How to Utilize Stinger

  • -

How to Utilize Stinger

Category : 1

It finds and removes threats identified below the”Threat List” option under Advanced menu choices in the Stinger application.

McAfee Stinger now detects and eliminates GameOver Zeus and CryptoLocker.

How can you use Stinger?

  1. Download the latest version of Stinger.
  2. When prompted, choose to save the file to a suitable place in your hard disk, like the Desktop folder.
  3. Once the download is complete, browse to the folder that contains the downloaded Stinger document, and execute it.
  4. The Stinger interface will be shown.
  5. By default, Stinger scans for running processes, loaded modules, registry, WMI and directory places known to be employed by malware on a machine to keep scan times minimum. If needed, click on the”Customize my scanning” link to add extra drives/directories to your scan.
  6. Stinger has the capacity to scan goals of Rootkits, which is not enabled by default.
  7. Click the Scan button to begin scanning the given drives/directories.
  8. By default, Stinger will repair any infected files it finds.
  9. Stinger Requires GTI File Reputation and conducts network heuristics at Medium level by default. If you select”High” or”Very High,” McAfee Labs recommends that you set the”On hazard detection” actions to”Report” just for the initial scan.

    Q: I understand I have a virus, however, Stinger didn’t find one. What’s this?
    An: Stinger is not a replacement for an entire anti-virus scanner.Read about At website It’s simply supposed to detect and remove certain threats.

    Q: Stinger discovered a virus that it couldn’t fix. Why is this?
    A: That is probably due to Windows System Restore performance having a lock to the infected document. Windows/XP/Vista/7 consumers must disable system restore prior to scanning.

    Q: Where is the scan log saved and how do I view them?
    A: By default the log file is saved in where Stinger.exe is run. Within Stinger, browse into the log TAB along with the logs have been displayed as list of the time stamp, clicking onto the log file name opens the file in the HTML format.

    Q: Where are the Quarantine files stored?
    A: The quarantine files are stored under C:\Quarantine\Stinger.

    Q: What is the”Threat List” option under Advanced menu employed for?
    A: The Threat List provides a list of malware that Stinger has been configured to discover. This listing doesn’t contain the results of running a scan.

    Q: Why Are there some command-line parameters accessible when running Stinger?
    A: Yes, even the command-line parameters are shown by going to the help menu inside Stinger.

    Q: I ran Stinger and finally have a Stinger.opt record, what’s that?
    A: When Stinger runs it creates the Stinger.opt file which saves the current Stinger configuration. After you run Stinger the next time, your prior configuration is utilized as long as the Stinger.opt file is in precisely the exact same directory as Stinger.

    Q: Stinger updated elements of VirusScan. Is this expected behavior?
    A: whenever the Rootkit scanning option is selected within Stinger preferences — VSCore files (mfehidk.sys & mferkdet.sys) on a McAfee endpoint is going to be updated to 15.x. These documents are installed only if newer than what’s on the machine and is required to scan for today’s generation of newer rootkits. If the rootkit scanning option is disabled in Stinger — the VSCore upgrade will not happen.

    Q: How Does Stinger perform rootkit scanning when deployed through ePO?
    A: We’ve disabled rootkit scanning from the Stinger-ePO package to restrict the auto update of VSCore components as soon as an admin deploys Stinger to tens of thousands of machines. To Allow rootkit scanning in ePO style, please use the following parameters while assessing in the Stinger package in ePO:

    –reportpath=%yolk% –rootkit

    Q: What versions of Windows are supported by Stinger?
    A: Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7, 8, 10, 10, 2012, 2016, RS1, RS2, RS3, RS4, RS5, 19H1, 19H2. Furthermore, Stinger requires the system to have Web Explorer 8 or above.

    Q: Which are the requirements for Stinger to perform in a Win PE surroundings?
    A: While creating a custom Windows PE image, add support to HTML Application parts utilizing the directions supplied within this walkthrough.

    Q: How How do I get hold for Stinger?
    An: Stinger isn’t a supported program. McAfee Labs makes no warranties about this item.

    Q: How can I add custom detections to Stinger?
    A: Stinger gets the choice where a user can input upto 1000 MD5 hashes as a custom made blacklist. Throughout a system scan, even if any files fit the habit blacklisted hashes – the files will get deleted and noticed. This attribute is provided to assist power users who have isolated an malware sample(s) for which no detection is available however from the DAT files or GTI File Reputation. To leverage this attribute:

    1. From the Stinger interface goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be detected either via the Enter Hash button or click the Load hash List button to point to a text file containing MD5 hashes to be included in the scan. SHA1, SHA 256 or other hash types are jobless.
    3. During a scan, documents which match the hash will have a detection title of Stinger! . Total dat repair is used on the file.
    4. Documents that are digitally signed with a valid certificate or those hashes which are already marked as blank in GTI File Reputation won’t be detected as a member of the custom blacklist. This is a safety feature to prevent users from accidentally deleting files.

    Q: How How can run Stinger without the Actual Protect component becoming installed?
    A: The Stinger-ePO bundle doesn’t fulfill Actual Protect. In order to run Stinger without Real Protect becoming installed, execute Stinger.exe –ePO