If your server is supported. NET then you should pay attention.

Some time ago the unit of the server was uploaded one. NET Trojan, this time let me realize that I have not seen before upload Trojan tricks, and also find some countermeasures, I have a lot of outdated forums have servers, and share it out to everyone. The. NET Trojan is very strong at present, download address: http://www.rootkit.net.cn/ article.asp?id=132 (You can upload to your server to see what you can do on your system) this Trojan is one. NET program production, if your server support. NET that must pay attention to,, into the Trojan has a function called: IIS Spy, click to see the physical path of all sites. A lot of people have been raised before, but no one has ever solved the answer. Defensive method: "%systemroot%/servicepackfiles/i386/activeds.dll"%systemroot%/system32/activeds.dll "%SystemRoot%/system32 /activeds.tlb searches These two files, removes the user group and Powers group, and retains only Administrators and system permissions ... If there are other groups please remove them all. This will prevent this Trojan list all the physical path of the site ... ASP program recently encountered a upload image, but if the upload image folder to the IIS executable script permissions, then he uploaded. jpg image can also perform ASP Trojan. The format of the upload is: xxx.asp;_200.jpg Note he is in the format of. jpg upload, but there is. asp, this can also execute script, should also be IIS bug. Workaround: A directory that can be uploaded to IIS does not allow permissions to execute scripts. Second, the use of other files with the protection of software to prevent *.asp;*.jpg write files. Third, all directories are allowed to read, as long as the folder is written in IIS please change the script to none. If you don't have a friend of the server, that's no way to get a horse, unless you can coordinate with the space trader to do these things for you.