Content

McAfee Avert Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

How do I use Stinger?

    The Stinger for W32/Polip can be found here

  1. Download v3.9.9 [1,973,255 bytes] (5/06/2008)

    2. NOTE: The file has been renamed to circumvent anti-stinger tactics used by Sober.r
  2. Download ePOStg305.Zip EPO deployable version (for EPO administrators). Instructions for EPO 2.5X and EPO 3.X are available.
  3. This version of Stinger includes detection for all known variants, as of September 10, 2007:
    Variant Names:
    BackDoor-ALI BackDoor-AQJ BackDoor-AQJ.b
    BackDoor-CEB BackDoor-CEB!bat BackDoor-CEB!hosts
    BackDoor-CEB.b BackDoor-CEB.c BackDoor-CEB.d
    BackDoor-CEB.dll BackDoor-CEB.dr BackDoor-CEB.e
    BackDoor-CEB.f BackDoor-CEB.sys BackDoor-CFB
    BackDoor-JZ BackDoor-JZ.dam BackDoor-JZ.dr
    BackDoor-JZ.gen BackDoor-JZ.gen.b Bat/Mumu.worm
    Downloader-DN.a Downloader-DN.b Exploit-DcomRpc
    Exploit-DcomRpc.b Exploit-DcomRpc.dll Exploit-Lsass
    Exploit-Lsass.dll Exploit-MS04-011 Exploit-MS04-011.gen
    HideWindow HideWindow.dll IPCScan
    IRC/Flood.ap IRC/Flood.ap.bat IRC/Flood.ap.dr
    IRC/Flood.bi IRC/Flood.bi.dr IRC/Flood.cd
    NTServiceLoader ProcKill PWS-Narod
    PWS-Narod.dll PWS-Narod.gen PWS-Sincom
    PWS-Sincom.dll PWS-Sincom.dr W32/Anig.worm
    W32/Anig.worm.dll W32/Bagle W32/Bagle!eml.gen
    W32/Bagle!pwdzip W32/Bagle.ad!src W32/Bagle.dldr
    W32/Bagle.dll.dr W32/Bagle.eml W32/Bagle.fb!pwdzip
    W32/Bagle.fc!pwdzip W32/Bagle.fd!pwdzip W32/Bagle.fe!pwdzip
    W32/Bagle.fm.dldr W32/Bagle.gen W32/Bagle@MM!cpl
    W32/Blaster.worm W32/Blaster.worm.k W32/Bropia.worm
    W32/Bugbear W32/Bugbear.a.dam W32/Bugbear.b!data
    W32/Bugbear.b.dam W32/Bugbear.gen@MM W32/Bugbear.h@MM
    W32/Bugbear@MM W32/Deborm.worm.ah W32/Deborm.worm.gen
    W32/Doomjuice.worm W32/Dumaru W32/Dumaru.ad@MM
    W32/Dumaru.al.dll W32/Dumaru.dll W32/Dumaru.eml
    W32/Dumaru.gen W32/Dumaru.gen@MM W32/Dumaru.w.gen
    W32/Elkern.cav W32/Elkern.cav.c W32/Elkern.cav.c.dam
    W32/Fizzer W32/Fizzer.dll W32/FunLove
    W32/FunLove.apd W32/Gaobot.worm W32/Harwig.worm
    W32/IRCbot W32/IRCbot.worm W32/IRCbot.worm.dll
    W32/Klez W32/Klez.dam W32/Klez.eml
    W32/Klez.gen.b@MM W32/Klez.rar W32/Korgo.worm
    W32/Lirva W32/Lirva.c.htm W32/Lirva.eml
    W32/Lirva.gen@MM W32/Lirva.htm W32/Lirva.txt
    W32/Lovgate W32/Mimail W32/Mimail.c@MM
    W32/Mimail.c@MM W32/Mimail.i!data W32/Mimail.q@MM
    W32/MoFei.worm W32/MoFei.worm.dr W32/Mumu.b.worm
    W32/Mydoom W32/Mydoom!bat W32/Mydoom!ftp
    W32/Mydoom.b!hosts W32/Mydoom.dam W32/Mydoom.t.dll
    W32/Mytob W32/Mytob.gen@MM W32/Mytob.worm
    W32/MyWife W32/MyWife.dll W32/MyWife@MM
    W32/Nachi!tftpd W32/Nachi.worm W32/Netsky
    W32/Netsky.af@MM W32/Nimda W32/Nimda.dam
    W32/Nimda.eml W32/Nimda.gen@MM W32/Nimda.htm
    W32/Pate W32/Pate!dam W32/Pate.dam
    W32/Pate.dr W32/Polip W32/Polip!mem
    W32/Polybot W32/Polybot.bat W32/Sasser.worm
    W32/Sasser.worm!ftp W32/Sdbot W32/Sdbot!irc
    W32/Sdbot.bat W32/Sdbot.cli W32/Sdbot.dll
    W32/Sdbot.dr W32/Sdbot.worm W32/Sdbot.worm!ftp
    W32/Sdbot.worm.bat.b W32/Sdbot.worm.dr W32/Sdbot.worm.gen
    W32/Sdbot.worm.gen.a W32/Sdbot.worm.gen.b W32/Sdbot.worm.gen.c
    W32/Sdbot.worm.gen.d W32/Sdbot.worm.gen.e W32/Sdbot.worm.gen.q
    W32/Sober W32/Sober!data W32/Sober.dam
    W32/Sober.eml W32/Sober.f.dam W32/Sober.g.dam
    W32/Sober.q!spam W32/Sober.r.dr W32/Sober.r@MM
    W32/Sobig W32/Sobig.dam W32/Sobig.eml
    W32/Sobig.f.dam W32/Sobig.gen@MM W32/Spybot.worm
    W32/SQLSlammer.worm W32/Swen W32/Swen@MM
    W32/Yaha.eml W32/Yaha.gen@MM W32/Yaha.y@MM
    W32/Yaha@MM W32/Zafi W32/Zafi.b.dam
    W32/Zindos.worm W32/Zotob.worm W32/Zotob.worm!hosts
  4. When prompted, choose to save the file to a convenient location on your hard disk (such as your Desktop folder).

  5. When the download is complete, navigate to the folder that contains the downloaded Stinger file, and run it. WindowsME/XP users read this first.

  6. The Stinger interface will be displayed.

  7. If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned.
  8. Click the Scan Now button to begin scanning the specified drives/directories.
  9. By default, Stinger will repair all infected files found.

Frequently Asked Questions

  1. What is the List Viruses button used for?
    • A list of the viruses that stinger is configured to detect is displayed when pressing the List Viruses button. This virus list does not contain the results from running a scan.
  2. How do I save the scan results to a log file?
    • Click the File menu and select Save report to file
  3. I know I have a virus, but Stinger did not detect one. Why is this?
    • Stinger is not a substitute for a full anti-virus scanner. It is only designed to detect and remove specific threats.
  4. How can I get support for Stinger?
    • Stinger is not a supported application. Avert makes no guarantees about this product.
  5. Stinger found a virus that it couldn't repair. Why is this?
    • This is most likely due to Windows System Restore functionality having a lock on the infected file. WindowsME/XP users should disable system restore prior to scanning./li>
  6. Are there any command-line parameters available when running Stinger?
    • Yes, the parameters are displayed when passing Stinger the /? switch:
      • /ADL - Scan all local drives.
      • /GO - Start scanning immediately.
      • /LOG - Save the log file after scans.
      • /SILENT - Do not display graphical interface.
  7. I ran Stinger and now have a Stinger.opt file, what is that?
    • When Stinger runs it creates the Stinger.opt file that saves the current Stinger configuration. This way when you run Stinger the next time your previous configuration is what is used, as long as the Stinger.opt file is in the same directory as Stinger
  8. Where can I send feedback to regarding Stinger?

Update History

  • 9/10/2007
    • Updated version information, variants, and extended expiration date
  • 4/05/2006
    • Updated version information, and extended expiration date
  • 2/02/2006
    • Added W32/Mywife.d
  • 10/05/2005
    • Added W32/Bagle.cc - .dd
    • Added W32/Bropia.worm.bx/by
    • Added W32/Korgo.worm.aj
    • Added W32/Lovgate.ar@MM
    • Added W32/Mydoom.bw@MM
    • Added W32/Sober.r@MM
    • Added W32/Zafi.e@MM
    • Changed default download name to "s_t_i_n_g_e_r.exe" as Sober.r terminates "stinger" based process names
  • 8/17/2005
    • Added Stinger 2.5.6 for ePO
  • 8/16/2005
    • Added W32/IRCBot.worm family (includes W32/IRCBot.worm!MS05-039)
    • Added W32/Zobot.worm family
  • 5/03/2005
    • Changed default download name to "s-t-i-n-g-e-r.exe" as Sober.p terminates "stinger" based process names
  • 5/02/2005
    • Added W32/Bagle.bo - bt@MM
    • Added W32/Bropia.worm.q - aj
    • Added W32/Sober.m - .p@MM
    • Changed default download name to ST1NGER.EXE as Sober.p terminates "stinger" based process names
  • 3/01/2005
    • Added W32/Bagle.dldr
    • Added W32/Bagle.bi - bn@MM
    • Added W32/Bropia.worm.q - .u
    • Added W32/Mydoom.bf - bi@MM
  • 2/21/2005
    • Added W32/Mydoom.be@MM
    • Added W32/Sober.l@MM
  • 2/18/2005
    • Added W32/Mydoom.bc - bd@MM
    • Added W32/Bropia.worm.a - .p
  • 2/16/2005
    • Added W32/Bagle.bh - bm@MM
    • Added W32/Dumaru.bd - bg@MM
    • Added W32/Mydoom.ao - bb@MM
    • Added W32/Nimda.u@MM
  • 1/03/2005
    • Increased expiration date
  • 12/14/2004
    • Added W32/Zafi.d@MM
    • Added Exploit-Lsass
    • Added W32/Bagle.bf - .bg@MM
    • Added W32/Korgo.ag - .ai
    • Added W32/Mydoom.an@MM
    • Renamed BackDoor-CHR -> BackDoor-CEB
  • 11/22/2004
    • Posted ePO version 2.4.5.1
  • 11/19/2004
    • Posted version 2.4.5.1 to correct an incorrect identificaion issue
  • 11/19/2004
    • Added W32/Sober.j@MM
  • 11/8/2004
    • Added W32/Bugbear.j@MM
    • Added W32/Korgo.worm.aa.dam
    • Added W32/Korgo.worm.ac.dam
    • Added W32/Korgo.worm.ae
    • Added W32/Lovgate.aq@MM
    • Added W32/Mydoom.ad - .ah@MM
    • Added W32/Pate.d
    • Added W32/Sasser.worm.g
  • 10/29/2004
    • Stinger configured to scan all files by default
    • Added W32/Bagle.ba - .bd@MM
    • Added W32/Netsky.ah - .ai@MM
    • Added W32/Zafi.c@MM
  • 10/14/2004
    • Added W32/Netsky.ag@MM
  • 9/28/2004
    • Added W32/Bagle.ar - .az@MM
    • Added W32/Dumaru.aw - .bb@MM
    • Added W32/Korgo.w - .ad
    • Added W32/Lovgate.ap@MM
    • Added W32/Mydoom.t - .ac@MM
    • Added W32/Nachi.worm.m
  • 8/17/2004
    • Posted ePO version 2.3.9
  • 8/16/2004
    • Added W32/Mydoom.s@MM
    • Added Backdoor-CHR
  • 8/9/2004
    • Added W32/Bagle.aj - .aq@MM
    • Added W32/Lovgate.al - .am@MM
    • Added W32/Mydoom.p - .r@MM
  • 7/30/2004
    • Added BackDoor-CFB
  • 7/28/2004
    • Added W32/Zindos.worm
  • 7/26/2004
    • Added W32/Mydoom.o@mm
  • 7/19/2004
    • Added W32/Bagle.ai@mm
    • Added W32/Mydoom.n@mm
    • Added W32/Lovgate.ae - .ak@mm
  • 7/18/2004
    • Added W32/Bagle.ag - .ah@mm
  • 7/16/2004
    • Added W32/Bagle.ad - .af@mm
  • 7/02/2004
    • Added W32/Korgo.worm.p - .v
    • Added W32/Lovgate.ac@MM - .ad@MM
    • Added W32/Mydoom.l@MM - .m@MM
  • 6/14/2004
    • Added W32/Korgo.worm.a - .o
    • Added W32/Zafi.a@MM - .b@MM
  • 5/19/2004
    • Posted ePO Stinger version 2.2.7
  • 5/18/2004
    • Added W32/Bagle.ac@MM
    • Added W32/Dumaru.aj - .ap
    • Added W32/Lovgate.ab@MM
    • Added W32/Mydoom.k@MM
    • Added W32/Sasser.worm.f
    • Added W32/Sober.g@MM
  • 5/10/2004
    • Added W32/Bagle.ab@MM
    • Added W32/Netsky.ac - ad@MM
    • Added W32/Sasser.worm.e
  • 5/04/2004
    • Added W32/Sasser.worm.d
  • 5/03/2004
    • Posted ePO Stinger v2.2.4
  • 5/02/2004
    • Added W32/Sasser.worm.b - .c
  • 4/30/2004
    • Added W32/Sasser.worm
  • 4/28/2004
    • Added W32/Bagle.aa@MM
    • Added W32/Netsky.aa - .ab@MM
  • 4/26/2004
    • Added W32/Bagle.x - .z@MM
    • Added W32/Bugbear.c - .d@MM
    • Added W32/Doomjuice.c
    • Added W32/Dumaru.ae - .ah@MM
    • Added W32/Elkern.cav.f
    • Added W32/Lovgate.z@MM
    • Added W32/Mimail.v@MM
    • Added W32/Mydoom.i - .j@MM
    • Added W32/Netsky.u - .z@MM
    • Added W32/Yaha.aa@MM
  • 4/6/2004
    • Added W32/Netsky.s - .t@MM
    • Added W32/Lovgate.n - .y@MM
  • 4/4/2004
    • Added W32/Sober.f@MM
  • 3/29/2004
    • Added W32/Netsky.q@MM
  • 3/26/2004
    • Added W32/Bagle.u@MM
  • 3/22/2004
    • Added W32/Netsky.o - .p@MM
    • Added W32/Bagle.r - .t@MM
    • Added W32/Mydoom.h@MM
  • 3/15/2004
    • Added W32/Bagle.o - .p@MM
    • Added W32/Netsky.k - .n@MM
  • 3/13/2004
    • Added W32/Bagle.k - .n@MM
  • 3/9/2004 2:25pm pst
    • Posted ePO Version 2.1.2
  • 3/8/2004 2:25pm pst
    • Added W32/Netsky.j
  • 3/3/2004
    • Added W32/Sober.d@mm
  • 3/3/2004
    • Posted ePO Version 2.1.0
  • 3/2/2004
    • Added W32/Bagle.f - .j@MM
    • Added W32/Mydoom.g@MM
  • 3/1/2004
    • Posted ePO Version 2.0.7
  • 2/29/2004
    • Added W32/Bagle.e@MM
  • 2/27/2004
    • Added W32/Bagle.c@MM
  • 2/25/2004
    • Added W32/Netsky.c@MM
    • Posted ePO Version 2.0.4
  • 2/24/2004
    • Posted ePO Version 2.0.3
  • 2/23/2004
    • Added W32/Mydoom.f@mm
  • 2/18/2004
    • Added W32/Netsky.a@MM & W32/Netsky.b@MM
    • Posted ePO Version 2.0.2
  • 2/17/2004
    • Added W32/Bagle.b@MM, W32/Doomjuice.worm
    • Updated Sdbot, Deborm, Mimail, and Nachi
    • Renamed W32/Lovsan.worm -> W32/Blaster.worm
    • Renamed W32/Dfcsvc.worm -> W32/Anig.worm
    • Posted ePO Version 2.0.1
  • 1/30/2004
    • Posted ePO Version 2.0.0
  • 1/29/2004
    • Added W32/Mymail.s@MM
    • Added W32/Dfcsvc.worm
  • 1/28/2004
    • Added W32/MyDoom.b@MM
    • Posted ePO version 1.9.9
  • 1/27/2004
    • Enhanced W32/Mydoom@MM repair to remove reboot dependency during the repair process.
    • Posted ePO version 1.9.7
  • 1/26/2004
    • Added W32/MyDoom@MM *Note that a reboot is required after running Stinger for a complete clean
    • Added W32/Dumaru.y@MM - .aa@MM
    • Updated Mimail with the latest additions
  • 1/20/2004
    • Posted ePO version 1.9.5
  • 1/18/2004
    • Added W32/Bagle@MM
  • 12/22/2003
    • Posted ePO version 1.9.4
  • 12/21/2003
    • Added W32/Sober.c@MM, W32/Mimail.j - .o
  • 12/18/2003
    • Added W32/Sober.b@MM
  • 11/14/2003
    • Added W32/Mimail.d - .i
  • 11/11/2003
    • Enhanced W32/Sober@MM repair
  • 10/31/2003
    • Added W32/mimail.c@MM
  • 10/28/2003
    • Added W32/Sober@MM,
      • W32/Dumaru.o - .r
  • 10/10/2003
    • Added W32/Pate,
      • W32/Dumaru.e - .m
  • 10/01/2003
    • Posted version 1.8.7 with new expiration date
    • Posted ePO version 1.8.7
  • 9/25/2003
    • Posted ePO version 1.8.6
  • 9/19/2003
    • Added W32/Swen@MM, W32/Yaha.x@MM and W32/Yaha.y@MM
  • 8/28/2003
    • Added W32/Dumaru.b - .d and PWS-Narod, Posted ePO version 1.8.5
  • 8/19/2003
    • Added W32/Dumaru@MM, W32/Sobig.f@MM
  • 8/18/2003
    • Added W32/Nachi.worm, W32/Lovsan.worm.d
  • 8/15/2003
    • Posted ePO version 1.8.2
  • 8/14/2003
    • Corrected issue, which prevented W32/Lovsan.worm.a from being repaired properly
  • 8/13/2003
    • Added Exploit-DcomRpc, W32/Lovsan.worm.a & .b, and generic W32/Lovsan.worm to version 1.8.1, posted ePO version 1.8.0
  • 8/11/2003
    • Added W32/Lovsan.worm
  • 8/01/2003
    • Added W32/Mimail@MM, posted ePO version 1.7.9
  • 7/30/2003
    • Added IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, W32/Sdbot.worm.gen, and W32/MoFei.worm
  • 7/21/2003
    • Added W32/Deborm.worm.gen
  • 7/03/2003
    • ePO verson 1.7.6 posted
  • 7/02/2003
    • Added W32/Mumu.worm.b and PWS-Sincom
  • 6/25/2003
    • Added W32/Sobig@MM variants
  • 6/20/2003
    • Minor detection name correction
  • 6/19/2003
    • Added Bat/Mumu.worm, IPCScan trojan, NTServiceLoader trojan, PCGhost application, RemoteProcesslLaunch application, W32/Lovgate.n@M, and W32/Yaha.t@MM - .u@MM
  • 6/5/2003
    • Added W32/Bugbear.b@MM
  • 5/16/2003
    • Added W32/Lovgate.j@M through .m@M
    • Resolved an issue where Stinger was not preserving the last access date on files.
    • Posted ePO Deployable version of Stinger 1.6
  • 5/12/2003
    • Added W32/Fizzer@MM and W32/Yaha.s@MM
  • 4/14/2003
    • Added W32/Lovgate.e@M - W32/Lovgate.g@M, updated BackDoor-AQJ detection, W32/Yaha.m@MM - W32/Yaha.r@MM
    • Includes self-validation integrity check
  • 2/26/2003
    • Added W32/Lovgate.a@M - W32/Lovgate.d@M, BackDoor-AQJ, W32/Sircam@MM, W32/Funlove@MM, and W32/Nimda.a@MM - W32/Nimda.q@MM
  • 2/14/2003
    • Posted EPO deployable version of Stinger.exe
  • 1/25/2003
    • Added W32/SQLSlammer.worm and name detection for W32/Lirva.c@MM
  • 1/08/2003
    • Added W32/Lirva.a@MM and W32/Yaha.m@MM
  • 12/30/2002
    • Added W32/Yaha.a@MM - W32/Yaha.l@MM
    • DAT files are now stored in the executable
  • 10/09/2002
    • Removed Rwabs.dll dependency as it caused problems for users who had very old versions of the scan engine installed
    • Allows users to enter a drive letter or driver letter: when configuring Stinger to scan for additional drives
    • Clarified the purpose of the List Viruses button
  • 10/04/2002
    • Reposted package as self-extracting archive instead of .zip archive, updated DAT files to include detection for corrupted W32/Bugbear.dam files.