Currently, ASP Trojans, which are popular on the network, mainly use the following three technologies to perform server-related operations.
1. Use the FileSystemObject component
Ii. Use the WScript. Shell component
3. Use the Shell. Application Component
Currently, the popular ASP Trojan mainly uses three technologies to perform server-related operations.
1. Use the FileSystemObject component
FileSystemObject can perform regular operations on files. You can modify the registry and rename this component to prevent the harm of such Trojans. HKEY_CLASSES_ROOTScripting.FileSystemObject and rename it to another name, for example, change it to FileSystemObject_ChangeName. You can call this component later and change the clsid value, the value of the HKEY_CLASSES_ROOTScripting.FileSystemObjectCLSID project can also be deleted to prevent the harm of such Trojans. Run RegSrv32/u C: WINNTSYSTEMscrrun. dll to log out of this component. Disable the use of scrrun. dll by Guest to prevent calling this component. Run cacls C: WINNTsystem32scrrun. dll/e/d guests
Ii. Use the WScript. Shell component
WScript. Shell can call the system kernel to run basic dos commands. You can modify the registry and rename this component to prevent the harm of such Trojans. HKEY_CLASSES_ROOTWScript.Shell and HKEY_CLASSES_ROOTWScript.Shell.1 are renamed as other names, for example, changed to WScript. shell_ChangeName or WScript. shell.1 _ ChangeName. You can call this component normally when calling it later. You also need to change the clsid value. The value of the HKEY_CLASSES_ROOTWScript.ShellCLSID project is HKEY_CLASSES_ROOTWScript.Shell.1CLSID project value, you can also delete the Trojan to prevent its harm.