McAfee Stinger is a standalone utility used to detect and remove specific viruses. It finds and removes threats identified under the”Threat List” option under Advanced menu choices in the Stinger application.

McAfee Stinger now finds and eliminates GameOver Zeus and CryptoLocker.

How do you use Stinger?

  • Once prompted, choose to save the file to a convenient place in your hard diskdrive, such as the Desktop folder.
  • When the downloading is complete, navigate to the folder that comprises the downloaded Stinger record, and run it.
  • The Stinger interface will be displayed. If needed, click on the”Customize my scan” link to include extra drives/directories to a scan.
  • Stinger has the capability to scan targets of Rootkits, which is not allowed by default.
  • Click on the Scan button to start scanning the specified drives/directories.
  • By default, Stinger will repair any infected files it finds.
  • Stinger leverages GTI File Reputation and operates community heuristics at Moderate level . If you select”High” or”Very High,” McAfee Labs recommends you place the”On threat detection” actions to”Report” just for the first scan.To learn more about GTI File Reputation visit the following KB articles

    KB 53735 – FAQs for Global Threat Intelligence File Reputation

    KB 60224 – How to verify that GTI File Reputation is installed correctly

    KB 65525 – Identification generically found malware (International Threat Intelligence detections)

Often Asked Questions

Q: I know I have a virus, but Stinger did not find one.Read about stinger deutsch At website What’s this?
An: Stinger is not a substitute for an entire anti-virus scanner. It’s simply designed to find and remove specific threats.

Q: Stinger found a virus it couldn’t fix. What’s this?
A: That is probably because of Windows System Restore functionality using a lock on the infected file. Windows/XP/Vista/7 users must disable system restore prior to scanning.

Q: How Where is your scan log stored and how can I see them?
A: By default the log file is saved in where Stinger.exe is run. Within Stinger, navigate to the log TAB along with the logs are displayed as record with time stamp, clicking onto the log file name opens the file in the HTML format.

Q: How Where are the Quarantine files stored?

Q: what’s the”Threat List” option under Advanced menu used for?
This list does not include the results from running a scan.

Q: Are there any command-line parameters available when conducting Stinger?
A: Yes, even the command-line parameters have been exhibited by going to the help menu in Stinger.

Q: I conducted Stinger and now have a Stinger.opt file, what’s that?
A: When Stinger conducts it creates the Stinger.opt file that saves the recent Stinger configuration. After you run Stinger the next time, your prior configuration is used provided that the Stinger.opt document is in the identical directory as Stinger.

Q: Stinger updated elements of VirusScan. Is this expected behavior?
A: When the Rootkit scanning option is chosen within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) to a McAfee endpoint is going to be updated to 15.x. These documents are set up only if newer than what’s about the machine and is required to scan for today’s creation of newer rootkits. In case the rootkit scanning alternative is disabled inside Stinger — that the VSCore upgrade will not happen.

Q: How Does Stinger work rootkit scanning when installed through ePO?
A: We have disabled rootkit scanning in the Stinger-ePO bundle to set a limit on the auto update of VSCore components once an admin deploys Stinger to thousands of machines. To Allow rootkit scanning in ePO mode, please utilize these parameters while assessing in the Stinger package in ePO:

–reportpath=%temp% –rootkit


Q: How What versions of Windows are encouraged by Stinger?
Moreover, Stinger requires the system to have Internet Explorer 8 or over.

Q: What are the requirements for Stinger to perform at a Win PE environment?
A: While creating a custom Windows PE image, add support to HTML Application components using the instructions supplied within this walkthrough.

Q: How can I obtain hold for Stinger?
A: Stinger isn’t a supported application. McAfee Labs makes no guarantees concerning this product.

Q: how How do I add customized detections to Stinger?
A: Stinger gets the option where a user can input upto 1000 MD5 hashes as a customized blacklist. Throughout a system scan, if any documents match the custom blacklisted hashes – that the files will get deleted and noticed. This attribute is provided to assist power users that have isolated an malware sample(s) that no detection is available yet in the DAT files or GTI File Reputation. To leverage this feature:

  1. In the Stinger port goto the Advanced –> Blacklist tab.
  2. During a scan, files which fit the hash is going to have detection name of Stinger! . Total dat fix is put on the detected file.
  3. Files that are digitally signed using a valid certification or people hashes which are already marked as clean from GTI File Reputation won’t be detected as a member of the customized blacklist. This is a security feature to prevent users from accidentally deleting documents.

Q: How How do run Stinger without the Actual Protect component getting installed?
A: The Stinger-ePO bundle does not execute Real Protect. In order to conduct Stinger with no Real Protect becoming installed, do Stinger.exe –ePO