HomeSystemVirus Removal - Spyware

McAfee releases the remainder removal tool Pinkslipbot using a PC as a proxy

Last week, McAfee released a tool called AmIPink C2, a command-line software for Windows that removes any files left after being infected with Pinkslipbot. These remnants will help malware continue to use the poisoned computers as a transit proxy, even if the binary file of the malware has been deleted and removed completely from the computer.

Pinkslipbot is a bank trojan that appeared in 2007, also known by other names like Quakbot, Qbot and PinkSlip.

Pinkslipbot - famous malware dangerous

Pinkslipbot is a dangerous malware, mainly because it pursues specific goals. It does not chase ordinary users but previously pointed towards companies in North America, especially in outstanding industries like banking, finance, insurance .

McAfee releases the remainder removal tool Pinkslipbot using a PC as a proxy Picture 1
Pinkslipbot's residual remains on the computer even if you have removed the malware

This banking Trojan is not always active, it appears in installments, like part of a clearly planned campaign. In previous years, many security companies had followed the attacker and found many different versions of the malware. Most recently, the case was discovered by the security researchers at IBM that discovered the version of Pinkslipbot that closed Active Directory on the infected computer.

McAfee found Pinkslipbot's new move

One of the companies that has followed Pinkslipbot for the longest time is McAfee. Researchers here presented the Trojan's C&C server structure analysis and its C&C communication method at the Virus Bulletin security conference last year. While observing Pinkslipbot's campaigns, they found a new way of operating malware.

These researchers say Pinkslipbot's author is smarter than they think. According to McAfee, besides stealing user data, the trojan also uses the infected host as a proxy server to receive and transmit information from the central C&C server to other infected hosts in the network.

McAfee's new tool removes the remnants of Pinkslipbot

According to McAfee, most tools only help remove binary files, preventing trojans from stealing passwords from infected computers. This process of removing Pinkslipbot will not affect the code used to turn the computer into a proxy server, running through Windows UPnP (Universal Plug and Play).

McAfee's new tool will remove the remaining files and prevent Pinkslipbot from using a user's computer as a hub to transfer commands from C&C or retrieve stolen data through a proxy network. You can download AmIPink C2 here and read McAfee's user guide here.

4 ★ | 2 Vote
malwareremove malware

You should read it

May be interested

  • What is SOCKS Proxy? How is SOCKS Proxy different from Proxy Server?What is SOCKS Proxy? How is SOCKS Proxy different from Proxy Server?
    socks proxies are commonly used by installing as a browser extension or configuring a torrent client to use a vpn service provider's proxy server.
  • Ways to turn off Proxy settings in Windows 10Ways to turn off Proxy settings in Windows 10
    we often manually configure the proxy to surf the web through the proxy server, to improve network security. however, this feature is not always necessary as it sometimes causes network speed or bandwidth issues.
  • Learn and use the Windows Malicious Software Removal ToolLearn and use the Windows Malicious Software Removal Tool
    the microsoft windows malicious software removal tool (msrt) helps remove malware from windows computers. this tutorial will show you how to open and use the malicious software removal tool to scan and remove specific common malware in windows.
  • What is the difference between Proxy and VPN?What is the difference between Proxy and VPN?
    a proxy connects you to a remote computer and the vpn also connects you to a remote computer, so are they one? this is incorrect, let's look at the differences between them and when to use proxy and vpn.
  • McAfee officially has a new nameMcAfee officially has a new name
    intel representative said the mcafee brand has been changed to a new name and the name will be applied immediately, meaning that coming here, mcafee antivirus software will no longer have this name.
  • How to Turn Off McAfeeHow to Turn Off McAfee
    this article shows you how to temporarily turn off mcafee security center on a windows or mac computer. disabling mcafee will not remove the program from your computer. however, you need to remember that if mcafee is the only anti-virus software on your computer, turning it off can easily cause your computer to be infected with malware.
  • How to set up Tor proxy with Raspberry PiHow to set up Tor proxy with Raspberry Pi
    in today's article, you'll learn how to set up a tor proxy on your raspberry pi and use it to automatically route traffic through tor whenever you connect to your home network.
  • How to set up a proxy server in Nox App PlayerHow to set up a proxy server in Nox App Player
    although nox does not support vpn applications, but if you are using a proxy server to connect to the internet on the server, you can still configure the nox to use the same proxy server. follow the steps below to see how to configure a proxy server in the nox app player.
  • What is Proxy? Instructions for Installing Proxy Server on PC and PhoneWhat is Proxy? Instructions for Installing Proxy Server on PC and Phone
    what is a proxy? what features do they have and how to install them? find out the details with hoang ha pc in the article below.
  • McAfee exaggerates the risk of the .vn websiteMcAfee exaggerates the risk of the .vn website
    surveys with nearly 70,000 .vn websites using mcafee's website security assessment tool show that only 2.33% of websites contain malicious code, a very small percentage of the company's previous research results.

Virus Removal - Spyware