Content

Avert Tools

This collection of utilities is offered by McAfee's Avert Labs to accomplish unique tasks that are not commonly encountered during typical use of our anti-virus products.

Each tool was designed by one of the Avert team to solve problems caused by viruses or Trojans or required for data gathering for analysis of virus caused damage.

Each tool has it's use described next to them.

Latest Additions

11/05/2007: McAfee McAfee Rootkit Detective 1.1

One of our support personnel will help you select one of these that may be needed by you. Please don't use them if you are unsure of their need, misuse could cause worse damage than you are looking to fix.

These utilities have been designed to help you address various issues and should be used as recommended by your McAfee representative. All files presented within this page are not released products. They have not been approved by Quality Assurance and could cause false alarms as well as crashes on your machine(s).

Forensics Tools
Utility Description Instructions
McAfee Rootkit Detective 1.1 posted 11/05/07 McAfee Rootkit Detective is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system. Release Notes
Stinger Releases
Utility Removes Instructions
Stinger v3.9.9 posted 5/06/08 BackDoor-ALI, BackDoor-AQJ, BackDoor-AQJ.b, BackDoor-CEB, BackDoor-CEB!bat, BackDoor-CEB!hosts, BackDoor-CEB.b, BackDoor-CEB.c, BackDoor-CEB.d, BackDoor-CEB.dll, BackDoor-CEB.dr, BackDoor-CEB.e, BackDoor-CEB.f, BackDoor-CEB.sys, BackDoor-CFB, BackDoor-JZ, BackDoor-JZ.dam, BackDoor-JZ.dr, BackDoor-JZ.gen, BackDoor-JZ.gen.b, Bat/Mumu.worm, Cleanup, Downloader-DN.a, Downloader-DN.b, Exploit-DcomRpc, Exploit-DcomRpc.b, Exploit-DcomRpc.dll, Exploit-Lsass, Exploit-Lsass.dll, Exploit-MS04-011, Exploit-MS04-011.gen, HideWindow, HideWindow.dll, IPCScan, IRC/Flood.ap, IRC/Flood.ap.bat, IRC/Flood.ap.dr, IRC/Flood.bi, IRC/Flood.bi.dr, IRC/Flood.cd, NTServiceLoader, ProcKill, PWS-Narod, PWS-Narod.dll, PWS-Narod.gen, PWS-Sincom, PWS-Sincom.dll, PWS-Sincom.dr, rootkit, W32/Anig.worm, W32/Anig.worm.dll, W32/Bagle, W32/Bagle!eml.gen, W32/Bagle!pwdzip, W32/Bagle.ad!src, W32/Bagle.dldr, W32/Bagle.dll.dr, W32/Bagle.eml, W32/Bagle.fb!pwdzip, W32/Bagle.fc!pwdzip, W32/Bagle.fd!pwdzip, W32/Bagle.fe!pwdzip, W32/Bagle.fm.dldr, W32/Bagle.gen, W32/Bagle@MM!cpl, W32/Blaster.worm, W32/Blaster.worm.k, W32/Bropia.worm, W32/Bugbear, W32/Bugbear.a.dam, W32/Bugbear.b!data, W32/Bugbear.b.dam, W32/Bugbear.gen@MM, W32/Bugbear.h@MM, W32/Bugbear@MM, W32/Deborm.worm.ah, W32/Deborm.worm.gen, W32/Doomjuice.worm, W32/Dumaru, W32/Dumaru.ad@MM, W32/Dumaru.al.dll, W32/Dumaru.dll, W32/Dumaru.eml, W32/Dumaru.gen, W32/Dumaru.gen@MM, W32/Dumaru.w.gen, W32/Elkern.cav, W32/Elkern.cav.c, W32/Elkern.cav.c.dam, W32/Fizzer, W32/Fizzer.dll, W32/FunLove, W32/FunLove.apd, W32/Gaobot.worm, W32/Harwig.worm, W32/IRCbot, W32/IRCbot.worm, W32/IRCbot.worm.dll, W32/Klez, W32/Klez.dam, W32/Klez.eml, W32/Klez.gen.b@MM, W32/Klez.rar, W32/Korgo.worm, W32/Lirva, W32/Lirva.c.htm, W32/Lirva.eml, W32/Lirva.gen@MM, W32/Lirva.htm, W32/Lirva.txt, W32/Lovgate, W32/Mimail, W32/Mimail.c@MM, W32/Mimail.i!data, W32/Mimail.q@MM, W32/MoFei.worm, W32/MoFei.worm.dr, W32/Mumu.b.worm, W32/Mydoom, W32/Mydoom!bat, W32/Mydoom!ftp, W32/Mydoom.b!hosts, W32/Mydoom.dam, W32/Mydoom.t.dll, W32/Mytob, W32/Mytob.gen@MM, W32/Mytob.worm, W32/MyWife, W32/MyWife.dll, W32/MyWife@MM, W32/Nachi!tftpd, W32/Nachi.worm, W32/Netsky, W32/Netsky.af@MM, W32/Nimda, W32/Nimda.dam, W32/Nimda.eml, W32/Nimda.gen@MM, W32/Nimda.htm, W32/Pate, W32/Pate!dam, W32/Pate.dam, W32/Pate.dr, W32/Polip, W32/Polip!mem, W32/Polybot, W32/Polybot.bat, W32/Sasser.worm, W32/Sasser.worm!ftp, W32/Sdbot, W32/Sdbot!irc, W32/Sdbot.bat, W32/Sdbot.cli, W32/Sdbot.dll, W32/Sdbot.dr, W32/Sdbot.worm, W32/Sdbot.worm!ftp, W32/Sdbot.worm.bat.b, W32/Sdbot.worm.dr, W32/Sdbot.worm.gen, W32/Sdbot.worm.gen.a, W32/Sdbot.worm.gen.b, W32/Sdbot.worm.gen.c, W32/Sdbot.worm.gen.d, W32/Sdbot.worm.gen.e, W32/Sdbot.worm.gen.q, W32/Sober, W32/Sober!data, W32/Sober.dam, W32/Sober.eml, W32/Sober.f.dam, W32/Sober.g.dam, W32/Sober.q!spam, W32/Sober.r.dr, W32/Sober.r@MM, W32/Sobig, W32/Sobig.dam, W32/Sobig.eml, W32/Sobig.f.dam, W32/Sobig.gen@MM, W32/Spybot.worm, W32/SQLSlammer.worm, W32/Swen, W32/Swen@MM, W32/Yaha.eml, W32/Yaha.gen@MM, W32/Yaha.y@MM, W32/Yaha@MM, W32/Zafi, W32/Zafi.b.dam, W32/Zindos.worm, W32/Zotob.worm, W32/Zotob.worm!hosts Release Notes
Stinger for W32/Polip version 3.0.1 posted 05/03/2006 W32/Polip Release Notes
Stinger for W32/Bacalid version 3.0.6 posted 09/19/2006 Detects and removes all known W32/Bacalid variants to date
stinger.com MD5: 0955c96cc5d1c57cfd42520ce298fbcc 		Release Notes
ePO Version of Stinger for W32/Bacalid version 3.0.6 posted 09/19/2006 Detects and removes all known W32/Bacalid variants to date Release Notes
Stinger for W32/HLLP.Philis.bq posted 11/17/2006 Detects and removes W32/HLLP.Philis.bq and associated threats Release Notes
ePO Compatibile Stinger for W32/HLLP.Philis.bq posted 11/17/2006 Detects and removes W32/HLLP.Philis.bq and associated threats Release Notes
Beta/Emergency DATs and Command Line Scanner/DAT Packages
DAT SET Use
Beta .DAT files Latest available Beta DAT files. These are the files Avert Labs researchers use to assure they have the most current detections.
Miscellaneous Utilities & Notes
Utility Usefulness
SAVEINFO.ZIP A utility to capture possible boot sector viruses. This tool saves the MBR, the first 2 tracks of your hard disk, as well as the last track of each partition and and the last track of the physical drive.
RWFLOPPY.ZIP V1.0 Diskette IMAGE create/restore utility. Makes a file of a floppy to send via the network
READt80.ZIP Captures tracks 80 & 81 from a 1.44M diskette