Starting ASP Trojan --- Disable AdoDb.Stream Discussion Reprinted: Phantom Travel
Quoted from unkown: QUOTED from unkown: Q: I have a lot of web Trojans used this to list the file catalog, some ASP Troja is using classid to create a script object, understand how to ban this object, if you can ban This script object should be completely blocked from the ASP Trojan, like shell execution has been banned. A: 1. Depending on HKEY_CLASSES_ROOT / AdoDb.Stream / CLSID to get ClassID, my XP is {00000566-0000-0010-8000-00Aa006d2ea4}, each host should be the same. Refine this ActiveX corresponding to the DLL according to the value of HKEY_CLASSES_ROOT / CLSID / {00000566-0000-0010-8000-00AA006D2EA4} / inProcServer32. My XP is C: / Program Files / Common Files / System / ADO / MSADO15.DLL then REGSVR32 / S / U "C: / Program Files / Common Files / System / ADO / MSADO15.DLL" then puts ADODB. Stream is uninstalled. 2. Book on what to do ~~~ huh 3. The easiest way: Go to Jinshan website to find that ADODB software uninstall it! 4. ClassID was originally obtained by ZZZEVAZZZ ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ} should be the same on each host. According to HKEY_CLASSES_ROOT / C. 省 省 省 ... 省 ... 省 你 方法 显 方法 但 但 那 可能 那 可能 么 那 可能 那 可能 可能 可能 如果 可能 如果 可能 那 行,.,.......,.... I will have problems. Directly delete hkey_classes_root / adoDb.stream / clsid should be OK ???? That DLL still keeps a little 5. As long as the ASP can use the ASP Troja, it will exist if you think it is deleted. I think it is not so 6. Uninstalling ADO or none of the AdoDb.stream is not a good way because there is no ADO ASP, what can I do? 7. IE the IE patch 8. What is the relationship between the ASP Trojan running on the server? ASP Trojan uses FSO, AdoDb.Stream, and a Dictionary's script object, I think the top two is the first two objects? Is there a way to run from ASP Troja? 9. Because Adodb.Stream has a lot of problems, Microsoft has a patch in June this year, and the adodb.stream is disabled. This patch seems to modify the registry. 10. Disabled? ? My 2000sp4, XP SP1, XP SP2 can be used with adodb.stream. May just don't let IE call, even if the security level is lowered.
