How to Use McAfee Stinger to Remove Rootkits and Trojan Files

How to use McAfee Stinger to remove rootkits and trojan files

1) Prepare

• Download Stinger from the official site (Trellix/McAfee Stinger page).
• Save the executable to Desktop or USB drive (portable use).
• Ensure you have an administrator account and an active Internet connection for updates.

2) Optional: create a recovery point & back up

• Create a Windows restore point or image backup before making changes.

3) Run Stinger

• Right‑click the downloaded Stinger.exe and choose Run as administrator.
• If prompted by SmartScreen/UAC, allow the app to run.

4) Configure scan options

• Use the default scan targets (running processes, loaded modules, registry, common directories).
• To include rootkit scanning, enable the Rootkit option in Preferences (disabled by default).
• Set On Threat Detection to Report for the first scan (recommended) to avoid accidental data loss; change to Repair after you review results.
• For aggressive detection, set GTI/heuristics to High, but expect more false positives.

5) Run the scan

• Click Scan. Let Stinger complete — it scans processes, modules, registry and selected drives.
• If rootkit scanning was enabled, the scan will take longer and may update kernel components.

6) Review and act on findings

• If Stinger reports threats, review entries in the Threat/Log tab.
• For each detection choose Repair, Quarantine, or Report depending on confidence. Use Report first if unsure.
• If a file cannot be repaired, note its path for manual removal or offline cleaning.

7) If rootkits block execution or repair

• Boot to Safe Mode and re-run Stinger (or run from a clean USB/PE environment).
• If persistent, use an offline rescue environment (Windows PE + Stinger or a reputable bootable AV rescue disk).

8) Post‑scan steps

• Reboot the system after repairs.
• Run a full scan with a full antivirus product (e.g., McAfee Total Protection, Malwarebytes, or another reputable AV) to catch anything Stinger missed.
• Update Windows and all software, change passwords if infection included credential-stealing malware, and restore any backed-up files if needed.

9) Logs & quarantine

• Stinger saves logs in its run folder (view the Log tab).
• Quarantine is stored under C:\Quarantine\Stinger by default — verify and securely delete if you’re certain.

Notes and limitations

• Stinger is a specialized, on‑demand remover — not a replacement for full real‑time antivirus.
• It targets specific threats; it may miss newer or unknown malware.
• Enable rootkit scanning only when necessary and follow vendor guidance about updating VSCore components.

If you want, I can give concise command‑line parameters for automated or offline runs.