Trellix logo
Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Gartner Marketplace Guide (XDR)
Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."

Trellix Launches Advanced Threat Research Center
Trellix Launches Advanced Research Center

Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.

The Threat Report - Fall 2022
Latest Report

Trellix Advanced Research Center analyzes Q3 2022 threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool

 

How to Use Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool

A system previously infected with W32/Pinkslipbot may still be serving as a control server proxy for the malware. Even if all malicious components have been removed by a security product, the system may be vulnerable to attacks if it is publicly accessible over the internet. To help identify this vulnerability, Trellix developed a free port-forwarding detection and removal tool specific to Pinkslipbot. This tool will also detect the Pinkslipbot control server proxy service and will disable (not remove) the service if found.

The Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool is provided as-is and subject to Trellix's End User License Agreement.

Pinkslipbot C&C Proxy Checker

Copyright © 2022 Musarubra US LLC

Pinkslipbot C&C Proxy Checker is a command line tool to detect and remove port-forwarding rules maliciously created by W32/Pinkslipbot on home routers. In addition, the tool can detect and disable the malicious service used to repurpose infected machines as command-and-control servers.

Commands

CommandDescription

-h (or) –help (or) /?

Show this help message

-d (or) –del (or) /del

Remove Malicious Port Mappings and Disable Pinkslipbot C&C Service

--thirdparty

Display License Information for third-party libraries used.

 

System Requirements

To use this tool, you must have:

  • A computer running Windows XP or higher
  • An active network connection

Usage

To use this tool, open a command-prompt window and execute the program without any parameters like so.

C:\>AmIPinkC2.exe

This runs the tool in “Detect ONLY” mode where it finds malicious Pinkslipbot services and portforwarding rules but does not remove them. The screenshot below shows the output of the tool when it finds a malicious service installed on the local machine and port-forwarding rules created on the router.


how-to-use-interceptor-ss1

If no infection is found, your system is not vulnerable and you do not need to do anything else.

However, if the output from your execution looks like the screenshot above, you should run the tool again from an elevated command-prompt and pass the “/del” parameter. This instructs the tool to disable the malicious service and remove maliciously created port forwarding rules on your router. The screenshot below shows the output of the tool when run with the “/del” parameter.

Third-Party Licenses

This tool uses “MiniUPnPc”, an excellent open-source library for adding UPnP IGD control point support. Its license is listed as follows.

MiniUPnPc

Copyright (c) 2005-2016, Thomas BERNARD All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Download the Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool

Building a Culture of Security

Businesses have too much to lose if they don't prioritize security at every entry level. With more date to protect and cyberthreats eveolving, everyone must play a part in creating a culture of security. Let our Free Tools help implement a 'security-first' mindset across your entire company

Need a little more protectionfor your business?

Explore the Trellix Platform