CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics > Computer Networking & Security
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  


 
 
Thread Tools Display Modes
  #1  
Old Dec 14, 2003, 08:19 AM
goone goone is offline
Member
 
Join Date: Dec 2002
Location: uk,london
Posts: 104
Default Trojan ,must read this

sponsored links

 
Taken from another forum


I see many peoples have problems with this starnge Trojan.
For first I want specific thath the JS.GeoVisit is not always an I-Worm, but can be -very often- a Blaster Trojan.
It can be "stealth", act like server or simply like a cookie.
The information about this Trojan are really few, but was determined thath it is using by Internetion Internet Security Agencys[Interpool - Guardia di Finanza - State Polices: Internet Department ecc...] for monitorize the access at illegal sites -generally underground/warez/underage ****-. I fond some of thath I-Worms on arabians pages. I can't transalte by arabian but I'm pretty sure thath pages cuold contains reactionals/revoluion based argouments forums, and some USA Security Agency want to monitorize they. The I-Worm was located on music/games trade forum exspecially Spanish's formus.
Lot of trojan's servers are located on YAHOO/GEOCITIES sub pages too: the Js.GeoVist it is attached with java [Ex. [...]/script><script language="JavaScript" src="***********.geocities.com/js_source/geov2.js">.geovisit() or /js_source/geov2.js&lt;/a&gt;&quot;&gt;&lt;/script&gt;&lt;script
language=&quot;javascript&quot;&gt;geovisit()] and it can infect your pc attaching a server located [IE.5] "Local Settings\Temporary Internet Files\Content.IE5" [For Windows XP users] named like "IELib9[x].js" [x= number of copy].
The JS.GeoVisit do not make seriuos ****age at your files or folders but can log all keys in your registry.
It communicate through different port UDP: 1900 or TCP: 1036/5/4/ [someone ensure thath Js can trasmitt through port 5000 too but I never check it]


Today about 2126 htmls pages are infected by this ultra-stealth I-Worms and more of 10.000 users was infecter by the trojan and most of thay do not know to be infected. To have a real confimation try to search in www.google.com "js.geovisit" and look for the headers ">.geovisit()"


>> Pay attention: NO ONE antivirus find it! Only two small anti-trojan programs can find out it Anti GhostBusters [www.antiy.net] and The Cleaner [www.simtel.net]. This because there are a stealth trade with the provider of JS.GeoVisit and the most famous antivirus company


***********************end ********************************8

notice the last line where it states that ghostbuster is one of 2 that will catch it!

did you also notice who uses it!!!!!!!!!!!!!!!!!!!!!!!! ___________


download here ***********.antiy.net/ghostbusters/agb4s_down.htm

it found stuff that 5 other scanners could not find
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can psu be cause of cdrw problems? [pb; club 80; win98SE] number9 CD-R & CD-RW 9 Feb 27, 2012 07:57 AM
<<<<<<<<<Novarg Virus - Read In>>>>>>>>>> gooner Open to All Computer Related Topics 4 Jan 27, 2004 08:37 PM
106 quick question makey DVD 4 Nov 03, 2003 04:27 PM
Problem with Mr. Google ??? ... All Read re: New Trojan / Hijacker MasterMind Open to All Computer Related Topics 19 Sep 14, 2003 01:37 PM
possible trojan? please read burnout Computer Networking & Security 4 Jan 14, 2002 11:07 PM


All times are GMT -5. The time now is 02:54 PM.



Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 1996-2009 CDROM-Guide.com. All rights reserved