Home Malware Programs Spyware W32/Pinkslipbot.gen.w


Posted: March 3, 2011

W32/Pinkslipbot.gen.w is a backdoor variant of Trojan infections. In addition to being able to download and install files without the user's permission, W32/Pinkslipbot.gen.w may open large holes in the computer's security for the purpose of allowing remote hackers to attack it. Many variants of W32/Pinkslipbot.gen.w have been reported to infect other computers easily through viral methods, making deleting W32/Pinkslipbot.gen.w quickly a necessity for the sake of other computers as well as for the sake of yours.

Fortifying Your System Against W32/Pinkslipbot.gen.w

Different versions of W32/Pinkslipbot.gen.w are noteworthy for having an extremely widespread infection rate throughout the United States, unlike most malware programs which tend to pop into the world from Russia and China. Nailing down the safety of your computer is best done through passive anti-malware detection provided by trustworthy security programs. Avoiding suspicious links and file sources will also keep your chances of running into W32/Pinkslipbot.gen.w low.

Different security programs may detect W32/Pinkslipbot.gen.w by different names, such as the following:

  • Generic19.BZCT
  • Trojan-Dropper.Win32.Drooptroop.hfr
  • Trojan:Win32/Sisproc
  • Backdoor.Coreflood

W32/Pinkslipbot.gen.w has been reported to corrupt the system registry to run on startup. This lets W32/Pinkslipbot.gen.w be active without the user having any awareness of the event; you shouldn't expect visible signs of a Trojan like W32/Pinkslipbot.gen.w until its payload is dropped.

Why You Shouldn't Let W32/Pinkslipbot.gen.w Make Itself Comfortable

The dangers associated with W32/Pinkslipbot.gen.w are fairly extreme security risks, as far as PC threats go:

  • All Trojans like W32/Pinkslipbot.gen.w are able to drop extra malware onto infected systems, thus creating an increasingly hostile environment for the user. Other malware may include password-stealing spyware, browser hijackers, and rogue anti-virus programs that pester the user with fake system alerts.
  • Reports note that W32/Pinkslipbot.gen.w is a backdoor Trojan as well. This form of Trojan creates security holes specifically to let remote attackers take a crack at your machine. Frequently, remote attacks consist of spying or stealing personal information, or using the system to perform illegal activities like the infamous DDoS attacks.
  • W32/Pinkslipbot.gen.w may block system and security programs. This will result in your computer being more vulnerable to attacks by related or unrelated malware, and can make it impossible to remove W32/Pinkslipbot.gen.w until you stop the Trojan from running.
  • There have also been some versions of W32/Pinkslipbot.gen.w that are reported to spread virally. Viral infections place preexisting files on your system in danger and can exploit networks and removable drive devices to get to new computers.

Such a laundry list of hostile actions makes it obvious that deleting W32/Pinkslipbot.gen.w is the necessary course of action, but the Trojan will not make it easy for you. Since the clock is ticking on other potential malware drops and possible system damage, you need lightning reflexes to wipe out W32/Pinkslipbot.gen.w before it can accomplish everything W32/Pinkslipbot.gen.w was designed to do.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CommonDocuments%\Server\admin.txt
    2 %CommonDocuments%\Server\hlp.dat
    3 %PROGRAM_FILES%\W32/Pinkslipbot.gen.w
    4 %Templates%\memory.tmp
    5 %Windir%\Temp\winlogon.dat
    6 c:\Documents and Settings\All Users\Start Menu\W32/Pinkslipbot.gen.w\
    7 c:\Documents and Settings\All Users\W32/Pinkslipbot.gen.w\

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]DisableSR = 0x00000001HKEY_LOCAL_MACHINE\Software\W32/Pinkslipbot.gen.w[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]HKEY..\..\..\..{RegistryKeys}DisableSR = 0x00000001