Currently, the popular ASP Trojan mainly uses three technologies to perform server-related operations.

Currently, the popular ASP Trojan mainly uses three technologies to perform server-related operations.
1. Use the FileSystemObject component

FileSystemObject can perform regular operations on files

You can modify the registry and rename this component to prevent the dangers of such Trojans.

Hkey_classes_root \ Scripting. FileSystemObject \

Change the name to another name, for example, filesystemobject_changename.

You can call this component normally when you call it later.

Also change the CLSID value.

Hkey_classes_root \ Scripting. FileSystemObject \ CLSID \ project value

You can also delete the Trojan to prevent its harm.

Run regsrv32/U c: \ winnt \ System \ scrrun. DLL to log out of this component.

Disable the use of scrrun. DLL by guest users to prevent calling this component.

Run cacls c: \ winnt \ system32 \ scrrun. dll/e/d guests

Ii. Use the wscript. Shell component

Wscript. Shell can call the system kernel to run basic dos Commands

You can modify the registry and rename this component to prevent the dangers of such Trojans.

Hkey_classes_root \ wscript. Shell \

And

Hkey_classes_root \ wscript. shell.1 \

Change the name to another name, for example, wscript. shell_changename or wscript. shell.1 _ changename.

You can call this component normally when you call it later.

Also change the CLSID value.

Hkey_classes_root \ wscript. Shell \ CLSID \ project value

Hkey_classes_root \ wscript. shell.1 \ CLSID \ project value

You can also delete the Trojan to prevent its harm.

3. Use the Shell. Application Component

Shell. Application can call the system kernel to run basic dos commands.

You can modify the registry and rename this component to prevent the dangers of such Trojans.

Hkey_classes_root \ Shell. Application \

And

Hkey_classes_root \ shell. application.1 \

Change the name to another name, for example, Shell. application_changename or shell. application.1 _ changename.

You can call this component normally when you call it later.

Also change the CLSID value.

Hkey_classes_root \ Shell. Application \ CLSID \ project value

Hkey_classes_root \ Shell. Application \ CLSID \ project value

You can also delete the Trojan to prevent its harm.

Disable Guest users from using shell32.dll to prevent calling this component.

Run the following command: cacls c: \ winnt \ system32 \ shell32.dll/e/d guests.

Note: All operations take effect only after the Web Service is restarted.

Use cmd.exe

Disable the use of cmd.exe for guests

Cacls c: \ winnt \ system32 \ cmd.exe/e/d guests

The above four steps can basically prevent several popular Trojans, but the most effective way is to combine the security settings,ProgramOnly when security standards are met can a higher security level be set to prevent more illegal intrusions.