Iceberg
How to disable ADODB. STREAM
I have seen many web Trojans use this to list file directories. Some ASP Trojans use CLASSID to create Script objects,
If you know how to ban this object, you should be able to block the ASP Trojan completely,
Like SHELL execution is disabled
-------------------------------------------------------
Obtain the CLASSID based on the value of HKEY_CLASSES_ROOTADODB.StreamCLSID,
On my XP server, it should be the same on each host.
Find the dll corresponding to this ActiveX according to the value of HKEY_CLASSES_ROOTCLSID \ InprocServer32.
My XP is C: Program FilesCommon FilesSystemadomsado15.dll
Then regsvr32/s/u "C: Program FilesCommon FilesSystemadomsado15.dll"
So we uninstalled ADODB. STREAM.
---------------------------------------------------------
Your method is obviously feasible, but it will unload the entire ado (probably ).
If there are some ado applications on the machine, problems may occur.
If HKEY_CLASSES_ROOTADODB.StreamCLSID is deleted, OK ????
The dll is retained better.
---------------------------------------------------------
What is the relationship between the ASP Trojan running on the server and the IE patch?
ASP trojan uses FSO, ADODB. STREAM, and a DICTIONARY script object. I think the most important thing is that the first two are not the first two objects. Is there a way for ASP Trojan to run?
--------------------------------------------------------
Disabled ??
My 2000sp4, xp sp1, and xp sp2 can all use adodb. stream.
Probably, it is not allowed to be called by IE, even if the security level is reduced.