First, use FileSystemObject components
FileSystemObject can regularly perform files
You can change this component by modifying the registry, to prevent the harm of such Trojans.
HKEY_CLASS_ROOT / SCRIPTING.FILESYSTEMOBJECT /
Renamed other names, such as: change to FileSystemObject_changename
This component can be called normally when you call it.
Also change the CLSID value
HKEY_CLASS_ROOT / SCRIPTING.FILESYSTEMOBJECT / CLSID / item value
It can also be deleted to prevent the harm of such Trojans.
Log out of this component command: Regsrv32 / u c: /winnt/system/scrrun.dll
Guest users are prohibited from using Scrrun.dll to prevent calling this component.
Use command: Cacls C: /Winnt/System32/scrrun.dll / e / d guests
Second, use WScript.Shell components
WScript.shell can call the system kernel to run the DOS basic command
You can change this component by modifying the registry, to prevent the harm of such Trojans.
HKEY_CLASSES_ROOT / WScript.Shell /
and
HKEY_CLASS_ROOT / WScript.Shell.1 /
Renamed other names, such as: change to wscript.shell_changeename or wscript.shell.1_changename
This component can be called normally when you call it.
Also change the CLSID value
HKEY_CLASS_ROOT / WScript.Shell / CLSID / item value
HKEY_CLASES_ROOT / WScript.Shell.1 / CLSID / project value
It can also be deleted to prevent the harm of such Trojans.
Third, use shell.application components
Shell.Application can call the system kernel to run the DOS basic command
You can change this component by modifying the registry, to prevent the harm of such Trojans.
HKEY_CLASS_ROOT / shell.Application /
and
HKEY_CLASS_ROOT / shell.Application.1 /
Renamed other names, such as: change to shell.Application_changename or shell.application.1_changename
This component can be called normally when you call it.
Also change the CLSID value
HKEY_CLASSES_ROOT / SHELL.Application / CLSID / item value
HKEY_CLASSES_ROOT / SHELL.Application / CLSID / item value
It can also be deleted to prevent the harm of such Trojans.
Guest users are prohibited from using shell32.dll to prevent calling this component.
Use commands: Cacls C: /Winnt/System32/Shell32.dll / e / d guests
Note: The operation will take effect after restarting the Web service.
Fourth, call cmd.exe
Disable guests group users call cmd.exe
Cacls C: /Winnt/System32/cmd.exe / E / D Guests
Through the above four steps, it can basically prevent several popular Trojans, but the most effective way is to synthesize
Security settings, the server, program security has reached a certain standard, and it is possible to set the security level setting, prevent more illegal
Intrusion.
