The advent of broadband ban FSO to avoid the intrusion of the Trojan program

In the broadband is very popular today, more and more friends are keen to set up their own websites, although to the system to play the latest patches, but also installed anti-virus software and firewalls, but the site is still occasionally black, why? To a large extent, the FSO was attacked.

Small knowledge: FSO is the abbreviation of FileSystemObject, commonly known as FSO components, this component can detect and display system drive information distribution, can create, change, delete folder, can detect the existence of a specified folder, if it exists, you can also extract the name of the folder, Create time information. The FSO makes it easy to process files.

FSO Trojan is the use of Microsoft's FSO component of the target host malicious attack Trojan. FSO components provide a powerful access to the system, just because it can read to the target host, new, Modified, deleted, renamed and so on any of the operations we can want to use the function of the FSO Trojan destructive power can be imagined. How can we prevent the intrusion of the FSO? We need to ring the bell people, we just kill the FSO components to allow the FSO Trojan No technology can be applied.

The total ban of the law

In the Windows operating system, "Scrrun.dll" is an important file that drives the FSO component to function properly. But for ordinary users, the "Scrrun.dll" file can be deleted, renamed or unregistered, so as to avoid the FSO intrusion. To unregister the dynamic-link library, we simply enter "regsrv32/u%systemroot%/system32/scrrun.dll" in the "Run" dialog box and return. Everyone can rest assured that the Scrrun.dll "" "File on the system does not have the slightest impact on the normal operation. This is the simplest way, now the FSO can not use the FSO function, but we also can not use, users can choose according to their actual situation.

Differential treatment method

Relatively complete ban, the difference treatment method to be more complicated, but can achieve the effect of selective release. We can make limited users cannot use FSO, only allow users with administrator privileges to use, can effectively avoid the destruction of the FSO, but also can not affect their own set up the site needs, is a qimei solution. Enter "cacls%systemroot%/system32/scrrun.dll/d guests" in the Run dialog box and enter, so that all anonymous users, including IUSR_machinename users, will not be able to use the feature.

Hint: The differential treatment requires that the system be partitioned into NTFS format.