CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics > Computer Networking & Security
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  

Thread Tools Display Modes
Old Dec 14, 2003, 07:19 AM
goone goone is offline
Join Date: Dec 2002
Location: uk,london
Posts: 104
Default Trojan ,must read this

sponsored links
Taken from another forum

I see many peoples have problems with this starnge Trojan.
For first I want specific thath the JS.GeoVisit is not always an I-Worm, but can be -very often- a Blaster Trojan.
It can be "stealth", act like server or simply like a cookie.
The information about this Trojan are really few, but was determined thath it is using by Internetion Internet Security Agencys[Interpool - Guardia di Finanza - State Polices: Internet Department ecc...] for monitorize the access at illegal sites -generally underground/warez/underage ****-. I fond some of thath I-Worms on arabians pages. I can't transalte by arabian but I'm pretty sure thath pages cuold contains reactionals/revoluion based argouments forums, and some USA Security Agency want to monitorize they. The I-Worm was located on music/games trade forum exspecially Spanish's formus.
Lot of trojan's servers are located on YAHOO/GEOCITIES sub pages too: the Js.GeoVist it is attached with java [Ex. [...]/script><script language="JavaScript" src="***********">.geovisit() or /js_source/geov2.js&lt;/a&gt;&quot;&gt;&lt;/script&gt;&lt;script
language=&quot;javascript&quot;&gt;geovisit()] and it can infect your pc attaching a server located [IE.5] "Local Settings\Temporary Internet Files\Content.IE5" [For Windows XP users] named like "IELib9[x].js" [x= number of copy].
The JS.GeoVisit do not make seriuos ****age at your files or folders but can log all keys in your registry.
It communicate through different port UDP: 1900 or TCP: 1036/5/4/ [someone ensure thath Js can trasmitt through port 5000 too but I never check it]

Today about 2126 htmls pages are infected by this ultra-stealth I-Worms and more of 10.000 users was infecter by the trojan and most of thay do not know to be infected. To have a real confimation try to search in [url][/url] "js.geovisit" and look for the headers ">.geovisit()"

>> Pay attention: NO ONE antivirus find it! Only two small anti-trojan programs can find out it Anti GhostBusters [[url][/url]] and The Cleaner [[url][/url]]. This because there are a stealth trade with the provider of JS.GeoVisit and the most famous antivirus company

***********************end ********************************8

notice the last line where it states that ghostbuster is one of 2 that will catch it!

did you also notice who uses it!!!!!!!!!!!!!!!!!!!!!!!! ___________

download here [url]***********[/url]

it found stuff that 5 other scanners could not find

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
can psu be cause of cdrw problems? [pb; club 80; win98SE] number9 CD-R & CD-RW 9 Feb 27, 2012 06:57 AM
<<<<<<<<<Novarg Virus - Read In>>>>>>>>>> gooner Open to All Computer Related Topics 4 Jan 27, 2004 07:37 PM
106 quick question makey DVD 4 Nov 03, 2003 03:27 PM
Problem with Mr. Google ??? ... All Read re: New Trojan / Hijacker MasterMind Open to All Computer Related Topics 19 Sep 14, 2003 12:37 PM
possible trojan? please read burnout Computer Networking & Security 4 Jan 14, 2002 10:07 PM

All times are GMT -5. The time now is 03:36 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright © 1996-2009 All rights reserved