Contents
Cal Poly Pomona

Cleaning your computer with Stinger

Disable the System Restore Utility First (Windows XP Users)

  1. Right click the My Computer icon on the Desktop and click on Properties.
  2. Click on the System Restore tab.
  3. Put a check mark next to 'Turn off System Restore on All Drives'.
  4. Click the 'OK' button.
  5. You will be prompted to restart the computer. Click Yes.

Note: To re-enable the Restore Utility after you have used Stinger to clean you machine, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

Downloading and using the most current version of McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

How do I use Stinger?

Download s-t-i-n-g-e-r.exe v2.5.4 [1,103,367 bytes] (5/02/2005)
MD5: 0x5fc2e85484fb7486eaa34304d7601c1d
NOTE: The filename has been changed from "stinger.exe" to "s-t-i-n-g-e-r.exe" to circumvent anti-stinger tactics used by Sober.p.

If you are having trouble getting it from the McAfee site, you can also download it from the Cal Poly Pomona licensed software archive (login required).

(Or Download ePOStg245.Zip EPO deployable version (for EPO administrators). Instructions for EPO 2.5X and EPO 3.X are available.)


This version of Stinger includes detection for all known variants, as of May 2, 2005:

BackDoor-AQJ

BackDoor-ALI

BackDoor-CEB

BackDoor-JZ

Bat/Mumu.worm

Exploit-DcomRpc

Exploit-LSASS

IPCScan

IRC/Flood.ap

IRC/Flood.bi

IRC/Flood.cd

NTServiceLoader

PWS-Narod

PWS-Sincom.dll

W32/Anig.worm

W32/Bagle@MM

W32/Blaster.worm (Lovsan)

W32/Bropia.worm

W32/Bugbear@MM

W32/Deborm.worm.gen

W32/Doomjuice.worm

W32/Dumaru

W32/Elkern.cav

W32/Fizzer.gen@MM

W32/FunLove

W32/Klez

W32/Korgo.worm

W32/Lirva

W32/Lovgate

W32/Mimail

W32/MoFei.worm

W32/Mumu.b.worm

W32/MyDoom

W32/Nachi.worm

W32/Netsky

W32/Nimda

W32/Pate

W32/Polybot

W32/Sasser.worm

W32/SirCam@MM

W32/Sober

W32/Sobig

W32/SQLSlammer.worm

W32/Swen@MM

W32/Yaha@MM

W32/Zafi

W32/Zindos.worm

 

  1. When prompted, choose to save the file to a convenient location on your hard disk (such as your Desktop folder).
  2. When the download is complete, navigate to the folder that contains the downloaded Stinger file, and run it.  
  3. The Stinger interface will be displayed.
  4. If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned.
  5. Click the Scan Now button to begin scanning the specified drives/directories.
  6. By default Stinger will repair all infected files found.

Frequently Asked Questions

  1. What is the List Viruses button used for?
    A list of the viruses that stinger is configured to detect is displayed when pressing the List Viruses button. This virus list does not contain the results from running a scan.
  2. How do I save the scan results to a log file?
    Click the File menu and select Save report to file
  3. I know I have a virus, but Stinger did not detect one. Why is this?
    Stinger is not a substitute for a full anti-virus scanner. It is only designed to detect and remove specific threats.
  4. How can I get support for Stinger?
    Stinger is not a supported application. AVERT makes no guarantees about this product.
  5. Stinger found a virus that it couldn't repair. Why is this?
    This is most likely due to Windows System Restore functionality having a lock on the infected file. WindowsME/XP users should disable system restore prior to scanning.
  6. Are there any command-line parameters available when running Stinger?
    Yes, the parameters are displayed when passing Stinger the /? switch:
    • /ADL - Scan all local drives. /GO - Start scanning immediately.
    • /LOG - Save the log file after scans.
    • /SILENT - Do not display graphical interface.
  7. I ran Stinger and now have a Stinger.opt file, what is that?
    When Stinger runs it creates the Stinger.opt file that saves the current Stinger configuration. This way when you run Stinger the next time your previous configuration is what is used, as long as the Stinger.opt file is in the same directory as Stinger.

http://vil.nai.com/vil/stinger/

  Did you find what you were looking for?