Tech Support banner

Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
I see many peoples have problems with this starnge Trojan.
For first I want specific thath the JS.GeoVisit is not always an I-Worm, but can be -very often- a Blaster Trojan.
It can be "stealth", act like server or simply like a cookie.
The information about this Trojan are really few, but was determined thath it is using by Internetion Internet Security Agencys[Interpool - Guardia di Finanza - State Polices: Internet Department ecc...] for monitorize the access at illegal sites -generally underground/warez/underage porn-. I fond some of thath I-Worms on arabians pages. I can't transalte by arabian but I'm pretty sure thath pages cuold contains reactionals/revoluion based argouments forums, and some USA Security Agency want to monitorize they. The I-Worm was located on music/games trade forum exspecially Spanish's formus.
Lot of trojan's servers are located on YAHOO/GEOCITIES sub pages too: the Js.GeoVist it is attached with java [Ex. [...]/script><script language="JavaScript" src="http://www.geocities.com/js_source/geov2.js">.geovisit() or /js_source/geov2.js</a></a>&quot;&gt;&lt;/script&gt;&lt;script
language=&quot;javascript&quot;&gt;geovisit()] and it can infect your pc attaching a server located [IE.5] "Local Settings\Temporary Internet Files\Content.IE5" [For Windows XP users] named like "IELib9[x].js" [x= number of copy].
The JS.GeoVisit do not make seriuos ****age at your files or folders but can log all keys in your registry.
It communicate through different port UDP: 1900 or TCP: 1036/5/4/ [someone ensure thath Js can trasmitt through port 5000 too but I never check it]


Today about 2126 htmls pages are infected by this ultra-stealth I-Worms and more of 10.000 users was infecter by the trojan and most of thay do not know to be infected. To have a real confimation try to search in www.google.com "js.geovisit" and look for the headers ">.geovisit()"


>> Pay attention: NO ONE antivirus find it! Only two small anti-trojan programs can find out it Anti GhostBusters [www.antiy.net] and The Cleaner [www.simtel.net]. This because there are a stealth trade with the provider of JS.GeoVisit and the most famous antivirus company. <<

[thexxx]*
-=[/ReaLwAReZ\]=-
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top