Currently popular ASP Trojans are mainly related to the server by three technologies.
First, use FileSystemObject components
FileSystemObject can regularly perform files
You can change this component by modifying the registry, to prevent the harm of such Trojans.
HKEY_CLASS_ROOT / SCRIPTING.FILESystemObject / Remove Name, such as change to FileSystemObject_changename
This component can be called normally when you call it.
Also do the CLSID value also change the value of hkey_classes_root / scripting.FileSystemObject / CLSID / project
It can also be deleted to prevent the harm of such Trojans.
Log out of this component command: Regsrv32 / u c: /winnt/system/scrrun.dll
Guest users are prohibited from using Scrrun.dll to prevent calling this component. Use command: Cacls C: /Winnt/System32/scrrun.dll / e / d guests
Second, use WScript.Shell components
WScript.shell can call the system kernel to run the DOS basic command
You can change this component by modifying the registry, to prevent the harm of such Trojans.
HKEY_CLASS_ROOT / WScript.Shell / and HKEY_CLASS_ROOT / WScript.Shell.1 / Remove Name, such as: change to wscript.shell_changeename or wscript.shell.1_changename
This component can be called normally when you call it.
Also do the CLSID value also change the value of hkey_classes_root / wscript.shell / clsid / item HKEY_CLASS_ROOT / WScript.Shell.1 / CLSID / project
It can also be deleted to prevent the harm of such Trojans.
Third, use shell.application components
Shell.Application can call the system kernel to run the DOS basic command
You can change this component by modifying the registry, to prevent the harm of such Trojans.
HKEY_CLASS_ROOT / shell.application / and hkey_classes_root / shell.application.1 / renamed other names, such as: change to shell.application_changename or shell.application.1_changename
This component can be called normally when you call it.
Also do the CLSID value also change the value of hkey_classes_root / shell.application / clsid / project's value hkey_classes_root / shell.Application / CLSID / project
It can also be deleted to prevent the harm of such Trojans.
Guest users are prohibited from using shell32.dll to prevent calling this component. Use commands: Cacls C: /Winnt/System32/Shell32.dll / e / d guests
Note: The operation will take effect after restarting the Web service.
Fourth, call cmd.exe
Disable guests group users call cmd.exe
Cacls C: /Winnt/System32/cmd.exe / E / D Guests
Through the above four steps, it is basically able to prevent several popular Trojans, but the most effective way is to reach a certain standard by integrated security settings, the server, and program security may be higher, and the security level setting is high, prevent more Illegal invasion.
