Generally, the ASP Trojan often operates the server through the following four points, so we only need to set up the one to set up a one -one
There are many webmasters who use the IIS server before, especially for the ASP website, preventing ASP Trojan from becoming the most critical content of the website security.
Generally, the ASP Trojan often operates the server through the following four points, so as long as we set up a one -shift, we can effectively prevent the invasion of the ASP Trojan from a certain extent.
1. Use FileSystemObject component
FilesystemObject can perform conventional operations on the file
It can be renamed by modifying the registry to prevent the harm of such Trojans.
HKEY_CLLASSES_ROOT/Scripting.FilesystemObject/
Refers to other names, such as: change to FilesystemObject_Changename
Use this when you call it later, you can call this component normally
Also change the CLSID value
HKEY_CLASSSES_ROT/Scripting.filesystemObject/CLSID/Project
You can also delete it to prevent the harm of such Trojans.
Logging out this component command: regsrv32/u C: /winnt/system/scrrun.dll
It is forbidden to use scrrun.dll to prevent calling this component.
Use command: CACLS C: /Winnt/system32/scrrun.dll/E/D Guests
Second, use WScript.shell component
WScript.shell can call the system kernel running the basic command of DOS
It can be renamed by modifying the registry to prevent the harm of such Trojans.
HKEY_CLLASSES_ROOT/WScript.shell/and
HKEY_CLASSSES_ROOT/WScript.shell.1/
Refers to other names, such as: change to wscript.shell_changename or wscript.shell.1_changename
Use this when you call it later, you can call this component normally
Also change the CLSID value
HKEY_CLLASSES_ROOT/WScript.shell/CLSID/Project value
HKEY_CLASSES_ROOT/WScript.shell.1/CLSID/items
You can also delete it to prevent the harm of such Trojans.
3. Use shell.application components
Shell.application can call the system kernel running the basic command of DOS
It can be renamed by modifying the registry to prevent the harm of such Trojans.
HKEY_CLLASSES_ROOT/Shell.application/and
HKEY_CLASSSES_ROOT/Shell.application.1/
Renamed other names, such as: shouapplication_changename or shell.Application.1_CHANGENAME
Use this when you call it later, you can call this component normally
To change the CLSID value
HKEY_CLASSES_ROOT/Shell.application/CLSID/Project value
HKEY_CLASSES_ROOT/Shell.application/CLSID/Project value
You can also delete it to prevent the harm of such Trojans.
Forbidden Guest users from using shell32.dll to prevent calling this component.
Use command: CACLS C: /winnt/system32/shell32.dll/E/D Guests
Note: All operations need to be restarted after the web service.
Fourth, call cmd.exe
Disable the Gueests group user calls CMD.EXE
CACLS C: /winnt/system32/cmd.exe/E/D Guests