How to block FSO and avoid the harmful intrusion of FSO Trojans

Today, with the popularity of broadband, more and more friends are keen to set up their own websites. Although the latest patches and anti-virus software and firewall have been installed for the system, the websites are still hacked from time to time, why? To a large extent, it was attacked by the FSO Trojan.

TIPS: FSO is short for FileSystemObject, also known as the FSO component. It can detect and display information distribution of system drives, and create, change, and delete folders, it can detect whether a specified folder exists. If yes, it can also extract the folder name, creation time, and other information. FSO makes File Processing easy.

FSO Trojan is a trojan that uses Microsoft's FSO component to launch malicious attacks on the target host. The FSO component provides powerful access to the system, because it can read, create, modify, delete, and rename the target host for any operations we want, the destructive power of the FSO Trojan using this function can be imagined. How can we prevent FSO Trojan attacks? You need to bind a contact to unrebind the FSO component to disable the FSO Trojan.

Complete Blocking

In Windows, "scrrun. dll" is an important file that drives the normal operation of the FSO component. However, common users can delete, rename, or unregister the "scrrun. dll" file to avoid FSO intrusion. To register the dynamic link library, enter "Regsrv32/u % systemroot % system32scrrun. dll" in the "run" dialog box and press Enter. You can rest assured that the "scrrun. dll" file will not affect the normal operation of the system. This is the simplest method. Currently, FSO Trojans cannot use the FSO function, but we cannot use it by ourselves. You can choose based on your actual situation.

Differential treatment

The difference between blocking and blocking is a little more complicated, but it can achieve the effect of selective access. We can prevent Restricted Users from using FSO, and only allow users with administrator permissions to use it. This can effectively avoid the destruction of FSO Trojans and avoid affecting the needs of website construction, it can be said that it is a perfect solution. In the "run" dialog box, enter "cacls % systemroot % system32scrrun. dll/d guests" and press enter, so that all anonymous users (including IUSR_Machinename users) cannot use this function.

Tip: the differential treatment method requires that the partition of the system be In the NTFS format.