Prevent ASP Trojans from running on the server

If your server is being plagued by ASP Trojans, then I hope this article can help you solve the problem you are facing.

more popular ASP Trojan mainly related operations to the server through three techniques.

First, use the FileSystemObject component FileSystemObject can file

routine operations

can modify the registry, the component was renamed, to prevent the harm of such Trojans.

HKEY_CLASSES_ROOT \\ Scripting.FileSystemObject \\
changed its name to other names, such as: their future instead FileSystemObject_ChangeName

call when using this component you can call this a normal
< BR> clsid value will also have to change it
HKEY_CLASSES_ROOT \\ Scripting.FileSystemObject \\ value

cLSID \\ project can be deleted to prevent the danger of such Trojans.

cancellation of this component command: RegSrv32 /u C: \\ WINNT \\ SYSTEM \\ scrrun.dll

ban to prevent Guest users scrrun.dll call this component.
use the command: cacls C: \\ WINNT \\ system32 \\ scrrun.dll /e /d guests

Second, the use WScript.Shell assembly

WScript.Shell DOS operating system kernel can call the the basic command

can modify the registry, the component was renamed, to prevent the harm of such Trojans.

HKEY_CLASSES_ROOT \\ WScript.Shell \\
and
HKEY_CLASSES_ROOT \\ WScript.Shell.1 \\
changed its name to other names, such as: change WScript.Shell_ChangeName or WScript.Shell.1_ChangeName < BR>
own time after the call to use this component you can call this a normal

clsid value will also have to change it
HKEY_CLASSES_ROOT \\ WScript.Shell \\ value
cLSID \\ project value

HKEY_CLASSES_ROOT \\ WScript.Shell.1 \\ CLSID \\ project can be deleted to prevent the danger of such Trojans.

Third, the use Shell.Application components

Shell.Application can call the kernel to run basic DOS commands

can modify the registry, the component was renamed, to prevent this The hazards of Trojans.

HKEY_CLASSES_ROOT \\ Shell.Application \\
and
HKEY_CLASSES_ROOT \\ Shell.Application.1 \\
changed its name to other names, such as: change Shell.Application_ChangeName or Shell.Application.1_ChangeName < BR>
own time after the call to use this component you can call this a normal

clsid value will also have to change it
HKEY_CLASSES_ROOT \\ Shell.Application \\ value
cLSID \\ project HKEY_CLASSES_ROOT \\ Shell.Application \\ value

CLSID \\ project can be deleted to prevent the danger of such Trojans.

ban to prevent Guest users shell32.dll call this component.
use the command: cacls C: \\ WINNT \\ system32 \\ shell32.dll /e /d guests

Note: operations are required to take effect after you restart the WEB service.

four, call disable the Cmd.exe

Guests group call user cmd.exe

cacls C: \\ WINNT \\ system32 \\ Cmd.exe /e /d guests

Through the above four steps, you can basically prevent several popular Trojans, but the most effective way is to set the security level to a higher level by setting the server and program security to a certain standard through comprehensive security settings. To prevent more illegal intrusions.