ASP Trojan mainly uses three technologies to perform related operations on the server.
First, use the FileSystemObject component
FileSystemObject can perform normal operations on files. You can modify the registry to rename this component to prevent such Trojans.
HKEY_CLASSES_ROOT\\Scripting.FileSystemObject\\ renamed to other names, such as: changed to FileSystemObject_ChangeName when you call it later, you can call this component normally, and also change the clsid value
< The value of the HKEY_CLASSES_ROOT\\Scripting.FileSystemObject\\CLSID\\ project can also be removed to prevent such Trojans from harming.
Unregister this component command: RegSrv32 /u C:\\WINNT\\SYSTEM\\scrrun.dll Prevents Guest users from using scrrun.dll to prevent this component from being called. Use the command: cacls C:\\WINNT\\system32\\scrrun.dll /e /d guests
Second, use WScript.Shell component
WScript.Shell can call the system kernel to run DOS basic commands to Rename this component by modifying the registry to prevent such Trojans from harming.
HKEY_CLASSES_ROOT\\WScript.Shell\\ and HKEY_CLASSES_ROOT\\WScript.Shell.1\\ renamed to other names, such as: WScript.Shell_ChangeName or WScript.Shell.1_ChangeName will be used when you call it later. To call this component, also change the clsid value to the value of the HKEY_CLASSES_ROOT\\WScript.Shell\\CLSID\\ project. The value of the HKEY_CLASSES_ROOT\\WScript.Shell.1\\CLSID\\ project can also be deleted to prevent such Trojans.
Third, use the Shell.Application component
Shell.Application can call the system kernel to run DOS basic commands can be modified by the registry, this component is renamed to prevent such Trojans. HKEY_CLASSES_ROOT\\Shell.Application\\ and HKEY_CLASSES_ROOT\\Shell.Application.1\\ renamed to other names, such as: changed to Shell.Application_ChangeName or Shell.Application.1_ChangeName, you can call this component when you call it later. Change the clsid value to
HKEY_CLASSES_ROOT\\Shell.Application\\CLSID\\Item Value
HKEY_CLASSES_ROOT\\Shell.Application\\CLSID\\Item Value
can also be Remove to prevent the damage of such Trojans. Guest users are prohibited from using shell32.dll to prevent this component from being called. Use the command: cacls C:\\WINNT\\system32\\shell32.dll /e /d guests
Note: The operation will take effect only after restarting the WEB service.
Fourth, call Cmd.exe
Disable the Guest group user to call cmd.execacls C:\\WINNT\\system32\\Cmd.exe /e /d guests
Step settings can basically prevent several popular Trojans, but the most effective way is to achieve a certain level of security for servers and programs through comprehensive security settings, and it is possible to set a higher security level and prevent more illegal intrusions. Br>
Click on the group and click on New Group in the right frame to creat
I am a netizen, working as a network administrator in a company. At the beginning of the year, some
VPS is basically the same as the general stand-alone Linux server. There is basically no difference
There are many popular servers at present, and some professional-grade FTP servers
A solution to IIS memory is not enough
Avoid running out of servers Parsing virtualized capacity planning
IIS commonly used MIME type Daquan
System Center Virtual Machine Manager 2008 R2 (SCVMM 2008 R2) Features and Installation Requirements
Establishing a socks5 proxy server
How to use blade servers is the most reasonable
How to enhance asp.net 1.1 /2.0 security - anti-cross-site attack
TP-link router firewall settings
What is a private virtualization server?
IIS7 configuration maximum upload attachment size needs to pay attention to the steps and steps
Apache restart on Centos, mysql restart, nginx restart method
How to add host header to apache? apache add host header method
Tips and tips for cracking xp power-on passwords
TCP/IP filtering open and close methods
Win8 and Ubuntu dual system issues
How to create a broadband connection under Win7
How to hide Win10 Defender taskbar icon Win10 Defender taskbar icon hidden method
Dual system settings boot default win8.1 system method
How Win8 System Creates User Accounts
Thunder prompts search candidate resources for error resolution
CF Singles Day is coming to find the god stick for the gold baton