Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

alg.exe - Application Layer Gateway


  • Please log in to reply

#1
ssilk

ssilk

    Member

  • Member
  • PipPip
  • 38 posts
I've just started going through my startup list in detail, to try & remove any unnecessary items.
The first item is "Application Layer Gateway Service," with manufacturer "Microsoft Corporation."

In the CastleCops startup files database, it says this is added by W32.LINKBOT.M.
However, there are debates on other sites over whether this is legit or not. A few sites say it is legit if it's in the System32 folder, and not if elsewhere.
I did a search, and on my computer it is only found in C:\I386.

Any ideas? I can post a HijackThis log if that might help.
Incidentally, none of AVG, Spybot, Trojan, ZoneLabs, and Trend Housecall have picked this up as a problem.
Thanks.
  • 0

Advertisements


#2
pogonici

pogonici

    Member

  • Member
  • PipPip
  • 14 posts
""Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall." This can be disabled if you are not using Internet Connection Sharing or the built-in Windows firewall."
  • 0

#3
ssilk

ssilk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks.
I've just been reading up on it myself, and here are all the details:

There's one called "Application Layer Gateway Service" with filename alg.exe. This is legit, and is described by your quote.

There's another called "ALG.EXE" with filename iexplorer.exe. This is added by the W32/Demotry-B worm. This worm also adds the following registry key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ALG.EXE
"iexplorer .exe"

More details can be found here.

-Simon
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP