This one has me close to despair.
I recently had some kind of malware infestation. WinXP 32, fully up to date. Avast/ZA etc. I noticed, comparing with another three computers that this one had a process, alg.exe, running. A search revealed that this is sometimes associated with malware, however the source file was in system32, as it should be. Symptoms included keyboard remapping, multiple object selection etc. Killing the process restored normal functioning.
So I rebuilt the PC from scratch.
Then, without thinking, I reconnected a drive that had been used for backup previously when the PC had been configured in “dynamic disc” mode (don’t ask…) On rebooting this immediately reinfected the PC. Or so I thought.
So I rebuilt it again. Full low-level format etc. No internet connection except Win update activity using (I think) IE 6n with Win firewall on. Added Avast, ZA, Chrome etc. Started using the PC. Within 24 hrs, SAME SYMPTOMS! Tear out remaining hair.
NOTHING identifies this malware - tried boot-time scans, online scans from other AV suppliers etc.
I would appreciate some help as I really don’t want to spend another couple of days rebuilding this PC - possibly to no useful result. I searched this site and found a couple of references to this process however I’d like to start from a blank sheet.
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log )
Prozess Name: Application Layer Gateway Service
Produkt: Windows XP
Firma: Microsoft
Datei: alg.exe
Path: C:\Windows\System32
This is a Windows service. Description: Part of Internet Connection Sharing application and Internet Connection Firewall for Windows XP. This service provides support for third party protocol plug-ins for the Internet Connection Sharing application and Internet Connection Firewall.
Also used for Windows Firewall.
This is a Windows service. …
Unsuspicious and harmless.
[/quote]
Read up some more. Like many other “harmless” processes it’s sometimes emulated by malware. Or so many people say. Additionally, of 4 pc’s here (3 on XP, one on Win7/64) this is the only one which displays this process. Killing it usually resumes normal service. Hmm.
I’ll follow someone else’s advice but thanks for the observation.
Roy
Yep, that’s it. If you stop ICS (should you run internet connection sharing) and the firewalls (to include WinXP FW), then alg.exe should automatically disappear.