                                  McAfee Inc.

 [1]

 [2]

Search:       <___>

United States

Products [3]

Services [4]

Support [5]

Downloads [6]

Security HQ  [7]

-    Virus Information Library  [8]

-    Virus Alerts [9]

-    Newly Discovered Threats [10]

-    Recently Updated Threats [11]

-    Hoaxes [12]

-    Calendar [13]

-    White Papers [14]

-    Submit A Sample [15]

-    AVERT WebImmune [16]

-    Anti-Virus Updates [17]

-    AVERT Risk Assessment [18]

-    AVERT Research Center [19]
-    X-Force Security Database [20]
-->

Partners [21]

About Us [22]

Buy Products [23]

Upgrade Products [24]

Try Products [25]

Contact Us [26]

Global Sites:

(_)Select Country/Region
(_)Brasil
(_)Canada
(_) / China
(_)Deutschland
(_)España
(_)France
(_)Italia
(_)-本 / Japan
(_)한국 / Korea
(_)Middle East
(_)Nederland
(_)Sverige
(_)灣 / Taiwan
(_)United Kingdom
(_)United States

McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses.
It is not a substitute for full anti-virus protection, but rather a tool to
assist administrators and users when dealing with an infected system. Stinger
utilizes next generation scan engine technology, including process scanning,
digitally signed DAT files, and scan performance optimizations.

How do I use Stinger?

  * Download Stinger.exe [27]  v2.3.7 [794,119 bytes] (7/30/2004)
    * or Download ePOStg237.Zip [28]  EPO deployable version (for EPO
      administrators). Instructions for EPO 2.5X [29]  and EPO 3.X [30]  are
      available.

    This version of Stinger includes detection for all known variants, as of
    July 30, 2004:

BackDoor-AQJ    BackDoor-CFB    BackDoor-JZ

Bat/Mumu.worm    Exploit-DcomRpc    IPCScan

IRC/Flood.ap    IRC/Flood.bi    IRC/Flood.cd

NTServiceLoader    PWS-Narod    PWS-Sincom.dll

W32/Anig.worm    W32/Bagle@MM    W32/Blaster.worm (Lovsan)

W32/Bugbear@MM    W32/Deborm.worm.gen    W32/Doomjuice.worm

W32/Dumaru    W32/Elkern.cav    W32/Fizzer.gen@MM

W32/FunLove    W32/Klez    W32/Korgo.worm

W32/Lirva    W32/Lovgate    W32/Mimail

W32/MoFei.worm    W32/Mumu.b.worm    W32/MyDoom

W32/Nachi.worm    W32/Netsky    W32/Nimda

W32/Pate    W32/Polybot    W32/Sasser.worm

W32/Sdbot.worm.gen    W32/SirCam@MM    W32/Sober

W32/Sobig    W32/SQLSlammer.worm    W32/Swen@MM

W32/Yaha@MM    W32/Zafi    W32/Zindos.worm

  * When prompted, choose to save the file to a convenient location on your
    hard disk (such as your Desktop folder).

  * When the download is complete, navigate to the folder that contains the
    downloaded Stinger.exe file, and run it. WindowsME/XP users read this
    first [31] .

  * The Stinger interface will be displayed.

  * If necessary, click the Add or Browse button to add additional
    drives/directories to scan. By default the C: drive will be scanned.
  * Click the Scan Now button to begin scanning the specified
    drives/directories.
  * By default Stinger will repair all infected files found.

Frequently Asked Questions

  * What is the List Viruses button used for?
    * A list of the viruses that stinger is configured to detect is displayed
      when pressing the List Viruses button. This virus list does not contain
      the results from running a scan.

  * How do I save the scan results to a log file?
    * Click the File menu and select Save report to file

  * I know I have a virus, but Stinger did not detect one. Why is this?
    * Stinger is not a substitute for a full anti-virus scanner. It is only
      designed to detect and remove specific threats.

  * How can I get support for Stinger?
    * Stinger is not a supported application. AVERT makes no guarantees about
      this product.

  * Stinger found a virus that it couldn't repair. Why is this?
    * This is most likely due to Windows System Restore functionality having a
      lock on the infected file. WindowsME/XP users should disable system
      restore [32]  prior to scanning.

  * Are there any command-line parameters available when running Stinger?
    * Yes, the parameters are displayed when passing STINGER.EXE the /?
      switch:
      * /ADL - Scan all local drives.
      * /GO - Start scanning immediately.
      * /LOG - Save the log file after scans.
      * /SILENT - Do not display graphical interface.

  * I ran Stinger and now have a Stinger.opt file, what is that?
    * When Stinger runs it creates the Stinger.opt file that saves the current
      Stinger configuration. This way when you run Stinger the next time your
      previous configuration is what is used, as long as the Stinger.opt file
      is in the same directory as Stinger.exe

  * Where can I send feedback to regarding Stinger?
    * Send your feedback to Stinger@avertlabs.com [33]

Update History

  * 7/30/2004
    * Added BackDoor-CFB

  * 7/28/2004
    * Added W32/Zindos.worm

  * 7/26/2004
    * Added W32/Mydoom.o@mm

  * 7/19/2004
    * Added W32/Bagle.ai@mm
    * Added W32/Mydoom.n@mm
    * Added W32/Lovgate.ae - .ak@mm

  * 7/18/2004
    * Added W32/Bagle.ag - .ah@mm

  * 7/16/2004
    * Added W32/Bagle.ad - .af@mm

  * 7/02/2004
    * Added W32/Korgo.worm.p - .v
    * Added W32/Lovgate.ac@MM - .ad@MM
    * Added W32/Mydoom.l@MM - .m@MM

  * 6/14/2004
    * Added W32/Korgo.worm.a - .o
    * Added W32/Zafi.a@MM - .b@MM

  * 5/19/2004
    * Posted ePO Stinger version 2.2.7

  * 5/18/2004
    * Added W32/Bagle.ac@MM
    * Added W32/Dumaru.aj - .ap
    * Added W32/Lovgate.ab@MM
    * Added W32/Mydoom.k@MM
    * Added W32/Sasser.worm.f
    * Added W32/Sober.g@MM

  * 5/10/2004
    * Added W32/Bagle.ab@MM
    * Added W32/Netsky.ac - ad@MM
    * Added W32/Sasser.worm.e

  * 5/04/2004
    * Added W32/Sasser.worm.d

  * 5/03/2004
    * Posted ePO Stinger v2.2.4

  * 5/02/2004
    * Added W32/Sasser.worm.b - .c

  * 4/30/2004
    * Added W32/Sasser.worm

  * 4/28/2004
    * Added W32/Bagle.aa@MM
    * Added W32/Netsky.aa - .ab@MM

  * 4/26/2004
    * Added W32/Bagle.x - .z@MM
    * Added W32/Bugbear.c - .d@MM
    * Added W32/Doomjuice.c
    * Added W32/Dumaru.ae - .ah@MM
    * Added W32/Elkern.cav.f
    * Added W32/Lovgate.z@MM
    * Added W32/Mimail.v@MM
    * Added W32/Mydoom.i - .j@MM
    * Added W32/Netsky.u - .z@MM
    * Added W32/Yaha.aa@MM

  * 4/6/2004
    * Added W32/Netsky.s - .t@MM
    * Added W32/Lovgate.n - .y@MM

  * 4/4/2004
    * Added W32/Sober.f@MM

  * 3/29/2004
    * Added W32/Netsky.q@MM

  * 3/26/2004
    * Added W32/Bagle.u@MM

  * 3/22/2004
    * Added W32/Netsky.o - .p@MM
    * Added W32/Bagle.r - .t@MM
    * Added W32/Mydoom.h@MM

  * 3/15/2004
    * Added W32/Bagle.o - .p@MM
    * Added W32/Netsky.k - .n@MM

  * 3/13/2004
    * Added W32/Bagle.k - .n@MM

  * 3/9/2004 2:25pm pst
    * Posted ePO Version 2.1.2

  * 3/8/2004 2:25pm pst
    * Added W32/Netsky.j

  * 3/3/2004
    * Added W32/Sober.d@mm

  * 3/3/2004
    * Posted ePO Version 2.1.0

  * 3/2/2004
    * Added W32/Bagle.f - .j@MM
    * Added W32/Mydoom.g@MM

  * 3/1/2004
    * Posted ePO Version 2.0.7

  * 2/29/2004
    * Added W32/Bagle.e@MM

  * 2/27/2004
    * Added W32/Bagle.c@MM

  * 2/25/2004
    * Added W32/Netsky.c@MM
    * Posted ePO Version 2.0.4

  * 2/24/2004
    * Posted ePO Version 2.0.3

  * 2/23/2004
    * Added W32/Mydoom.f@mm

  * 2/18/2004
    * Added W32/Netsky.a@MM & W32/Netsky.b@MM
    * Posted ePO Version 2.0.2

  * 2/17/2004
    * Added W32/Bagle.b@MM, W32/Doomjuice.worm
    * Updated Sdbot, Deborm, Mimail, and Nachi
    * Renamed W32/Lovsan.worm -> W32/Blaster.worm
    * Renamed W32/Dfcsvc.worm -> W32/Anig.worm
    * Posted ePO Version 2.0.1

  * 1/30/2004
    * Posted ePO Version 2.0.0

  * 1/29/2004
    * Added W32/Mymail.s@MM
    * Added W32/Dfcsvc.worm

  * 1/28/2004
    * Added W32/MyDoom.b@MM
    * Posted ePO version 1.9.9

  * 1/27/2004
    * Enhanced W32/Mydoom@MM repair to remove reboot dependency during the
      repair process.
    * Posted ePO version 1.9.7

  * 1/26/2004
    * Added W32/MyDoom@MM *Note that a reboot is required after running
      Stinger for a complete clean
    * Added W32/Dumaru.y@MM - .aa@MM
    * Updated Mimail with the latest additions

  * 1/20/2004
    * Posted ePO version 1.9.5

  * 1/18/2004
    * Added W32/Bagle@MM

  * 12/22/2003
    * Posted ePO version 1.9.4

  * 12/21/2003
    * Added W32/Sober.c@MM, W32/Mimail.j - .o

  * 12/18/2003
    * Added W32/Sober.b@MM

  * 11/14/2003
    * Added W32/Mimail.d - .i

  * 11/11/2003
    * Enhanced W32/Sober@MM repair

  * 10/31/2003
    * Added W32/mimail.c@MM

  * 10/28/2003
    * Added W32/Sober@MM, W32/Dumaru.o - .r

  * 10/10/2003
    * Added W32/Pate, W32/Dumaru.e - .m

  * 10/01/2003
    * Posted version 1.8.7 with new expiration date
    * Posted ePO version 1.8.7

  * 9/25/2003
    * Posted ePO version 1.8.6

  * 9/19/2003
    * Added W32/Swen@MM, W32/Yaha.x@MM and W32/Yaha.y@MM

  * 8/28/2003
    * Added W32/Dumaru.b - .d and PWS-Narod, Posted ePO version 1.8.5

  * 8/19/2003
    * Added W32/Dumaru@MM, W32/Sobig.f@MM

  * 8/18/2003
    * Added W32/Nachi.worm, W32/Lovsan.worm.d

  * 8/15/2003
    * Posted ePO version 1.8.2

  * 8/14/2003
    * Corrected issue, which prevented W32/Lovsan.worm.a from being repaired
      properly

  * 8/13/2003
    * Added Exploit-DcomRpc, W32/Lovsan.worm.a & .b, and generic
      W32/Lovsan.worm to version 1.8.1, posted ePO version 1.8.0

  * 8/11/2003
    * Added W32/Lovsan.worm

  * 8/01/2003
    * Added W32/Mimail@MM, posted ePO version 1.7.9

  * 7/30/2003
    * Added IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, W32/Sdbot.worm.gen, and
      W32/MoFei.worm

  * 7/21/2003
    * Added W32/Deborm.worm.gen

  * 7/03/2003
    * ePO verson 1.7.6 posted

  * 7/02/2003
    * Added W32/Mumu.worm.b and PWS-Sincom

  * 6/25/2003
    * Added W32/Sobig@MM variants

  * 6/20/2003
    * Minor detection name correction

  * 6/19/2003
    * Added Bat/Mumu.worm, IPCScan trojan, NTServiceLoader trojan, PCGhost
      application, RemoteProcesslLaunch application, W32/Lovgate.n@M, and
      W32/Yaha.t@MM - .u@MM

  * 6/5/2003
    * Added W32/Bugbear.b@MM

  * 5/16/2003
    * Added W32/Lovgate.j@M through .m@M
    * Resolved an issue where Stinger was not preserving the last access date
      on files.
    * Posted ePO Deployable version of Stinger 1.6

  * 5/12/2003
    * Added W32/Fizzer@MM and W32/Yaha.s@MM

  * 4/14/2003
    * Added W32/Lovgate.e@M - W32/Lovgate.g@M, updated BackDoor-AQJ detection,
      W32/Yaha.m@MM - W32/Yaha.r@MM
    * Includes self-validation integrity check

  * 2/26/2003
    * Added W32/Lovgate.a@M - W32/Lovgate.d@M, BackDoor-AQJ, W32/Sircam@MM,
      W32/Funlove@MM, and W32/Nimda.a@MM - W32/Nimda.q@MM

  * 2/14/2003
    * Posted EPO deployable version of Stinger.exe

  * 1/25/2003
    * Added W32/SQLSlammer.worm and name detection for W32/Lirva.c@MM

  * 1/08/2003
    * Added W32/Lirva.a@MM and W32/Yaha.m@MM

  * 12/30/2002
    * Added W32/Yaha.a@MM - W32/Yaha.l@MM
    * DAT files are now stored in the executable

  * 10/09/2002
    * Removed Rwabs.dll dependency as it caused problems for users who had
      very old versions of the scan engine installed
    * Allows users to enter a drive letter or driver letter: when configuring
      Stinger to scan for additional drives
    * Clarified the purpose of the List Viruses button

  * 10/04/2002
    * Reposted package as self-extracting archive instead of .zip archive,
      updated DAT files to include detection for corrupted W32/Bugbear.dam
      files.

Site Map [34]  | Feedback Guide [35]  | Privacy Policy [36]  | Anti-Piracy
Policy [37]

(c) Copyright 2004 Networks Associates Technology, Inc. All Rights Reserved

----------
Site notes:
  [1] http://www.networkassociates.com/us/index.asp
  [2] http://www.networkassociates.com/us/index.asp
  [3] http://www.networkassociates.com/us/products/home.htm
  [4] http://www.networkassociates.com/us/services/home.htm
  [5] http://www.networkassociates.com/us/support/default.asp
  [6] http://www.networkassociates.com/us/downloads/default.asp
  [7] http://www.networkassociates.com/us/security/home.asp
  [8] /vil/default.asp
  [9] /vil/content/alert.htm
  [10] /vil/newly-discovered-viruses.asp
  [11] /vil/recently-updated-viruses.asp
  [12] /vil/hoaxes.asp
  [13] /vil/calendar/calendar.asp
  [14] /vil/white-paper.asp
  [15] /vil/submit-sample.asp
  [16] https://www.webimmune.net
  [17] http://networkassociates.nai.com/us/downloads/updates
  [18]
http://www.mcafeeb2b.com/naicommon/avert/virus-alerts/avert-risk-assessment.asp
  [19]
http://www.mcafeeb2b.nai.com/naicommon/avert/avert-research-center/default.asp
  [20] http://www.iss.net/security_center/search.php
  [21] http://www.networkassociates.com/us/partners/default.asp
  [22] http://www.networkassociates.com/us/about/home.htm
  [23] http://www.networkassociates.com/us/buy/default.asp
  [24] https://secure.nai.com/us/forms/downloads/upgrades/login.asp
  [25] http://www.networkassociates.com/us/downloads/evals/default.asp
  [26] http://www.networkassociates.com/us/contact/home.htm
  [27] http://download.nai.com/products/mcafee-avert/stinger.exe
  [28] http://download.nai.com/products/mcafee-avert/ePOStg237.Zip
  [29]
http://download.nai.com/products/mcafee-avert/stingerdocs/
stinger_epo_25_251_instructions.txt
  [30]
http://download.nai.com/products/mcafee-avert/stingerdocs/
stinger_epo_30_instructions.txt
  [31] http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
  [32] http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
  [33] mailto:Stinger@avertlabs.com
  [34] http://www.networkassociates.com/us/sitemap.htm
  [35] https://secure.nai.com/us/forms/support/web_feedback_form.asp
  [36] http://www.networkassociates.com/us/privacy.htm
  [37] http://www.networkassociates.com/us/antipiracy_policy.htm
