Warning about a fake alg.exe

Discussion in 'malware problems & news' started by Socio, Nov 16, 2010.

Thread Status:
Not open for further replies.
  1. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    169
    I found something on my system that goes undetected, by Kav at least, so I thought I would give a heads up so others could check for it on there system.

    I upgraded both Kav and my Outpost firewall to the latest versions over the weekend. After doing so I kept getting an unhandled exception error with .NET Framework in about 2 minute intervals. After troubleshooting it I found that I had a file named alg.exe residing in program files\common files folder the file details mention CPAX20 and the company sornsoft and shows as an "Application Layer Gateway" in running processes that was causing the problem.

    I am not sure what it is, i.e virus, malware, trojan etc.. nor what it does however the fact that is using the same name as the legitimate alg.exe that resides in the Windows\System32 folder it can't be a good thing.To make matters worse I have known that particular exe has been on my system for a long time as I have seen it my running processes and never gave it a second thought assuming it was the real Microsoft alg.exe running.

    To see if you have it look for a file called alg.exe in C:\program files\common files and check the file details in properties (Do not use search to find the file as this will find the legitimate Microsoft version of the alg.exe which is part of Windows and resides in the system32 folder) If you have it you need to shut it's running process down in task manager and delete it, as added insurance you might want to find and remove its start up line in the registry, I just used CCleaner to remove it from start up.
     
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    Last edited: Nov 16, 2010
  3. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    169
    Thanks for the info;

    If it was malicious Kaspersky never caught it, and malicious or not it can cause issues like the error I was getting so people may want to check for it and get rid of it anyway.
     
Loading...
Thread Status:
Not open for further replies.