                              McAfee Inc.

 [1]

 [2]

Search:       <___>

United States

Products [3]

Services [4]

Support [5]

Downloads [6]

Security HQ  [7]

-    Virus Information Library  [8]

-    Virus Alerts [9]

-    Newly Discovered Threats [10]

-    Recently Updated Threats [11]

-    Hoaxes [12]

-    Calendar [13]

-    White Papers [14]

-    Submit A Sample [15]

-    AVERT WebImmune [16]

-    Anti-Virus Updates [17]

-    AVERT Risk Assessment [18]

-    AVERT Research Center [19]
-    X-Force Security Database [20]
-->

Partners [21]

About Us [22]

Buy Products [23]

Upgrade Products [24]

Try Products [25]

Contact Us [26]

Global Sites:

(_)Select Country/Region
(_)Brasil
(_)Canada
(_) / China
(_)Deutschland
(_)España
(_)France
(_)Italia
(_)-本 / Japan
(_)한국 / Korea
(_)Middle East
(_)Nederland
(_)Sverige
(_)灣 / Taiwan
(_)United Kingdom
(_)United States

McAfee AVERT Stinger

Stinger is a stand-alone utility used to detect and remove specific
viruses. It is not a substitute for full anti-virus protection, but
rather a tool to assist administrators and users when dealing with an
infected system. Stinger utilizes next generation scan engine
technology, including process scanning, digitally signed DAT files, and
scan performance optimizations.

How do I use Stinger?

  * Download Stinger.exe [27]  v2.3.9 [819,200 bytes] (8/16/2004)
    * or Download ePOStg239.Zip [28]  EPO deployable version (for EPO
      administrators). Instructions for EPO 2.5X [29]  and EPO 3.X [30]
       are available.

    This version of Stinger includes detection for all known variants,
    as of August 16th, 2004:

BackDoor-AQJ    BackDoor-CFB    BackDoor-CHR

BackDoor-JZ    Bat/Mumu.worm    Exploit-DcomRpc

IPCScan    IRC/Flood.ap    IRC/Flood.bi

IRC/Flood.cd    NTServiceLoader    PWS-Narod

PWS-Sincom.dll    W32/Anig.worm    W32/Bagle@MM

W32/Blaster.worm (Lovsan)    W32/Bugbear@MM    W32/Deborm.worm.gen

W32/Doomjuice.worm    W32/Dumaru    W32/Elkern.cav

W32/Fizzer.gen@MM    W32/FunLove    W32/Klez

W32/Korgo.worm    W32/Lirva    W32/Lovgate

W32/Mimail    W32/MoFei.worm    W32/Mumu.b.worm

W32/MyDoom    W32/Nachi.worm    W32/Netsky

W32/Nimda    W32/Pate    W32/Polybot

W32/Sasser.worm    W32/Sdbot.worm.gen    W32/SirCam@MM

W32/Sober    W32/Sobig    W32/SQLSlammer.worm

W32/Swen@MM    W32/Yaha@MM    W32/Zafi

W32/Zindos.worm

  * When prompted, choose to save the file to a convenient location on
    your hard disk (such as your Desktop folder).

  * When the download is complete, navigate to the folder that contains
    the downloaded Stinger.exe file, and run it. WindowsME/XP users
    read this first [31] .

  * The Stinger interface will be displayed.

  * If necessary, click the Add or Browse button to add additional
    drives/directories to scan. By default the C: drive will be
    scanned.
  * Click the Scan Now button to begin scanning the specified
    drives/directories.
  * By default Stinger will repair all infected files found.

Frequently Asked Questions

  * What is the List Viruses button used for?
    * A list of the viruses that stinger is configured to detect is
      displayed when pressing the List Viruses button. This virus list
      does not contain the results from running a scan.

  * How do I save the scan results to a log file?
    * Click the File menu and select Save report to file

  * I know I have a virus, but Stinger did not detect one. Why is this?
    * Stinger is not a substitute for a full anti-virus scanner. It is
      only designed to detect and remove specific threats.

  * How can I get support for Stinger?
    * Stinger is not a supported application. AVERT makes no guarantees
      about this product.

  * Stinger found a virus that it couldn't repair. Why is this?
    * This is most likely due to Windows System Restore functionality
      having a lock on the infected file. WindowsME/XP users should
      disable system restore [32]  prior to scanning.

  * Are there any command-line parameters available when running
    Stinger?
    * Yes, the parameters are displayed when passing STINGER.EXE the /?
      switch:
      * /ADL - Scan all local drives.
      * /GO - Start scanning immediately.
      * /LOG - Save the log file after scans.
      * /SILENT - Do not display graphical interface.

  * I ran Stinger and now have a Stinger.opt file, what is that?
    * When Stinger runs it creates the Stinger.opt file that saves the
      current Stinger configuration. This way when you run Stinger the
      next time your previous configuration is what is used, as long as
      the Stinger.opt file is in the same directory as Stinger.exe

  * Where can I send feedback to regarding Stinger?
    * Send your feedback to Stinger@avertlabs.com [33]

Update History

  * 8/17/2004
    * Posted ePO version 2.3.9

  * 8/16/2004
    * Added W32/Mydoom.s@MM
    * Added Backdoor-CHR

  * 8/9/2004
    * Added W32/Bagle.aj - .aq@MM
    * Added W32/Lovgate.al - .am@MM
    * Added W32/Mydoom.p - .r@MM

  * 7/30/2004
    * Added BackDoor-CFB

  * 7/28/2004
    * Added W32/Zindos.worm

  * 7/26/2004
    * Added W32/Mydoom.o@mm

  * 7/19/2004
    * Added W32/Bagle.ai@mm
    * Added W32/Mydoom.n@mm
    * Added W32/Lovgate.ae - .ak@mm

  * 7/18/2004
    * Added W32/Bagle.ag - .ah@mm

  * 7/16/2004
    * Added W32/Bagle.ad - .af@mm

  * 7/02/2004
    * Added W32/Korgo.worm.p - .v
    * Added W32/Lovgate.ac@MM - .ad@MM
    * Added W32/Mydoom.l@MM - .m@MM

  * 6/14/2004
    * Added W32/Korgo.worm.a - .o
    * Added W32/Zafi.a@MM - .b@MM

  * 5/19/2004
    * Posted ePO Stinger version 2.2.7

  * 5/18/2004
    * Added W32/Bagle.ac@MM
    * Added W32/Dumaru.aj - .ap
    * Added W32/Lovgate.ab@MM
    * Added W32/Mydoom.k@MM
    * Added W32/Sasser.worm.f
    * Added W32/Sober.g@MM

  * 5/10/2004
    * Added W32/Bagle.ab@MM
    * Added W32/Netsky.ac - ad@MM
    * Added W32/Sasser.worm.e

  * 5/04/2004
    * Added W32/Sasser.worm.d

  * 5/03/2004
    * Posted ePO Stinger v2.2.4

  * 5/02/2004
    * Added W32/Sasser.worm.b - .c

  * 4/30/2004
    * Added W32/Sasser.worm

  * 4/28/2004
    * Added W32/Bagle.aa@MM
    * Added W32/Netsky.aa - .ab@MM

  * 4/26/2004
    * Added W32/Bagle.x - .z@MM
    * Added W32/Bugbear.c - .d@MM
    * Added W32/Doomjuice.c
    * Added W32/Dumaru.ae - .ah@MM
    * Added W32/Elkern.cav.f
    * Added W32/Lovgate.z@MM
    * Added W32/Mimail.v@MM
    * Added W32/Mydoom.i - .j@MM
    * Added W32/Netsky.u - .z@MM
    * Added W32/Yaha.aa@MM

  * 4/6/2004
    * Added W32/Netsky.s - .t@MM
    * Added W32/Lovgate.n - .y@MM

  * 4/4/2004
    * Added W32/Sober.f@MM

  * 3/29/2004
    * Added W32/Netsky.q@MM

  * 3/26/2004
    * Added W32/Bagle.u@MM

  * 3/22/2004
    * Added W32/Netsky.o - .p@MM
    * Added W32/Bagle.r - .t@MM
    * Added W32/Mydoom.h@MM

  * 3/15/2004
    * Added W32/Bagle.o - .p@MM
    * Added W32/Netsky.k - .n@MM

  * 3/13/2004
    * Added W32/Bagle.k - .n@MM

  * 3/9/2004 2:25pm pst
    * Posted ePO Version 2.1.2

  * 3/8/2004 2:25pm pst
    * Added W32/Netsky.j

  * 3/3/2004
    * Added W32/Sober.d@mm

  * 3/3/2004
    * Posted ePO Version 2.1.0

  * 3/2/2004
    * Added W32/Bagle.f - .j@MM
    * Added W32/Mydoom.g@MM

  * 3/1/2004
    * Posted ePO Version 2.0.7

  * 2/29/2004
    * Added W32/Bagle.e@MM

  * 2/27/2004
    * Added W32/Bagle.c@MM

  * 2/25/2004
    * Added W32/Netsky.c@MM
    * Posted ePO Version 2.0.4

  * 2/24/2004
    * Posted ePO Version 2.0.3

  * 2/23/2004
    * Added W32/Mydoom.f@mm

  * 2/18/2004
    * Added W32/Netsky.a@MM & W32/Netsky.b@MM
    * Posted ePO Version 2.0.2

  * 2/17/2004
    * Added W32/Bagle.b@MM, W32/Doomjuice.worm
    * Updated Sdbot, Deborm, Mimail, and Nachi
    * Renamed W32/Lovsan.worm -> W32/Blaster.worm
    * Renamed W32/Dfcsvc.worm -> W32/Anig.worm
    * Posted ePO Version 2.0.1

  * 1/30/2004
    * Posted ePO Version 2.0.0

  * 1/29/2004
    * Added W32/Mymail.s@MM
    * Added W32/Dfcsvc.worm

  * 1/28/2004
    * Added W32/MyDoom.b@MM
    * Posted ePO version 1.9.9

  * 1/27/2004
    * Enhanced W32/Mydoom@MM repair to remove reboot dependency during
      the repair process.
    * Posted ePO version 1.9.7

  * 1/26/2004
    * Added W32/MyDoom@MM *Note that a reboot is required after running
      Stinger for a complete clean
    * Added W32/Dumaru.y@MM - .aa@MM
    * Updated Mimail with the latest additions

  * 1/20/2004
    * Posted ePO version 1.9.5

  * 1/18/2004
    * Added W32/Bagle@MM

  * 12/22/2003
    * Posted ePO version 1.9.4

  * 12/21/2003
    * Added W32/Sober.c@MM, W32/Mimail.j - .o

  * 12/18/2003
    * Added W32/Sober.b@MM

  * 11/14/2003
    * Added W32/Mimail.d - .i

  * 11/11/2003
    * Enhanced W32/Sober@MM repair

  * 10/31/2003
    * Added W32/mimail.c@MM

  * 10/28/2003
    * Added W32/Sober@MM, W32/Dumaru.o - .r

  * 10/10/2003
    * Added W32/Pate, W32/Dumaru.e - .m

  * 10/01/2003
    * Posted version 1.8.7 with new expiration date
    * Posted ePO version 1.8.7

  * 9/25/2003
    * Posted ePO version 1.8.6

  * 9/19/2003
    * Added W32/Swen@MM, W32/Yaha.x@MM and W32/Yaha.y@MM

  * 8/28/2003
    * Added W32/Dumaru.b - .d and PWS-Narod, Posted ePO version 1.8.5

  * 8/19/2003
    * Added W32/Dumaru@MM, W32/Sobig.f@MM

  * 8/18/2003
    * Added W32/Nachi.worm, W32/Lovsan.worm.d

  * 8/15/2003
    * Posted ePO version 1.8.2

  * 8/14/2003
    * Corrected issue, which prevented W32/Lovsan.worm.a from being
      repaired properly

  * 8/13/2003
    * Added Exploit-DcomRpc, W32/Lovsan.worm.a & .b, and generic
      W32/Lovsan.worm to version 1.8.1, posted ePO version 1.8.0

  * 8/11/2003
    * Added W32/Lovsan.worm

  * 8/01/2003
    * Added W32/Mimail@MM, posted ePO version 1.7.9

  * 7/30/2003
    * Added IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd,
      W32/Sdbot.worm.gen, and W32/MoFei.worm

  * 7/21/2003
    * Added W32/Deborm.worm.gen

  * 7/03/2003
    * ePO verson 1.7.6 posted

  * 7/02/2003
    * Added W32/Mumu.worm.b and PWS-Sincom

  * 6/25/2003
    * Added W32/Sobig@MM variants

  * 6/20/2003
    * Minor detection name correction

  * 6/19/2003
    * Added Bat/Mumu.worm, IPCScan trojan, NTServiceLoader trojan,
      PCGhost application, RemoteProcesslLaunch application,
      W32/Lovgate.n@M, and W32/Yaha.t@MM - .u@MM

  * 6/5/2003
    * Added W32/Bugbear.b@MM

  * 5/16/2003
    * Added W32/Lovgate.j@M through .m@M
    * Resolved an issue where Stinger was not preserving the last
      access date on files.
    * Posted ePO Deployable version of Stinger 1.6

  * 5/12/2003
    * Added W32/Fizzer@MM and W32/Yaha.s@MM

  * 4/14/2003
    * Added W32/Lovgate.e@M - W32/Lovgate.g@M, updated BackDoor-AQJ
      detection, W32/Yaha.m@MM - W32/Yaha.r@MM
    * Includes self-validation integrity check

  * 2/26/2003
    * Added W32/Lovgate.a@M - W32/Lovgate.d@M, BackDoor-AQJ,
      W32/Sircam@MM, W32/Funlove@MM, and W32/Nimda.a@MM -
      W32/Nimda.q@MM

  * 2/14/2003
    * Posted EPO deployable version of Stinger.exe

  * 1/25/2003
    * Added W32/SQLSlammer.worm and name detection for W32/Lirva.c@MM

  * 1/08/2003
    * Added W32/Lirva.a@MM and W32/Yaha.m@MM

  * 12/30/2002
    * Added W32/Yaha.a@MM - W32/Yaha.l@MM
    * DAT files are now stored in the executable

  * 10/09/2002
    * Removed Rwabs.dll dependency as it caused problems for users who
      had very old versions of the scan engine installed
    * Allows users to enter a drive letter or driver letter: when
      configuring Stinger to scan for additional drives
    * Clarified the purpose of the List Viruses button

  * 10/04/2002
    * Reposted package as self-extracting archive instead of .zip
      archive, updated DAT files to include detection for corrupted
      W32/Bugbear.dam files.

Site Map [34]  | Feedback Guide [35]  | Privacy Policy [36]  |
Anti-Piracy Policy [37]

(c) Copyright 2004 Networks Associates Technology, Inc. All Rights
Reserved

----------
Site notes:
  [1] http://www.networkassociates.com/us/index.asp
  [2] http://www.networkassociates.com/us/index.asp
  [3] http://www.networkassociates.com/us/products/home.htm
  [4] http://www.networkassociates.com/us/services/home.htm
  [5] http://www.networkassociates.com/us/support/default.asp
  [6] http://www.networkassociates.com/us/downloads/default.asp
  [7] http://www.networkassociates.com/us/security/home.asp
  [8] /vil/default.asp
  [9] /vil/content/alert.htm
  [10] /vil/newly-discovered-viruses.asp
  [11] /vil/recently-updated-viruses.asp
  [12] /vil/hoaxes.asp
  [13] /vil/calendar/calendar.asp
  [14] /vil/white-paper.asp
  [15] /vil/submit-sample.asp
  [16] https://www.webimmune.net
  [17] http://networkassociates.nai.com/us/downloads/updates
  [18]
http://www.mcafeeb2b.com/naicommon/avert/virus-alerts/
avert-risk-assessment.asp
  [19]
http://www.mcafeeb2b.nai.com/naicommon/avert/avert-research-center/
default.asp
  [20] http://www.iss.net/security_center/search.php
  [21] http://www.networkassociates.com/us/partners/default.asp
  [22] http://www.networkassociates.com/us/about/home.htm
  [23] http://www.networkassociates.com/us/buy/default.asp
  [24] https://secure.nai.com/us/forms/downloads/upgrades/login.asp
  [25] http://www.networkassociates.com/us/downloads/evals/default.asp
  [26] http://www.networkassociates.com/us/contact/home.htm
  [27] http://download.nai.com/products/mcafee-avert/stinger.exe
  [28] http://download.nai.com/products/mcafee-avert/ePOStg239.Zip
  [29]
http://download.nai.com/products/mcafee-avert/stingerdocs/
stinger_epo_25_251_instructions.txt
  [30]
http://download.nai.com/products/mcafee-avert/stingerdocs/
stinger_epo_30_instructions.txt
  [31] http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
  [32] http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
  [33] mailto:Stinger@avertlabs.com
  [34] http://www.networkassociates.com/us/sitemap.htm
  [35] https://secure.nai.com/us/forms/support/web_feedback_form.asp
  [36] http://www.networkassociates.com/us/privacy.htm
  [37] http://www.networkassociates.com/us/antipiracy_policy.htm
