A system previously infected with W32/Pinkslipbot may still be serving as a control server proxy for the malware. Even if all malicious components have been removed by a security product, the system may be vulnerable to attacks if it is publicly accessible over the internet. To help identify this vulnerability, Trellix developed a free port-forwarding detection and removal tool specific to Pinkslipbot. This tool will also detect the Pinkslipbot control server proxy service and will disable (not remove) the service if found.
The Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool is provided as-is and subject to Trellix's End User License Agreement.
Copyright © 2022 Musarubra US LLC
Pinkslipbot C&C Proxy Checker is a command line tool to detect and remove port-forwarding rules maliciously created by W32/Pinkslipbot on home routers. In addition, the tool can detect and disable the malicious service used to repurpose infected machines as command-and-control servers.
-h (or) –help (or) /?
Show this help message
-d (or) –del (or) /del
Remove Malicious Port Mappings and Disable Pinkslipbot C&C Service
--thirdparty
Display License Information for third-party libraries used.
To use this tool, you must have:
To use this tool, open a command-prompt window and execute the program without any parameters like so.
C:\>AmIPinkC2.exe
This runs the tool in “Detect ONLY” mode where it finds malicious Pinkslipbot services and portforwarding rules but does not remove them. The screenshot below shows the output of the tool when it finds a malicious service installed on the local machine and port-forwarding rules created on the router.
If no infection is found, your system is not vulnerable and you do not need to do anything else.
However, if the output from your execution looks like the screenshot above, you should run the tool again from an elevated command-prompt and pass the “/del” parameter. This instructs the tool to disable the malicious service and remove maliciously created port forwarding rules on your router. The screenshot below shows the output of the tool when run with the “/del” parameter.
This tool uses “MiniUPnPc”, an excellent open-source library for adding UPnP IGD control point support. Its license is listed as follows.
MiniUPnPc
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Download the Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool
Businesses have too much to lose if they don't prioritize security at every entry level. With more date to protect and cyberthreats eveolving, everyone must play a part in creating a culture of security. Let our Free Tools help implement a 'security-first' mindset across your entire company
Need a little more protectionfor your business?
Explore the Trellix Platform