Recently, the server is always infected with Trojans. After the Network Manager checks and finds out, the server immediately finds an aspxspy or version 1.1 on the server, search online and go to the author's homepage with version 2.0. See the following description:
1. Development Environment vs2008 + C #, compatible with framework1.1/2.0, basic implementationCodeSeparated.
2. The password is 32-bit MD5 encryption (in lower case). The default password is admin.
3. All data is submitted in post mode, enhancing the concealment.
4. the IIS probe function is enhanced to traverse IIS Site Information, absolute paths, multi-domain binding, and IIS account and password.
5. added the search function for the specified file.
6. Fixed some database operation bugs.
7. Enhanced reading of the Registry. This part is completed by ***. Thank you.
8. fixed multi-thread port scanning.
9. The port forwarding function has been enhanced. For more information, see the *** code. Thank you.
Disclaimer: this tool is a security testing tool. Anyone who uses this tool is responsible for violating national laws and regulations!
It should be said that code writing is not good. After the trial, it is quite destructive. It is able to upload files and set the file to rsha, that is, the system hides files, which cannot be searched by the Administrator, there are also some features .............
Of course, it is easier for experienced windows administrators, such as me (cmd_^). First, rename the CMD file,
Run the command with the renamed CMD file. CD C: \ Myweb
Rem Website directory
C:
Dir / S * . Aspx / Ah
REM can be any extension file, such as ASP and JSP.
Can you find hidden system files?
There are too many files. What should I do?
Modify the last command line Dir / S * . Aspx / Ah > E: \ 20090820 . Txt
Rem Save the search result to E: \ 200908425txt.
Rem Among them,> "dos" is a pipeline command. I learned about this command in 1994. At that time, msdos 3.3 and psdos 9.0 coexist. Haha.
Search for the file and further check whether the FTP vulnerability, IIS, orProgramItself, or external components (such as FCKeditor ). Of course, internal problems may occur ,............
Tracking Trojans ..................