Littlebits

Retired Staff

Screenshots

McAfee Avert Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

New releases of Stinger contain all families, and associated families, of threats that have achieved a Medium of higher Risk Asssessment. This Stinger is only updated upon the discovery of a new Medium or higher threat.

This version of Stinger includes specific detection and repair for W32/Polip only. At this time, because of the nature of the infection algorithm, repair of files infected with W32/Polip may not return the files to their pristine, pre-infected state, and can cause problems with self-checking applications.

Stinger includes detection for all known variants:
* W32/Anig.worm, -W32/Bagle, -Exploit-DcomRpc, -Exploit-Lsass,
* IRC/Flood.ap, -IRC/Flood.bi, -IRC/Flood.cd, -PWS-Narod,
* W32/Sdbot.worm.gen, -BackDoor-JZ, -BackDoor-AQJ,
* BackDoor-CFB, -Backdoor-CEB, -Bat/Mumu.worm; -IPCScan;
* NTServiceLoader; -PWS-Sincom.dll; -W32/SQLSlammer.worm;
* W32/Bagle.bf - .bg@MM; -W32/Bagle.bl@MM; -W32/Bagle.bj - .bk@MM;
* W32/Bagle.bi - bn@MM; -W32/Bagle.dldr; -W32/Bagle.bo - bt@MM;
* W32/Bagle.cc - .dd; -W32/Blaster.worm; -W32/Bropia.worm.a - .p;
* W32/Bropia.worm.bx/by; -W32/Bropia.worm.q - .u;
* W32/Bropia.worm.q - aj; -W32/Bugbear@MM; -W32/Bugbear.j@MM;
* W32/Deborm.worm.gen; -W32/Dumaru; -W32/Dumaru.bd - bg@MM;
* W32/Elkern.cav; -W32/Fizzer.gen@MM; -W32/FunLove;
* W32/IRCBot.worm; -W32/Klez; -W32/Lirva; -W32/Lovgate;
* W32/Lovgate.aq@MM; -W32/Lovgate.ar@MM; -W32/Korgo.worm;
* W32/Korgo.worm.aa.dam; -W32/Korgo.ag - .ai; -W32/Korgo.worm.ae;
* W32/Korgo.worm.aj; -W32/Mimail; -W32/MoFei.worm; -W32/Mumu.b.worm;
* W32/Doomjuice.worm; -W32/Mydoom; -W32/Mydoom.ad - .ah@MM;
* W32/Mydoom.an@MM; -W32/Mydoom.ao - bb@MM; -W32/Mydoom.bc - bd@MM;
* W32/Mydoom.be@MM; -W32/Mydoom.bf - bi@MM; W32/Mydoom.bw@MM;
* W32/Nachi.worm; -W32/Netsky; -W32/Netsky.ag@MM; -W32/Nimda;
* W32/Nimda.u@MM;-W32/Bagle.ba - .bd@MM, -W32/Bagle.bh - bm@MM;
* W32/Netsky.ah - .ai@MM, -W32/Pate; -W32/Pate.d; -W32/Sasser.worm;
* W32/Sasser.worm.g; -W32/SirCam@MM, -W32/Sobig; -W32/Sober;
* W32/Sober.j@MM, -W32/Sober.k@MM, W32/Sober.l@MM;
* W32/Sober.m - .p@MM; W32/Sober.r@MM; -W32/Swen@MM; -W32/Yaha@MM;
* W32/Zafi; -W32/Zafi.c@MM; -W32/Zafi.d@MM; -W32/Zafi.e@MM;
* W32/Zindos.worm; - W32/Zobot.worm

Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

Operating Systems: All Windows.

Other removal tools including:
* McAfee FakeAlert Stinger
* McAfee Rootkit Detective
* Aurora Stinger
are available here.

Stinger Release Notes (latest malware updates)

How to use Stinger (recommend to scan in Windows Safe Mode, Networking not required)

Homepage
Download (Default Direct Link)

Note: McAfee Avert Stinger is an excellent removal tool, it has partnerships with several other vendors to make it one of the best all-in-one removal scanners. Probably the best product McAfee has ever made. They added McAfee Fake Alert Stinger database to detect fake antivirus and other fake rogueware and McAfee Rootkit Remover which can remove the most common rootkits. Database updates at least twice weekly sometimes more often. Stinger Release Notes will list the changes in added malware detections. Each version already has the latest updates included so you don't need to run updates, just download the latest version.
 

Littlebits

Retired Staff
Build Number: 10.2.0.815 Released:
Build Date: 11-Oct-2012

MD5: 2094208BBCB8F434A6D51CD11CB54D71
SHA1: 1C8F475EE4553393A574115F48EA21E8112BD747

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Downloader-FCJ
• FakeAlert-SysDef.as
• Generic FakeAlert.lz
• Generic PWS.agv
• PWS-OnlineGames.lq
• W32/Sural.a
• W32/Swisyn.ag
• W32/Swisyn.ah
• ZeroAccess.b!env
• ZeroAccess.hp

Enhanced Detections:
• DNSChanger.d
• FakeAlert-SecurityTool.fn
• Generic Downloader.z
• Generic FakeAlert
• Generic FakeAlert.gp
• JS/Exploit-Blacole.eq
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.hv
• JS/Exploit-Blacole.ia
• Vundo
• W32/Autorun.worm.bx
• W32/Autorun.worm.c
• W32/Conficker.worm
• W32/Swisyn.ag
• ZeroAccess
• ZeroAccess.hn

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.816 released:
Build Date: 12-Oct-2012

MD5: D9C921C4F6C3779245A06C67F90502F8
SHA1: 55508D73F404C1E6E9ADD564273BAD6E28C19B47

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SysDef.at
• Generic BackDoor.acy
• Generic BackDoor.aey
• Generic FakeAlert.ma
• Generic FakeAlert.mb
• Ransom-AAX
• Ransom-AAY
• Ransom-AI
• Ransom-BI
• VBObfus.da

Enhanced Detections:
• DNSChanger.d
• Exploit-Blacole.j
• Exploit-CVE2012-0158!rtf
• FakeAlert-Rena.dc
• FakeAlert-SecurityTool.fn
• FakeAlert-SecurityTool.fo
• FakeAlert-SecurityTool.ga
• Generic Downloader.hl
• Generic FakeAlert.gp
• Generic FakeAlert.ly
• Generic FakeAlert.lz
• Generic PWS.agu
• Generic StartPage.ap
• JV/Exploit-Blacole
• PWS-Zbot.gen.als
• PWS-Zbot.gen.alu
• Ransom-AAX
• Ransom-AI
• Spam-Tedroo.gen.e
• VBobfus.er
• VBobfus.es
• Vundo

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.819 released:
Build Date: 15-Oct-2012

MD5: 4E5C3FAE4814153C8E372CAECB9166F9
SHA1: 3D6257C34FAA42B5CAC53689564D9D9259D37D86

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SysDef.au
• Generic BackDoor.aez
• Generic BackDoor.afa
• Generic VB.in
• Generic.mm
• Generic.mt
• Ransom-AAZ
• W32/AutoRun.worm.aact

Enhanced Detections:
• Exploit-CVE2012-0158!rtf
• FakeAlert-SecurityTool.fn
• FakeAlert-SecurityTool.fo
• FakeAlert-SysDef.ar
• FakeAlert-SysDef.as
• FakeAlert-SysDef.at
• FakeAlert-WinwebSecurity
• Generic BackDoor.aez
• Generic Downloader.nx
• Generic Downloader.z
• Generic FakeAlert
• Generic VB.b
• Generic VB.iv
• Generic VB.jb
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.ib
• JS/Exploit-Blacole.ic
• JV/Exploit-Blacole
• PWS-Zbot.gen.agj
• PWS-Zbot.gen.agz
• PWS-Zbot.gen.anq
• PWS-Zbot.gen.po
• SkyWiper
• TDSS.aq
• TDSS.ar
• VBS/Autorun.worm.k
• Vundo
• W32/Autorun.worm.aacz
• W32/Autorun.worm.c
• W32/XDocCrypt.c
• ZeroAccess
• ZeroAccess.cj
• ZeroAccess.dr
• ZeroAccess.dr.gen.g
• ZeroAccess.hk
• ZeroAccess.hn
• ZeroAccess.hp

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.820 released:
Build Date: 16-Oct-2012

MD5: 707310F09340C6BF6E1C0A4FC93DBE82
SHA1: BFC21157E3B660D548526C976C4B86CB6BC56D95

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Generic FakeAlert.mc

Enhanced Detections:
• Generic Downloader.z
• TDSS.ag

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.824 Released:
Build Date: 17-Oct-2012

MD5: 9B3885EF8B4267E9257119B12A713C40
SHA1: 55B34F14E6E848AC402642560A751C327737F760

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• SkyWiper.b
• Vundo.gen.hh

Enhanced Detections:
• DNSChanger.dx
• Exploit-PDF.i
• JS/Exploit-Blacole.em
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.hy
• SkyWiper.b
• W32/Autorun.worm.c
• W32/XDocCrypt.c
• ZeroAccess!cfg
• ZeroAccess.hn
• ZeroAccess.hp

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.827 released:
Build Date: 18-Oct-2012

MD5:
SHA1:

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Downloader-BML
• Downloader-BPJ
• Exploit-PDF.bl.gen
• FakeAlert-SecurityTool.gc
• Generic Downloader.qt
• Generic Downloader.u
• Generic FakeAlert.md
• Generic VB.km
• SMSFraud.be
• VBObfus.dv
• W32/Rimecud.gen.do

Enhanced Detections:
• Downloader-BPJ
• Exploit-PDF.bl.gen
• FakeAlert-SecurityTool.fo
• FakeAlert-SysDef
• Generic Downloader.z
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.ev
• JS/Exploit-Blacole.gc
• JS/Exploit-Blacole.gg
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.ht
• JS/Exploit-Blacole.ib
• PWS-Zbot.gen.anq
• Ramnit.a
• W32/Autorun.worm.c
• W32/Sality.dr
• ZeroAccess.gr
• ZeroAccess.hh!env
• ZeroAccess.ho
• ZeroAccess.hp

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.830 Released:
Build Date: 19-Oct-2012

MD5: 877F843815F96BEFB0B79A8CC87902F9
SHA1: 289FA81A1CB46EBA67BFEF4E04E70A3A090B2C37

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SecurityTool.gd
• FakeAlert-SysDef.av
• Generic PWS.agw
• PWS-Zbot.gen.anw

Enhanced Detections:
• Exploit-CVE2012-0158!rtf
• FakeAlert-SecurityTool.eu
• FakeAlert-SecurityTool.fn
• FakeAlert-SysDef
• Festi
• Generic Downloader.z
• Generic PWS.agv
• Medfos.e
• PWS-Zbot.gen.als
• ZeroAccess
• ZeroAccess.ho
• ZeroAccess.hp

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.831 released:
Build Date: 22-Oct-2012

MD5: 595CFDE072C024A0A41ADBEB7E547DA3
SHA1: 61F89C7785D59CA810533D228929C9076413F45B

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Exploit-IFrame.gen.am
• FakeAlert-SysDef.aw
• JV/Exploit-Blacole.s
• ZeroAccess.hq

Enhanced Detections:
• Exploit-CVE2010-0188
• Exploit-CVE2012-0158!rtf
• FakeAlert-SecurityTool.fl
• FakeAlert-SecurityTool.fo
• FakeAlert-SecurityTool.fr
• FakeAlert-SecurityTool.fz
• FakeAlert-SecurityTool.ga
• FakeAlert-SecurityTool.gb
• FakeAlert-SecurityTool.gd
• FakeAlert-SysDef
• FakeAlert-SysDef.at
• FakeAlert-SysDef.av
• Generic Downloader.nx
• Generic Downloader.z
• Generic FakeAlert
• Generic FakeAlert.gp
• Generic FakeAlert.ma
• Generic FakeAlert.mb
• Generic FakeAlert.md
• JS/Exploit-Blacole.eq
• JS/Exploit-Blacole.eu
• JS/Exploit-Blacole.gg
• JS/Exploit-Blacole.gq
• JS/Exploit-Blacole.hv
• JS/Exploit-Blacole.id
• JV/Exploit-Blacole
• Medfos.e
• PWS-Zbot.gen.agz
• PWS-Zbot.gen.als
• PWS-Zbot.gen.anq
• Vundo.gen.hg
• W32/Autorun.worm.aabm
• W32/Autorun.worm.bgi
• W32/Autorun.worm.c
• W32/Rimecud
• W32/Rimecud.gen.do
• ZeroAccess
• ZeroAccess.ds.gen.e
• ZeroAccess.hn
• ZeroAccess.hp

Enjoy!!:D
 

MalwareVirus

New Member
May i ask a quation? How these stand alone utilities works,i m using remove it pro 3-4 days ago & he shows me 7-8 dll files as a threat & give a advice to remove them but i scan them with EAM & SpybotSD but both scanner nothing found in that drivers thats why i am confuse how stand alone utilities works?
Thanx:)
 

Littlebits

Retired Staff
MalwareVirus said:
May i ask a quation? How these stand alone utilities works,i m using remove it pro 3-4 days ago & he shows me 7-8 dll files as a threat & give a advice to remove them but i scan them with EAM & SpybotSD but both scanner nothing found in that drivers thats why i am confuse how stand alone utilities works?
Thanx:)
RemoveIt Pro tends to have many false positives. McAfee Stinger rarely has any false positives. It uses databases from several AV vendors just not McAfee's own database which makes its detection very good. Also has excellent rookit detection and removal plus fake AV detection and removal. It doesn't require database updates they are included within the product. McAfee Stinger is small and effective malware removal tool, it has fast scan speed when used in Windows Safe Mode which is recommended.

Try it for yourself is the best way to see how it works.

Thanks.:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.836 Released:
Build Date: 23-Oct-2012

MD5: 8D87D49762FC727D2055ECF5DA986F05
SHA1: A2C4A77F653957270828492393D18CCDDA336DCE

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Generic PWS.agx

Enhanced Detections:
• W32/Autorun.worm.g

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.841 Released:
Build Date: 25-Oct-2012

MD5: EBE1A1ADA6F9F7B3AB0BDE0BA43F95A0
SHA1: 471452F089CC44D7142DD5495887E94ABA85CECA

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• FakeAlert-SecurityTool.ge
• JS/Exploit-Blacole.ie
• ZeroAccess.hr
• ZeroAccess.hs


Enhanced Detections:
• Bredolab.gen.c
• Exploit-Blacole!zip
• Exploit-CVE2012-0507
• Exploit-IFrame.gen.ak
• FakeAlert-SecurityTool.ga
• FakeAlert-SecurityTool.gc
• FakeAlert-SysDef.at
• Generic Downloader.hl
• Generic Downloader.z
• Generic FakeAlert
• Generic PWS.agw
• JS/Exploit-Blacole
• JS/Exploit-Blacole.hu
• JS/Exploit-Blacole.ie
• JS/Redirector
• JV/Exploit-Blacole
• JV/Exploit-Blacole.s
• PWS-Zbot.gen.alf
• PWS-Zbot.gen.anq
• W32/Autorun.worm.c
• W32/Autorun.worm.zzr
• ZeroAccess
• ZeroAccess.hi
• ZeroAccess.hq

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.843 released:
Build Date: 29-Oct-2012

MD5: 7C6241E5115047D3FE24C33862256C56
SHA1: 89432B4840D4B200BCDCEB903B93A3921235638E

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
� FakeAlert-SecurityTool.gf
� JS/Exploit-Blacole.if
� PWS-Zbot
� PWS-Zbot.a!env
� PWS-Zbot.b!env
� PWS-Zbot.gen.anr
� PWS-Zbot.gen.ans
� PWS-Zbot.gen.ant
� PWS-Zbot.gen.anu
� PWS-Zbot.gen.anv
� PWS-Zbot.gen.anx
� PWS-Zbot.gen.any
� PWS-Zbot.gen.anz
� PWS-Zbot.gen.aoa
� PWS-Zbot.gen.aob
� PWS-Zbot.gen.aoc
� PWS-Zbot.gen.aod
� PWS-Zbot.gen.aoe
� PWS-Zbot.gen.aof
� PWS-Zbot.gen.aog
� PWS-Zbot.gen.aoh
� PWS-Zbot.gen.aoi
� PWS-Zbot.gen.aoj
� PWS-Zbot.gen.aok
� PWS-Zbot.gen.aol
� PWS-Zbot.gen.aom
� PWS-Zbot.gen.aon
� PWS-Zbot.gen.aoo
� PWS-Zbot.gen.aop
� PWS-Zbot.gen.aoq
� PWS-Zbot.gen.aor
� PWS-Zbot.gen.aos
� PWS-Zbot.gen.aot
� PWS-Zbot.gen.aou
� PWS-Zbot.gen.aov
� PWS-Zbot.gen.aow
� PWS-Zbot.gen.aox
� PWS-Zbot.gen.aoy
� PWS-Zbot.gen.aoz
� W32/Autorun.worm.aacp
� W32/Autorun.worm.aacq

Enhanced Detections:
� Downloader-BCS
� FakeAlert-KW.g
� FakeAlert-SecurityTool.fz
� FakeAlert-SecurityTool.ga
� FakeAlert-SecurityTool.gd
� FakeAlert-SecurityTool.ge
� FakeAlert-SysDef
� FakeAlert-SysDef.at
� FakeAlert-SysDef.av
� False Digisig present
� Generic Downloader.z
� Generic FakeAlert
� Generic FakeAlert.gp
� Generic FakeAlert.kw
� Generic PWS.aad
� Generic PWS.ags
� JS/Blacole-Exploit
� JS/Exploit-Blacole.gc
� JS/Exploit-Blacole.gq
� JS/Exploit-Blacole.ht
� JS/Exploit-Blacole.ie
� JV/Exploit-Blacole
� Medfos.e
� PWS-Zbot
� PWS-Zbot.gen.aln
� PWS-Zbot.gen.alu
� VBobfus.er
� Vundo
� Vundo.gen.hh
� ZeroAccess
� ZeroAccess!cfg
� ZeroAccess.b!env
� ZeroAccess.dr
� ZeroAccess.hq
� ZeroAccess.hr

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.845 released:
Build Date: 30-Oct-2012

MD5: 3C3103FC337E7836DE083F99104E7381
SHA1: 299AE957CD8B2325460A135341CC6FC12980F9C2

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• PWS-Zbot.gen.apa

Enhanced Detections:
• Generic PWS.agt
• PWS-Zbot.gen.aln
• PWS-Zbot.gen.aoe
• PWS-Zbot.gen.aor
• PWS-Zbot.gen.aot
• PWS-Zbot.gen.aou
• PWS-Zbot.gen.aow
• PWS-Zbot.gen.aox
• W32/Autorun.worm.c

Enjoy!!:D
 

Littlebits

Retired Staff
Build Number: 10.2.0.849 released:
Build Date: 31-Oct-2012

MD5: 8FA80A76384937C9E0D0912698FF475A
SHA1: 6F89A8F843F0967119BEB39239C665A8916F1321

Enhanced detections are those that have been modified for this release. Detections are

enhanced to cover new variants, optimize performance, and correct incorrect identifications.

New Detections:
• Generic BackDoor.aep
• Generic Downloader.rs
• JV/Exploit-Blacole.t
• PWS-Zbot.gen.ann
• PWS-Zbot.gen.ano
• PWS-Zbot.gen.anp
• PWS-Zbot.gen.apc
• PWS-Zbot.gen.apd
• PWS-Zbot.gen.ape
• Ransom-ABF

Enhanced Detections:
• BackDoor-FHI
• FakeAlert-SecurityTool.fz
• FakeAlert-SysDef.at
• Generic BackDoor.aep
• Generic Downloader.pr
• Generic Dropper.afw
• Generic FakeAlert.gp
• JS/Exploit-Blacole.gc
• PWS-Zbot.gen.als
• PWS-Zbot.gen.aof
• PWS-Zbot.gen.aoh
• PWS-Zbot.gen.aov
• PWS-Zbot.gen.aoy
• W32/Autorun.worm.c
• ZeroAccess
• ZeroAccess.hr

Enjoy!!:D