It’s not a substitute for full antivirus protection, however, also a specialized tool to assist administrators and users when dealing with infected system.

McAfee Stinger now detects and eliminates GameOver Zeus and CryptoLocker.

How can you use Stinger?
  • Once prompted, choose to save the file to a convenient place on your hard diskdrive, like the Desktop folder.
  • Once the download is complete, navigate to the folder that includes the downloaded Stinger document, and run it.
  • The Stinger interface will be displayed. If needed, click the”Customize my scanning” link to include additional drives/directories for your scan.
  • Stinger has the capability to scan goals of Rootkits, which is not enabled by default.
  • Click the Scan button to start scanning the specified drives/directories.
  • By default, Stinger will repair any infected files that it finds.
  • Stinger leverages GTI File Reputation and operates community heuristics at Moderate level . If you choose”High” or”Very High,” McAfee Labs recommends you place the”On hazard detection” actions to”Report” just for the first scan.

    To learn more about GTI File Reputation see the following KB articles

    KB 53735 – FAQs for International Threat Intelligence File Reputation

    KB 60224 – The best way to confirm that GTI File Reputation is set up properly

    KB 65525 – Identification of generically found malware (Global Threat Intelligence detections)

  • Often Asked Questions

    Q: I understand I have a virus, however, Stinger didn’t detect one.Read more At website Articles Why is this?
    A: Stinger isn’t a substitute for a full anti virus scanner. It’s just designed to detect and remove certain threats.

    Q: Stinger found a virus it couldn’t fix. What’s this?
    A: This is most likely due to Windows System Restore performance using a lock on the infected file. Windows/XP/Vista/7 consumers should disable system restore before scanning.

    Q: how Where’s the scanning log stored and how do I see them?
    A: By default the log file is saved in where Stinger.exe is conducted. Inside Stinger, browse to the log TAB along with the logs will be displayed as list with time stamp, clicking on the log file name opens the file from the HTML format.

    Q: Which are the Quarantine files saved?

    A: The Threat List provides a listing of malware that Stinger is configured to discover. This list doesn’t include the results of running a scan.

    Q: Are there some command-line parameters accessible when running Stinger?
    A: Yes, even the command-line parameters are exhibited by going to the help menu in Stinger.

    Q: I ran Stinger and now have a Stinger.opt file, what is that?
    A: When Stinger conducts it creates the Stinger.opt file that saves the recent Stinger configuration. When you operate Stinger the next time, your prior configuration is used as long as the Stinger.opt file is in the identical directory as Stinger.

    Q: Stinger updated elements of VirusScan. Is this expected behaviour?
    A: as soon as the Rootkit scanning alternative is chosen within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) on a McAfee endpoint is going to be upgraded to 15.x. These files are installed only if newer than what’s on the machine and is required to scan for the current creation of newer rootkits. If the rootkit scanning option is disabled inside Stinger — that the VSCore update won’t occur.

    Q: Does Stinger perform rootkit scanning when installed through ePO?
    A: We’ve disabled rootkit scanning from the Stinger-ePO bundle to restrict the auto update of VSCore parts as soon as an admin deploys Stinger to thousands of machines. To Allow rootkit scanning in ePO mode, please utilize these parameters while assessing in the Stinger bundle in ePO:

    –reportpath=%yolk% –rootkit

    Q: How What versions of Windows are encouraged by Stinger?
    Additionally, Stinger requires the device to have Internet Explorer 8 or above.

    Q: Which are the requirements for Stinger to do at a Win PE surroundings?
    A: While developing a custom Windows PE picture, add support for HTML Application parts using the instructions given in this walkthrough.

    Q: How How do I obtain assistance for Stinger?
    An: Stinger isn’t a supported application. McAfee Labs makes no guarantees about this product.

    Q: How How can I add custom detections to Stinger?
    A: Stinger gets the option where a user may input upto 1000 MD5 hashes as a custom made blacklist. During a system scan, even if any files match the custom blacklisted hashes – the documents will get detected and deleted. This attribute is provided to assist power users who have isolated a malware sample(s) for which no detection can be found yet in the DAT files or GTI File Reputation. To leverage this feature:

    1. In the Stinger interface goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be discovered either through the Input Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be contained in the scanning. SHA1, SHA 256 or other hash kinds are unsupported.
    3. During a scan, files which fit the hash will have a detection title of Stinger! . Full dat fix is put on the file.
    4. Documents that are digitally signed with a valid certificate or those hashes that are already marked as clean from GTI File Reputation will not be detected as part of their custom blacklist. This is a security feature to prevent users from accidentally deleting files.

    Q: How can run Stinger without the Actual Protect component becoming installed?
    A: The Stinger-ePO package doesn’t execute Real Protect. So as to operate Stinger with no Real Protect becoming installed, do Stinger.exe –ePO