Warning about a fake alg.exe

I found something on my system that goes undetected, by Kav at least, so I thought I would give a heads up so others could check for it on there system.

I upgraded both Kav and my Outpost firewall to the latest versions over the weekend. After doing so I kept getting an unhandled exception error with .NET Framework in about 2 minute intervals. After troubleshooting it I found that I had a file named alg.exe residing in program files\common files folder the file details mention CPAX20 and the company sornsoft and shows as an "Application Layer Gateway" in running processes that was causing the problem.

I am not sure what it is, i.e virus, malware, trojan etc.. nor what it does however the fact that is using the same name as the legitimate alg.exe that resides in the Windows\System32 folder it can't be a good thing.To make matters worse I have known that particular exe has been on my system for a long time as I have seen it my running processes and never gave it a second thought assuming it was the real Microsoft alg.exe running.

To see if you have it look for a file called alg.exe in C:\program files\common files and check the file details in properties (Do not use search to find the file as this will find the legitimate Microsoft version of the alg.exe which is part of Windows and resides in the system32 folder) If you have it you need to shut it's running process down in task manager and delete it, as added insurance you might want to find and remove its start up line in the registry, I just used CCleaner to remove it from start up.

 

judging by the search results for CPAX20 this piece seems to be well known and discussed about since November 2009 (or even back to 2007). if malicious your AV should have captured it, latest when executed

https://www.pay-per-install.org/general-discussion/6548-sornsoft.html

 

Thanks for the info;

If it was malicious Kaspersky never caught it, and malicious or not it can cause issues like the error I was getting so people may want to check for it and get rid of it anyway.