Trellix Stinger

Trellix Stinger — Free Download. Detection and removal of specific malware
Trellix Stinger is a portable utility tool that performs on-demand scans to identify and remove known malware. It operates with a specific set of threat signatures and employs rootkit scanning technology and GTI file reputation. It is not a substitute for a full antivirus solution.
5.0(2 ratings)
Download Trellix Stinger (Official links)
File size: 46.1 MB
The latest version of Trellix Stinger is: 13.0.0.578
Operating system: Windows
Languages: English
Developer: Musarubra US LLC
Price: $0.00 USD
  • Rootkit scanning. This function examines deep areas of the operating system and registry to detect rootkits attempting to hide malicious processes. It employs specialized drivers (mfehidk.sys, mferkdet.sys) to access system layers and uncover components obfuscated by this type of malware.
  • GTI reputation-based detection. During the scan, files are checked in real-time against Trellix's global file reputation database (GTI). This system assigns a reputation score based on the file's behavior and prevalence on the network, identifying emerging threats that may not yet be in local signature databases.
  • Specific threat list. Stinger is configured to look for a defined set of malware, including GameOver Zeus and CryptoLocker. The list of target threats is visible within the application's Advanced menu and determines the exact scope of what the scanner can identify and remove.
  • Automatic file repair. By default, upon finding an infected file, the tool attempts to disinfect it by removing the malicious code. If repair is not feasible, it proceeds to completely delete the compromised file to neutralize the threat.
  • Quarantine of detected items. Files that cannot be repaired and are deleted are moved to a quarantine folder located at C:\Quarantine\Stinger. This prevents permanent data loss and allows for manual, administrator-controlled restoration if necessary.
  • Customizable scanning. The user can modify the default scan parameters. Through the "Customize my scan" link, it is possible to add disk drives, specific directories, or exclusions to focus the search on concrete areas of the file system.
  • Command-line parameters. The tool supports silent and automated execution via command-line arguments. This allows its integration into administration scripts or remote deployment across multiple systems without graphical interaction.
  • Detailed activity log. Stinger generates a log file documenting the entire scan process. The log includes timestamps, files examined, threats identified, and actions taken. It is saved in the execution directory and can be viewed in HTML format from the corresponding tab.
  • Custom MD5 hash blacklist. In the Advanced/Blacklist tab, users can enter up to 1000 MD5 hashes of known malicious files. During the scan, any file whose hash matches the list will be detected and removed, even if it is not in the main signature database.
  • Adjustable network heuristics. The function applies heuristic analysis to network activity and files. The sensitivity level (Medium, High, Very High) is configurable. Higher levels increase detection of potential threats but also the risk of false positives.
  • WinPE environment compatibility. Stinger can be run in a Windows Preinstallation Environment (WinPE) for forensic analysis or recovery of systems that do not boot. This requires the WinPE image to include support components for HTML Applications.
  • VSCore component update. When rootkit scanning is activated, Stinger updates Trellix's security core drivers (VSCore) on the endpoint if they are present and are outdated versions. This update is necessary for the detection of modern rootkits.
  • Integration with ePolicy Orchestrator (ePO). There is a specific Stinger package for centralized deployment via the Trellix ePO console. In this mode, rootkit scanning is disabled by default, but can be enabled with specific parameters.

Stinger's development began within McAfee, later part of Intel Security, and now under the Trellix brand. The tool was created as an incident response utility to address outbreaks of specific, highly prevalent malware. Its first public version dates back to the early 2000s. The program is primarily written in the C++ programming language, with low-level components for interaction with the operating system and handling rootkits.

Alternatives to Trellix Stinger:

Adlice Diag — Free Download. Full malware and rootkit diagnostic tool

Adlice Diag

Adlice Diag is a security diagnostic software developed by the team behind RogueKiller.
Price: Free   Size: 31.8 MB   Version: 4.0.1.0   OS: Windows
UnHackMe — Free Download. Rootkit removal and malware detection tool

UnHackMe

UnHackMe is a security program designed to complement existing antivirus software through manual detection of rootkits, potentially unwanted programs (PUPs), and unknown threats.
Price: Free   Size: 46.02 MB   Version: 18.10.2026.331   OS: Windows
AntiRansomware — Free Download. Protection against ransomware and data hijacking

AntiRansomware

Abelssoft AntiRansomware is a security solution specialized in detecting and preventing ransomware attacks.
Price: $29.95   Size: 17.6 MB   Version: 2025.25   OS: Windows