
McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses.
It is not a substitute for full anti-virus protection, but rather a tool to
assist administrators and users when dealing with an infected system. Stinger
utilizes next generation scan engine technology, including process scanning,
digitally signed DAT files, and scan performance optimizations.

How do I use Stinger?

  * Download Stinger.exe [30]  v1.9.4 [718,343 bytes] (12/21/2003)
    * or Download ePOStg194.Zip [31]  EPO deployable version (for EPO
      administrators). Instructions for EPO 2.5X [32]  and EPO 3.X [33]  are
      available.

    This version of Stinger includes detection for all known variants, as of
    December 21st, 2003:

BackDoor-AQJ    Bat/Mumu.worm    Exploit-DcomRpc

IPCScan    IRC/Flood.ap    IRC/Flood.bi

IRC/Flood.cd    NTServiceLoader    PWS-Narod

PWS-Sincom    W32/Bugbear@MM    W32/Deborm.worm.gen

W32/Dumaru@MM    W32/Elkern.cav    W32/Fizzer.gen@MM

W32/FunLove    W32/Klez    W32/Lirva

W32/Lovgate    W32/Lovsan.worm    W32/Mimail@MM

W32/MoFei.worm    W32/Mumu.b.worm    W32/Nachi.worm

W32/Nimda    W32/Pate    W32/Sdbot.worm.gen

W32/Sober@MM    W32/SirCam@MM    W32/Sobig

W32/SQLSlammer.worm    W32/Swen@MM    W32/Yaha@MM

  * When prompted, choose to save the file to a convenient location on your
    hard disk (such as your Desktop folder).

  * When the download is complete, navigate to the folder that contains the
    downloaded Stinger.exe file, and run it. WindowsME/XP users read this
    first [34] .

  * The Stinger interface will be displayed.

  * If necessary, click the Add or Browse button to add additional
    drives/directories to scan. By default the C: drive will be scanned.
  * Click the Scan Now button to begin scanning the specified
    drives/directories.
  * By default Stinger will repair all infected files found.

Frequently Asked Questions

  * What is the List Viruses button used for?
    * A list of the viruses that stinger is configured to detect is displayed
      when pressing the List Viruses button. This virus list does not contain
      the results from running a scan.

  * How do I save the scan results to a log file?
    * Click the File menu and select Save report to file

  * I know I have a virus, but Stinger did not detect one. Why is this?
    * Stinger is not a substitute for a full anti-virus scanner. It is only
      designed to detect and remove specific threats.

  * How can I get support for Stinger?
    * Stinger is not a supported application. AVERT makes no guarantees about
      this product.

  * Stinger found a virus that it couldn't repair. Why is this?
    * This is most likely due to Windows System Restore functionality having a
      lock on the infected file. WindowsME/XP users should disable system
      restore [35]  prior to scanning.

  * Are there any command-line parameters available when running Stinger?
    * Yes, the parameters are displayed when passing STINGER.EXE the /?
      switch:
      * /ADL - Scan all local drives.
      * /GO - Start scanning immediately.
      * /LOG - Save the log file after scans.
      * /SILENT - Do not display graphical interface.

  * I ran Stinger and now have a Stinger.opt file, what is that?
    * When Stinger runs it creates the Stinger.opt file that saves the current
      Stinger configuration. This way when you run Stinger the next time your
      previous configuration is what is used, as long as the Stinger.opt file
      is in the same directory as Stinger.exe

  * Where can I send feedback to regarding Stinger?
    * Send your feedback to Stinger@avertlabs.com [36]

Update History

  * 12/22/2003
    * Posted ePO version 1.9.4

  * 12/21/2003
    * Added W32/Sober.c@MM, W32/Mimail.j - .o

  * 12/18/2003
    * Added W32/Sober.b@MM

  * 11/14/2003
    * Added W32/Mimail.d - .i

  * 11/11/2003
    * Enhanced W32/Sober@MM repair

  * 10/31/2003
    * Added W32/mimail.c@MM

  * 10/28/2003
    * Added W32/Sober@MM, W32/Dumaru.o - .r

  * 10/10/2003
    * Added W32/Pate, W32/Dumaru.e - .m

  * 10/01/2003
    * Posted version 1.8.7 with new expiration date
    * Posted ePO version 1.8.7

  * 9/25/2003
    * Posted ePO version 1.8.6

  * 9/19/2003
    * Added W32/Swen@MM, W32/Yaha.x@MM and W32/Yaha.y@MM

  * 8/28/2003
    * Added W32/Dumaru.b - .d and PWS-Narod, Posted ePO version 1.8.5

  * 8/19/2003
    * Added W32/Dumaru@MM, W32/Sobig.f@MM

  * 8/18/2003
    * Added W32/Nachi.worm, W32/Lovsan.worm.d

  * 8/15/2003
    * Posted ePO version 1.8.2

  * 8/14/2003
    * Corrected issue, which prevented W32/Lovsan.worm.a from being repaired
      properly

  * 8/13/2003
    * Added Exploit-DcomRpc, W32/Lovsan.worm.a & .b, and generic
      W32/Lovsan.worm to version 1.8.1, posted ePO version 1.8.0

  * 8/11/2003
    * Added W32/Lovsan.worm

  * 8/01/2003
    * Added W32/Mimail@MM, posted ePO version 1.7.9

  * 7/30/2003
    * Added IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, W32/Sdbot.worm.gen, and
      W32/MoFei.worm

  * 7/21/2003
    * Added W32/Deborm.worm.gen

  * 7/03/2003
    * ePO verson 1.7.6 posted

  * 7/02/2003
    * Added W32/Mumu.worm.b and PWS-Sincom

  * 6/25/2003
    * Added W32/Sobig@MM variants

  * 6/20/2003
    * Minor detection name correction

  * 6/19/2003
    * Added Bat/Mumu.worm, IPCScan trojan, NTServiceLoader trojan, PCGhost
      application, RemoteProcesslLaunch application, W32/Lovgate.n@M, and
      W32/Yaha.t@MM - .u@MM

  * 6/5/2003
    * Added W32/Bugbear.b@MM

  * 5/16/2003
    * Added W32/Lovgate.j@M through .m@M
    * Resolved an issue where Stinger was not preserving the last access date
      on files.
    * Posted ePO Deployable version of Stinger 1.6

  * 5/12/2003
    * Added W32/Fizzer@MM and W32/Yaha.s@MM

  * 4/14/2003
    * Added W32/Lovgate.e@M - W32/Lovgate.g@M, updated BackDoor-AQJ detection,
      W32/Yaha.m@MM - W32/Yaha.r@MM
    * Includes self-validation integrity check

  * 2/26/2003
    * Added W32/Lovgate.a@M - W32/Lovgate.d@M, BackDoor-AQJ, W32/Sircam@MM,
      W32/Funlove@MM, and W32/Nimda.a@MM - W32/Nimda.q@MM

  * 2/14/2003
    * Posted EPO deployable version of Stinger.exe

  * 1/25/2003
    * Added W32/SQLSlammer.worm and name detection for W32/Lirva.c@MM

  * 1/08/2003
    * Added W32/Lirva.a@MM and W32/Yaha.m@MM

  * 12/30/2002
    * Added W32/Yaha.a@MM - W32/Yaha.l@MM
    * DAT files are now stored in the executable

  * 10/09/2002
    * Removed Rwabs.dll dependency as it caused problems for users who had
      very old versions of the scan engine installed
    * Allows users to enter a drive letter or driver letter: when configuring
      Stinger to scan for additional drives
    * Clarified the purpose of the List Viruses button

  * 10/04/2002
    * Reposted package as self-extracting archive instead of .zip archive,
      updated DAT files to include detection for corrupted W32/Bugbear.dam
      files.

Site Map [37]  | Feedback Guide [38]  | Privacy Policy [39]  | Anti-Piracy
Policy [40]

(c) Copyright 2002 Network Associates Technology, Inc. All Rights Reserved

----------
Site notes:
  [1] http://www.networkassociates.com/us/index.asp
  [2] http://www.networkassociates.com/us/index.asp
  [3] http://www.networkassociates.com/us/products/mcafee_security_home.htm
  [4] http://www.networkassociates.com/us/products/sniffer/home.asp
  [5] http://www.networkassociates.com/us/products/sniffer/home.asp
  [6] http://www.networkassociates.com/us/products/home.htm
  [7] http://www.networkassociates.com/us/services/home.htm
  [8] http://www.networkassociates.com/us/support/default.asp
  [9] http://www.networkassociates.com/us/downloads/default.asp
  [10] http://www.networkassociates.com/us/security/home.asp
  [11] /vil/default.asp
  [12] /vil/content/alert.htm
  [13] /vil/newly-discovered-viruses.asp
  [14] /vil/recently-updated-viruses.asp
  [15] /vil/hoaxes.asp
  [16] /vil/calendar/calendar.asp
  [17] /vil/white-paper.asp
  [18] /vil/submit-sample.asp
  [19] https://www.webimmune.net
  [20] http://networkassociates.nai.com/us/downloads/updates
  [21]
http://www.mcafeeb2b.com/naicommon/avert/virus-alerts/avert-risk-assessment.asp
  [22]
http://www.mcafeeb2b.nai.com/naicommon/avert/avert-research-center/default.asp
  [23] http://www.iss.net/security_center/search.php
  [24] http://www.networkassociates.com/us/partners/default.asp
  [25] http://www.networkassociates.com/us/about/home.htm
  [26] http://www.networkassociates.com/us/buy/default.asp
  [27] https://secure.nai.com/us/forms/downloads/upgrades/login.asp
  [28] http://www.networkassociates.com/us/downloads/evals/default.asp
  [29] http://www.networkassociates.com/us/contact/home.htm
  [30] http://download.nai.com/products/mcafee-avert/stinger.exe
  [31] http://download.nai.com/products/mcafee-avert/ePOStg194.Zip
  [32]
http://download.nai.com/products/mcafee-avert/stingerdocs/
stinger_epo_25_251_instructions.txt
  [33]
http://download.nai.com/products/mcafee-avert/stingerdocs/
stinger_epo_30_instructions.txt
  [34] http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
  [35] http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
  [36] mailto:Stinger@avertlabs.com
  [37] http://www.networkassociates.com/us/sitemap.htm
  [38] https://secure.nai.com/us/forms/support/web_feedback_form.asp
  [39] http://www.networkassociates.com/us/privacy.htm
  [40] http://www.networkassociates.com/us/antipiracy_policy.htm
