McAfee Stinger is a standalone utility used to discover as well as get rid of certain viruses. It’& rsquo; s not a replacement for full anti-viruses protection, but a specialized tool to assist managers and users when dealing with infected system. Stinger makes use of next-generation check technology, consisting of rootkit scanning, and check efficiency optimizations. It finds as well as gets rid of threats determined under the “” Hazard Checklist”” alternative under Advanced food selection choices in the Stinger application.
McAfee Stinger currently detects as well as eliminates GameOver Zeus as well as CryptoLocker.
How do you make use of Stinger?
- Download the latest version of Stinger.
- When motivated, select to save the data to a convenient location on your hard drive, such as your Desktop folder.
- When the download is full, navigate to the folder that contains the downloaded Stinger documents, and also run it.
- The Stinger interface will certainly be presented.
- By default, Stinger scans for running processes, loaded modules, computer system registry, WMI as well as directory site places understood to be used by malware on an equipment to keep scan times minimal. If needed, click the “” Tailor my scan”” link to add added drives/directories to your check.
- Stinger has the ability to check targets of Rootkits, which is not allowed by default.
- Click the Check switch to begin checking the specified drives/directories.
- By default, Stinger will fix any kind of infected files it finds.
- Stinger leverages GTI Data Reputation and also runs network heuristics at Medium level by default. If you pick “” High”” or “” Very High,”” McAfee Labs advises that you establish the “” On hazard detection”” activity to “” Report”” just for the very first check.
To read more regarding GTI File Credibility see the complying with KB short articles
KB 53735 – Frequently Asked Questions for International Risk Intelligence Documents Reputation
KB 60224 – How to validate that GTI Data Reputation is mounted correctly
KB 65525 – Recognition of generically detected malware (International Hazard Knowledge detections)
by link stnger.exe website
Frequently Asked Questions
Q: I know I have an infection, yet Stinger did not spot one. Why is this?
A: Stinger is not a replacement for a full anti-virus scanner. It is only made to spot as well as eliminate specific risks.
Q: Stinger discovered a virus that it couldn'’ t repair. Why is this? A: This is more than likely because of Windows System Restore functionality having a lock on the contaminated documents. Windows/XP/Vista/ 7 customers need to disable system restore prior to scanning.
Q: Where is the check log saved and how can I view them?
A: By default the log file is saved from where Stinger.exe is run. Within Stinger, browse to the log TAB and also the logs are shown as list with time stamp, clicking the log data name opens up the documents in the HTML layout.
Q: Where are the Quarantine submits kept?
A: The quarantine files are saved under C: \ Quarantine \ Stinger.
Q: What is the “” Hazard Checklist”” choice under Advanced menu used for?
A: The Risk Checklist supplies a listing of malware that Stinger is configured to identify. This checklist does not contain the arise from running a scan.
Q: Are there any kind of command-line criteria readily available when running Stinger?
A: Yes, the command-line parameters are displayed by mosting likely to the help food selection within Stinger.
Q: I ran Stinger and now have a Stinger.opt documents, what is that?
A: When Stinger runs it develops the Stinger.opt file that conserves the present Stinger arrangement. When you run Stinger the next time, your previous configuration is used as long as the Stinger.opt file remains in the very same directory site as Stinger.
Q: Stinger upgraded components of VirusScan. Is this expected behavior?
A: When the Rootkit scanning alternative is selected within Stinger preferences –– VSCore data (mfehidk.sys & & mferkdet.sys) on a McAfee endpoint will certainly be updated to 15.x. These documents are installed just if more recent than what'’ s on the system and also is required to check for today’& rsquo; s generation of newer rootkits. If the rootkit scanning alternative is handicapped within Stinger –– the VSCore upgrade will certainly not occur.
Q: Does Stinger perform rootkit scanning when released by means of ePO?
A: We’& rsquo; ve disabled rootkit scanning in the Stinger-ePO plan to limit the vehicle upgrade of VSCore parts when an admin deploys Stinger to thousands of devices. To allow rootkit scanning in ePO setting, please utilize the adhering to parameters while checking in the Stinger bundle in ePO:
— reportpath=%temp%– rootkit
For detailed instructions, please refer to KB 77981
Q: What versions of Windows are sustained by Stinger?
A: Windows XP SP2, 2003 SP2, Panorama SP1, 2008, 7, 8, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. On top of that, Stinger requires the maker to have Web Explorer 8 or above.
Q: What are the demands for Stinger to carry out in a Victory PE setting?
A: While producing a customized Windows PE image, add assistance for HTML Application components using the guidelines given in this walkthrough.
Q: Just how can I get assistance for Stinger?
A: Stinger is not a sustained application. McAfee Labs makes no assurances concerning this item.
Q: Just how can I add personalized discoveries to Stinger?
A: Stinger has the alternative where a customer can input upto 1000 MD5 hashes as a custom-made blacklist. During a system check, if any files match the custom-made blacklisted hashes – the data will certainly get identified and also removed. This function is supplied to aid power users who have actually separated a malware example(s) for which no discovery is available yet in the DAT data or GTI Documents Reputation. To utilize this function:
- From the Stinger interface goto the Advanced–> > Blacklist tab.
- Input MD5 hashes to be detected either through the Get in Hash switch or click the Load hash List switch to point to a text file including MD5 hashes to be included in the scan. SHA1, SHA 256 or various other hash types are unsupported.
- Throughout a check, documents that match the hash will have a detection name of Stinger!<
>. Full dat fixing is used on the found file.
- Data that are digitally authorized utilizing a legitimate certificate or those hashes which are already noted as tidy in GTI Data Credibility will not be spotted as part of the custom-made blacklist. This is a security feature to stop users from mistakenly removing data.
Q: Just how can run Stinger without the Genuine Protect element getting mounted?
A: The Stinger-ePO plan does not implement Real Protect. In order to run Stinger without Real Protect getting installed, implement Stinger.exe