A system previously infected with W32/Pinkslipbot (Qakbot/QBot) may still be serving as a control server proxy for the malware. Even if all malicious components have been removed by a security product, the system may be vulnerable to attacks if it is publicly accessible over the internet. To help identify this vulnerability, McAfee Labs developed a free port-forwarding detection and removal tool specific to Pinkslipbot. This tool will also detect the Pinkslipbot control server proxy service and will disable (not remove) the service if found.
The Pinkslipbot Control Server Proxy Detection and Port-Forwarding Removal Tool is provided as-is and subject to McAfee's End User License Agreement.