Prevents ASP trojans from running on servers

If your server is suffering from ASP Trojans, I hope this article will help you solve your problems.

Currently, the popular ASP Trojan mainly uses three technologies to perform server-related operations.

1. Use the FileSystemObject component

FileSystemObject can perform regular operations on files

You can modify the registry and rename this component to prevent the dangers of such Trojans.

HKEY_CLASSES_ROOT \ Scripting. FileSystemObject \ is renamed to another name, for example, FileSystemObject_ChangeName.

You can call this component normally when you call it later.

Also change the clsid value.

HKEY_CLASSES_ROOT \ Scripting. FileSystemObject \ CLSID \ project value

You can also delete the Trojan to prevent its harm.

Run RegSvr32/u C: \ WINNT \ SYSTEM32 \ scrrun. dll to log out of this component.

Disable the use of scrrun. dll by Guest users to prevent calling this component.

Run cacls C: \ WINNT \ system32 \ scrrun. dll/e/d guests

Ii. Use the WScript. Shell component

WScript. Shell can call the system kernel to run basic dos Commands

You can modify the registry and rename this component to prevent the dangers of such Trojans.

HKEY_CLASSES_ROOT \ WScript. Shell \ and HKEY_CLASSES_ROOT \ WScript. Shell.1 \ are renamed as other names, for example, changed to WScript. Shell_ChangeName or WScript. Shell.1 _ ChangeName.

You can call this component normally when you call it later.

Also change the clsid value.

HKEY_CLASSES_ROOT \ WScript. Shell \ CLSID \ project value
HKEY_CLASSES_ROOT \ WScript. Shell.1 \ CLSID \ project value

You can also delete the Trojan to prevent its harm.

3. Use the Shell. Application Component

Shell. Application can call the system kernel to run basic dos commands.

You can modify the registry and rename this component to prevent the dangers of such Trojans.

HKEY_CLASSES_ROOT \ Shell. Application \
And HKEY_CLASSES_ROOT \ Shell. Application.1 \
Change the name to another name, for example, Shell. Application_ChangeName or Shell. Application.1 _ ChangeName.

You can call this component normally when you call it later.

Also change the clsid value.

HKEY_CLASSES_ROOT \ Shell. Application \ CLSID \ project value
HKEY_CLASSES_ROOT \ Shell. Application \ CLSID \ project value

You can also delete the Trojan to prevent its harm.

Disable Guest users from using shell32.dll to prevent calling this component.

Run the following command: cacls C: \ WINNT \ system32 \ shell32.dll/e/d guests.
Note: All operations take effect only after the WEB Service is restarted.

Use cmd.exe

Disable the use of cmd.exe for guests
Cacls C: \ WINNT \ system32 \ Cmd.exe/e/d guests

The above four steps can be used to prevent several popular Trojans, but the most effective method is to achieve the server and program security standards through comprehensive security settings, to prevent more illegal intrusions.