
    A: Stinger gets the choice where a user can input upto 1000 MD5 hashes as a custom blacklist. Throughout a system scan, if any files match the custom blacklisted hashes – the files will get deleted and noticed. This feature is provided to help power users who have isolated an malware sample(s) that no detection can be found yet from the DAT files or GTI File Reputation. To leverage this attribute:

    1. In the Stinger interface goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be detected either through the Enter Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be included in the scan. SHA1, SHA 256 or other hash types are jobless.
    3. During a scan, files that match the hash will have a detection name of Stinger! . Complete dat fix is used on the found file.
    4. Files which are digitally signed with a valid certification or people hashes which are marked as blank from GTI File Reputation won’t be detected as part of the customized blacklist. This is a security feature to prevent customers from accidentally deleting files.

    Q: How can run Stinger with no Real Protect component becoming installed?
    A: The Stinger-ePO bundle doesn’t execute Real Protect. In order to run Stinger with no Real Protect getting installed, execute Stinger.exe –ePO