Trojan-Dropper.Win32.Agent.albv - this one is high risk, as you can see it have name “Trojan” so this mean that your computer can be one of millions zombies which will be used to send spam or ddos websites, so I recommend you as soon as possible to remove this one.

How to remove ?

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Open Task Manager this you can do by holding crtl+alt+delete.

Find process file svhost.exe and kill this file.

Go to start run and write regedit.exe then find registry: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WSVCHO” = “%WinDir%\system\svhost.exe” and delete.

Then go to %WinDir%\system\ find file svhost.exe and delete.

Then done restart your computer.

If this will not help you should download Kaspersky antivirus which will remove this trojan.

W32.Troresba is low risk worm. This worm spreads through removable drives and network shares.

What this worm do ?

This worm copies itself as the following files:

* %ProgramFiles%\Analog Devices.exe
* %ProgramFiles%\Analog Devices\SoundMAX.exe
* %ProgramFiles%\Common Files.exe
* %ProgramFiles%\Common Files\InstallShield.exe
* %ProgramFiles%\Common Files\Microsoft Shared.exe
* %ProgramFiles%\Common Files\MSSoap.exe
* %ProgramFiles%\Common Files\ODBC.exe
* %ProgramFiles%\Common Files\Services.exe
* %ProgramFiles%\Common Files\SpeechEngines.exe
* %ProgramFiles%\Common Files\System.exe
* %ProgramFiles%\ComPlus Applications.exe
* %ProgramFiles%\InstallShield Installation Information.exe
* %ProgramFiles%\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}.exe
* %ProgramFiles%\Internet Explorer.exe
* %ProgramFiles%\Internet Explorer\Connection Wizard.exe
* %ProgramFiles%\Internet Explorer\PLUGINS.exe
* %ProgramFiles%\Internet Explorer\SIGNUP.exe
* %ProgramFiles%\Messenger.exe
* %ProgramFiles%\microsoft frontpage.exe
* %ProgramFiles%\microsoft frontpage\version3.0.exe
* %ProgramFiles%\Movie Maker.exe
* %ProgramFiles%\Movie Maker\MUI.exe
* %ProgramFiles%\Movie Maker\Shared.exe
* %ProgramFiles%\NetMeeting.exe
* %ProgramFiles%\Online Services.exe
* %ProgramFiles%\Outlook Express.exe
* %ProgramFiles%\Uninstall Information.exe
* %ProgramFiles%\Windows Media Player.exe
* %ProgramFiles%\Windows Media Player\Icons.exe
* %ProgramFiles%\Windows Media Player\Sample Playlists.exe
* %ProgramFiles%\Windows Media Player\Skins.exe
* %ProgramFiles%\Windows Media Player\Visualizations.exe
* %ProgramFiles%\Windows NT.exe
* %ProgramFiles%\Windows NT\Accessories.exe
* %ProgramFiles%\Windows NT\Pinball.exe
* %ProgramFiles%\WindowsUpdate.exe
* %ProgramFiles%\xerox.exe
* %ProgramFiles%\xerox\nwwia.exe
* %System%\1025.exe
* %System%\1028.exe
* %System%\1031.exe
* %System%\1033.exe
* %System%\1037.exe
* %System%\1041.exe
* %System%\1042.exe
* %System%\1054.exe
* %System%\2052.exe
* %System%\3076.exe
* %System%\3com_dmi.exe
* %System%\[ORIGINAL THREAT FILE NAME].exe
* %System%\appmgmt.exe
* %System%\CatRoot.exe
* %System%\CatRoot2.exe
* %System%\Com.exe
* %System%\config.exe
* %System%\config\systemprofile\Start Menu\Programs\Startup\[ORIGINAL THREAT FILE NAME].exe
* %System%\dhcp.exe
* %System%\DirectX.exe
* %System%\dllcache.exe
* %System%\drivers.exe
* %System%\export.exe
* %System%\ias.exe
* %System%\icsxml.exe
* %System%\IME.exe
* %System%\inetsrv.exe
* %System%\Macromed.exe
* %System%\Microsoft.exe
* %System%\mui.exe
* %System%\npp.exe
* %System%\NtmsData.exe
* %System%\oobe.exe
* %System%\ras.exe
* %System%\ReinstallBackups.exe
* %System%\Restore.exe
* %System%\ShellExt.exe
* %System%\spool.exe
* %System%\usmt.exe
* %System%\wbem.exe
* %System%\wins.exe
* %System%\xircom.exe
* %SystemDrive%\Config.Msi.exe
* %SystemDrive%\Documents and Settings.exe
* %SystemDrive%\Documents and Settings\Administrator.exe
* %SystemDrive%\Documents and Settings\Administrator\Application Data.exe
* %SystemDrive%\Documents and Settings\Administrator\Cookies.exe
* %SystemDrive%\Documents and Settings\Administrator\Desktop.exe
* %SystemDrive%\Documents and Settings\Administrator\Favorites.exe
* %SystemDrive%\Documents and Settings\Administrator\Local Settings.exe
* %SystemDrive%\Documents and Settings\Administrator\My Documents.exe
* %SystemDrive%\Documents and Settings\Administrator\NetHood.exe
* %SystemDrive%\Documents and Settings\Administrator\PrintHood.exe
* %SystemDrive%\Documents and Settings\Administrator\Recent.exe
* %SystemDrive%\Documents and Settings\Administrator\SendTo.exe
* %SystemDrive%\Documents and Settings\Administrator\Start Menu.exe
* %SystemDrive%\Documents and Settings\Administrator\Templates.exe
* %SystemDrive%\Documents and Settings\All Users.exe
* %SystemDrive%\Documents and Settings\All Users\Application Data.exe
* %SystemDrive%\Documents and Settings\All Users\Desktop.exe
* %SystemDrive%\Documents and Settings\All Users\Desktop\My Documents.exe
* %SystemDrive%\Documents and Settings\All Users\Documents.exe
* %SystemDrive%\Documents and Settings\All Users\DRM.exe
* %SystemDrive%\Documents and Settings\All Users\Favorites.exe
* %SystemDrive%\Documents and Settings\All Users\Start Menu.exe
* %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[ORIGINAL THREAT FILE NAME].exe
* %SystemDrive%\Documents and Settings\All Users\Templates.exe
* %SystemDrive%\Documents and Settings\Default User.exe
* %SystemDrive%\Documents and Settings\Default User\Application Data.exe
* %SystemDrive%\Documents and Settings\Default User\Cookies.exe
* %SystemDrive%\Documents and Settings\Default User\Desktop.exe
* %SystemDrive%\Documents and Settings\Default User\Favorites.exe
* %SystemDrive%\Documents and Settings\Default User\Local Settings.exe
* %SystemDrive%\Documents and Settings\Default User\My Documents.exe
* %SystemDrive%\Documents and Settings\Default User\NetHood.exe
* %SystemDrive%\Documents and Settings\Default User\PrintHood.exe
* %SystemDrive%\Documents and Settings\Default User\Recent.exe
* %SystemDrive%\Documents and Settings\Default User\SendTo.exe
* %SystemDrive%\Documents and Settings\Default User\Start Menu.exe
* %SystemDrive%\Documents and Settings\Default User\Templates.exe
* %SystemDrive%\Documents and Settings\LocalService.exe
* %SystemDrive%\Documents and Settings\LocalService\Application Data.exe
* %SystemDrive%\Documents and Settings\LocalService\Cookies.exe
* %SystemDrive%\Documents and Settings\LocalService\Local Settings.exe
* %SystemDrive%\Documents and Settings\NetworkService.exe
* %SystemDrive%\Documents and Settings\NetworkService\Application Data.exe
* %SystemDrive%\Documents and Settings\NetworkService\Cookies.exe
* %SystemDrive%\Documents and Settings\NetworkService\Local Settings.exe
* %SystemDrive%\Documents and Settings\VirusMaster.exe
* %SystemDrive%\Program Files.exe
* %SystemDrive%\RECYCLER.exe
* %SystemDrive%\RECYCLER\[SID].exe
* %SystemDrive%\System Volume Information.exe
* %SystemDrive%\temp.exe
* %SystemDrive%\WINDOWS.exe
* %UserProfile%\Application Data.exe
* %UserProfile%\Cookies.exe
* %UserProfile%\Desktop.exe
* %UserProfile%\Favorites.exe
* %UserProfile%\Local Settings.exe
* %UserProfile%\My Documents.exe
* %UserProfile%\NetHood.exe
* %UserProfile%\PrintHood.exe
* %UserProfile%\Recent.exe
* %UserProfile%\SendTo.exe
* %UserProfile%\Start Menu.exe
* %UserProfile%\Templates.exe
* %Windir%\[ORIGINAL THREAT FILE NAME].exe
* %Windir%\AppPatch.exe
* %Windir%\Config.exe
* %Windir%\Config\[ORIGINAL THREAT FILE NAME].exe
* %Windir%\Config\ADMIN.exe
* %Windir%\Connection Wizard.exe
* %Windir%\Cursors.exe
* %Windir%\Fonts.exe
* %Windir%\Help.exe
* %Windir%\Help\Tours.exe
* %Windir%\Installer.exe
* %Windir%\java.exe
* %Windir%\java\classes.exe
* %Windir%\java\trustlib.exe
* %Windir%\Media.exe
* %Windir%\Minidump.exe
* %Windir%\msagent.exe
* %Windir%\msagent\chars.exe
* %Windir%\msagent\intl.exe
* %Windir%\msapps.exe
* %Windir%\msapps\msinfo.exe
* %Windir%\Offline Web Pages.exe
* %Windir%\Prefetch.exe
* %Windir%\Provisioning.exe
* %Windir%\Provisioning\Schemas.exe
* %Windir%\Registration.exe
* %Windir%\Registration\CRMLog.exe
* %Windir%\Resources.exe
* %Windir%\Resources\Themes.exe
* %Windir%\system.exe
* %Windir%\system32.exe
* %Windir%\Tasks.exe
* %Windir%\Temp.exe
* %Windir%\Web.exe
* %Windir%\Web\ADMIN.exe
* %Windir%\Web\printers.exe
* %Windir%\Web\Wallpaper.exe
* %Windir%\WinSxS.exe
* %Windir%\WinSxS\InstallTemp.exe
* %Windir%\WinSxS\Manifests.exe
* %Windir%\WinSxS\Policies.exe

Then creates the following files:

* %Temp%\~DF48C2.tmp
* %Windir%\Tasks\02.job
* %Windir%\Tasks\03.job

The worm creates the following registry entries, so that it runs every time Windows starts:

* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[ORIGINAL THREAT FILE NAME].exe” = “%System%\[ORIGINAL THREAT FILE NAME].exe”
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[ORIGINAL THREAT FILE NAME].exe” = “%Windir%\[ORIGINAL THREAT FILE NAME].exe”

It then creates the following registry entries:

* HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\”#{8fc4ec46-5d05-11de-a71e-000bdb6eb35f}” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\”#{8fc4ec47-5d05-11de-a71e-000bdb6eb35f}” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\”#{8fc4ec48-5d05-11de-a71e-000bdb6eb35f}” = “[BINARY DATA]”

The worm creates registry entries under the following subkeys:

* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\A
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\B
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\E
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\S
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-329068152-343818398-1801674531\000003F1
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-329068152-343818398-1801674531\000003F2
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-329068152-343818398-1801674531\000003F3
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-329068152-343818398-1801674531\000003F4

The worm modifies the following registry entries:

* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\”F” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Groups\00000201\”C” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\”F” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\00000221\”C” = “[BINARY DATA]”

It then modifies registry entries under the following subkeys:

* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users
* HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-329068152-343818398-1801674531

Next, the worm deletes the following registry entries to disable access to the following drives:

* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{8f22faf6-bfd9-11da-8b64-806d6172696f}\”Drive Type” = “3″
* HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\”\DosDevices\C:” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\”\DosDevices\D:” = “[BINARY DATA]”
* HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices\”\DosDevices\E:” = “[BINARY DATA]”

The worm then copies itself to all removable drives and all network shares as the following file:
%DriveLetter%\[ORIGINAL THREAT FILE NAME].exe

The worm also creates the following files on all removable drives and network shares so that it executes whenever the drive is accessed:

* %DriveLetter%\autorun.inf
* %SystemDrive%\autorun.inf

The worm adds additional user accounts and attempts to gain privileges by adding itself to the administrator account.

How to remove ?

W32.Troresba - Removal

Symantec is warning about a mass-mailing worm that comes in an attachment pretending to be a Twitter invite.

Worm called W32.Ackantta.B@m is hidden inside invitation email which have attached .zip file with name “Invitation Card.zip”. If windows user will download, unzipp and run this file all emails will be scanned from victim computer and used to spamm invitations again.

Also please note that worm is using email invitation@twitter.com which is fake and if you receive any invitation from Twitter which have attached files please ignore this type of emails.

If you think that you got infected we recommend you to download Spyware Doctor which will remove this worm.

Nowadays when world is suffering from economic crisis number of credit cards fraud increased. Fraudsters using latest technologies to steal your credit card information. I will eaxplain few methods how to protect yourself from this type of fraud.

I know many of you shopping online in ebay, amazon, paypal and many more other online shops. First action which require more your attention is to check website URL example you received hot offer via email from ebay.com email looks simple, also inside email you probably will see and click the link which can look similar to ebay.com everythings looks good, but then you click on this link you will be redirected to example :  http://ebay.com.hot-offer.blabla.com.

So as you see you are now linked to ebay scam website which look same as ebay.com just in this one you will see lot of forms which asking your credit card details and SSN number. Every time when you receive suspicious email with some offer or urgent email which will ask you to update your details never click on link better got directly to website and login and you will see if you need to update or enter anything.

About URL’s they can’t look like this www.ebay.com.something.com normal url all the time have to have ebay.com before “/” example ebay.com/ can’t be something like this ebay.com.something.com/.

Next thing which you should know while shopping online that some old internet shops still don’t using merchants. Example when you make order your credit card information is encoded and saved inside shop database, but the problem is that hackers can easily hack in this databases and later decode this information and sell your credit card information to other internet criminals.  So if you not totally sure about how safe is internet shop in which you going to shop it is better to call them and ask how they charge your credit card.

Keylogger are malicious software which have only one functions which are to log and save every your keyboard click. You can be infected by this type of software by downloading cracked files or visiting unsafe website which are exploited or hacked.

Why it is so danger ?

The main and most important fact is that if hacker will get your keyboard log with example: you bank username,passwords,email password and many more you will lose all of them, also you can lose your money from your bank account. Nowadays keyloggers are most powerful private information stealing software. If you got infected all daily keyboard clicked buttons and visited website titles are saved inside files and later this files automatically are sent to hacker servers.

How to protect from keylogger ?

From my own experience I can say that the best protection is good firewall which will not allow to send this log files outside your computer and hacker will be not able to see what buttons you clicked on your keyboard.

The firewall is ZoneAlarm you can download it from here : Download ZoneAlarm

Why I like this firewall is because it have easy configuration, you can manualy configure which programs allow to connect to internet, also if keylogger will try to connect to internet firewall will ask you to allow or deny this connections.

Also someone can tell you that antivirus can delete keyloggers, but one important fact is that here is lot of undetectable keyloggers which antivirus will not detect, and here in help come firewall which don’t really check if file is keylogger or no,he just ask you to allow or deny connection so if you see file like ssdx.exe trying to connect to strange ip you should deny connection.

So this is the main information about keyloggers and the easiest way to protect from them.

Adware this is software which will install lot of advertisement inside your computer operating system.  Is it danger ? no we can’t really say if it is danger or not, here is too much types of adware in internet some of them can be danger and other not so danger.  But the main fact is that if you see too much advertisements and pop up’s while surfing internet or on desktop this mean you possible having adware in your PC.

What you can do now ? how to remove this advertisements from your computer ?

This really depends on what type of adware it is. You probably can check some processes in Task manager (ctrl+alt+del) this files some times can have names example: ffggfh.exe or something like that.If you don’t have good skills with PC managment I recommend you to do a free scan with Spyware Doctor which is great tool for spyware and adware detection.

I will try to explain what is spyware and how dangerous it is for our privacy.

There are many types of spyware, some are more dangerous other are not so dangerous for our computer and our privacy, but the main fact is that spyware is doing something wrong.
You are probably thinking how to protect from spyware, worms I will explain little about this issue.

First thing I will explain exacly what spyware are doing inside your PC and how you getting infected by this.

When you surfing in internet you probably downloading many files:music,videos,some other illegal cracked software. First place where spyware are hiding is in illegal software websites where you can download some cracks for software which you don’t want pay money for, example your photoshop license has expired and you probably will look for crack,you will download crack file,run it and YES ! you will receive correct cdkey for your photoshop and this will allow you to unlock that software and use it for free. But have you ever thinking happening when you run this crack file,your computer get spyware,some other files will be included in your computer without your permission.

This files will run every time when you will start your PC,and now I will explain main simthoms when you are infected by spyware:

- PC will run much more slower.
- You will see some advertisement appearing on your desktop, which will tell you what you have virus and you need to download antivirus to remove it. Some times you can see some sexual advertisements and many more other types of stupid advertisement.

Spyware are collecting your private data: websites which you are visiting, emails which you are using,and later this information are using for sending spamm emails.
Why people are developing this type of software like spyware,adware,trojans.They are doing this because this software earn really nice profit for spyware developers, some example:
When you have spyware and you see this advertisement on your desktop you probably click on them, so every time you click you  making $ for spyware developers.
So this is the main facts about spyware.