[Continued] A simple defense method for a horrible Trojan, aspxspy

Yesterday's essay reprinted a simple defense method for the horrible Trojan Horse aspxspy ..

Follow the above solution.

One method:
We can also make the following simple settings:
% SystemRoot %/servicepackfiles/i386/activeds. dll
% SystemRoot %/system32/activeds. dll
% SystemRoot %/system32/activeds. TLB
Search for these two files, remove the user group and powers group, and retain only the permissions of administrators and systems .. if there are other groups, please remove them all .. this will prevent such trojans from listing the physical paths of all sites...

 

I tried it on the server and removed the user group and powers group of activeds. dll and activeds. TLB .. Only the administrative and system permissions are retained ..

But today the problem is coming .. After the scheduled start of the evening yesterday, the website cannot be opened today, and the remote connection cannot be connected .. Restart the server in the IDC .. Still .. Finally, there is no way to log on to the IDC with your account .. Is the cause of activds. dll. Activeds. dll and activeds. TLB cannot remove the user group .. Alas...

 

Baidu knows that one of them is the same as mine.

 

2. How can I avoid iisspy listing the physical paths of all websites under IIS? (I checked on the Internet that activeds can be used. DLL and activeds. the permissions of the two TLB files are removed from the power user and users groups. I can test it on a virtual machine, but I can test it on three servers, after the permissions of these two user groups are deleted and the server is restarted, the server cannot be started, the server cannot be connected to the Internet, and ping does not respond. In addition, an error message indicating that SQL server has been started for more than 16 minutes is displayed in the Event Viewer)
 

 

I don't know which one has a better solution ?.