cancel
Showing results for 
Search instead for 
Did you mean: 
scarney
Level 9

Stinger executable modified and may be infected

All,

We had the same problem.  We were running stinger32.exe( v.12.1.0.817 ) on an off-network system that had IE6 installed and is Windows XP, SP3, 32-bit.  When we went back on network, we upgraded to IE8 then took it back off network, reran stinger32.exe and it was fine.

Our dilemma is we can't put IE8 on the target system at this point.  So our idea is to make the USB HDD from which we are deploying our updates bootable.  We would put IE8 on it.  We boot into the USB HDD.  We have a couple of questions:

  1. We will install IE8 on a bootable USB HDD for stinger's benefit.
  2. We will boot into the USB HDD.
  3. How do we tell stinger32.exe where IE8 is?  Is a 'set PATH' good enough?
  4. While booted into the USB HDD, we want to scan the USB HDD along with all other local drives.  Will the --ADL option work while booted into the USB HDD?

--

Regards,

Sugam Shrestha and Sandra Carney

Edited by Moderator to add missing details:

  1. We would rather not boot Win XP from the external HDD, if possible
  2. We plan to install:
    • Windows XP security updates
    • McAfee Application Control(v.6.1.2)
    • Upgrade our software
  3. Our target system has IE6 installed   We can't install IE8 on the target system.  Instead, we would like to install IE8 on the external HDD for the purpose of telling stinger to look there for it.  Is this possible?

Message was edited by: Ex_Brit on 09/03/14 10:00:39 EDT AM
0 Kudos
27 Replies
Moderator
Moderator

Re: Stinger executable modified and may be infected

Hi Sandra,

Kindly Clarify the below ,

1) Whether you are trying to boot Win XP from an External HDD ? If Yes will you be removing the existing Internal HDD?

2) Whether are you going to use external HDD for installing Windows Updates alone - IE 8

3) Stinger will check the Default Program Files directory for IE 8  present in the Master Internal drive wherein Windows is Installed - Were you referring  to change this path to the External HDD?

0 Kudos
exbrit
Level 21

Re: Stinger executable modified and may be infected

I apologise.  I tried to branch the entire conversation out so that I could move it to Application Control and half of the posts were left behind.   Not my fault, but the board's.

Anyway if you want to start over again here, now that I've moved it, then that's fine.

I've added the salient comments to the first post here.

.


Message was edited by: Ex_Brit on 09/03/14 10:02:39 EDT AM
0 Kudos
exbrit
Level 21

Re: Stinger executable modified and may be infected

To answer the question about installing IE8 on the external drive...you can't do that unfortunately.   It has to be installed in the operating system and the operating system can't be installed on an external drive, unless that drive is eSATA and set in the BIOS to boot first.

Message was edited by: Ex_Brit on 09/03/14 10:50:02 EDT AM
0 Kudos
scarney
Level 9

Re: Stinger executable modified and may be infected

All,

Sorry I brought up Application Control.  This is not central to our problem.  I was merely clarifying what we are installing.  The central problem is that stinger doesn't work because we only have IE6 on the target system.

Ex_Brit answered my question regarding installing IE8 on an external drive.

So my next question is can I tell stinger through some sort of command line option, environment variable, or registry setting to not check for updates.  It is failing in the check for updates due to no access to the internet.

--

Regards,

Sandra Carney

0 Kudos
exbrit
Level 21

Re: Stinger executable modified and may be infected

No I don't believe there is a way other than unchecking the rootkit scan optiion because it is that option that looks for updates.

But Selvan is the support guy and he may know more than I.

Message was edited by: Ex_Brit on 09/03/14 7:39:47 EDT PM
0 Kudos
wh250009
Level 7

Re: Stinger executable modified and may be infected

For test i've upgraded one PC to IE8 and i still get the message 'Stinger executable modified and may be infected'.

Also i received no reaction from stinger@avertlabs.com

0 Kudos
vinoo
Level 13

Re: Stinger executable modified and may be infected

>> For test i've upgraded one PC to IE8 and i still get the message 'Stinger executable modified and may be infected'.

Stinger executable is now signed using a newer digital certificate. This cert maybe be part of the root certificates trusted by older OS like WinXP.

If a windows update was applied - this is resolved. One can also manually apply the root certificate patch to XP. Get it from: http://www.microsoft.com/en-us/download/details.aspx?id=41084

Cheers,

Vinoo

0 Kudos
scarney
Level 9

Re: Stinger executable modified and may be infected

The windows update would be great.  Unfortunately, the target system is a medical device that has already gone through validation.  We are at the end of the release cycle and are out of time.  Are there any other options?

--

Thanx,

Sandra Carney

0 Kudos
scarney
Level 9

Re: Stinger executable modified and may be infected

We still get the message, too.  That isn't the problem.  The trouble starts in the next step which is with IE6, stinger attempts to look for updates and fails out.  It never conducts the scan.  It never brings up the options dialog.  When we installed IE8 as a test, then the next step consisted of bringing up the dialog.  Once the dialog was dismissed, it conducted the scan.

--

Regards,

Sandra Carney

0 Kudos