Banner

What is Alg.exe and What is its Function?

Do You Like This Post?

Alg.exe Process Summary:

Process Name:  Application Layer Gateway Service

Owner/Developer:  Microsoft Corp.

Part of : Microsoft Internet Connection Sharing (ICS)/Windows Firewall

Valid Location : C:/Windows/system32/      (How to Find Process Location)

Virus/Spyware Threat Alg.exe can be targeted – Needs to be in its Valid location.

What is Alg.exe?






Alg.exe in Task Manager

Alg.exe is a core process of Microsoft Windows OS XP as well as Windows Vista. Alg.exe facilitates the connection of various 3rd party application and programs with the Internet. Examples of such programs are your FTP software, IM clients etc. It works as a supplement with Windows Firewall and lets the applications communicate with the server via various TCP/UDP Ports present on the computer.

If you terminate the Alg.exe process the computers security protocol would shut down all the communication ports on your system and you would lose your internet connection.

Where is Alg.exe located:

The location of a specific process lets you know if the process is genuine and isn’t being run by a virus or spyware. The correct location of Alg.exe is C:/Windows/system32/ …… If located in another location chances are your computer is infected by a malware, which is trying to imitate the Alg.exe process. You can check the location of this process via the Windows Task manager in the “Processes” tab.
You can read the more about how to locate a processes in Windows XP and Vista. As shown in the image below, in Windows Vista you can simply right click on the process name and get to its location. Its not the same in Windows XP

image

How to confirm that Alg.exe on your computer isn’t compromised by Malware:

There are a few steps to check if the process you are looking at is a genuine process and isn’t a spyware.

The best way to do this is to use Sysinternals Process Explorer. It has a unique feature which lets you check if the process is indeed genuine. You can read more about downloading and using the Process Explorer here.

Open Process Explorer and locate Alg.exe in the listed processes. Right click on it and click on “Properties”. Click on the “Image Tab” in Properties window.

Alg.exe Properties Process Explorer - Unverified

Here it shows both the actual location of the process as well as tells us if the process has been digitally verified with the owner (in this case Microsoft Corp).As seen it says its not verified. Click on the verify button and Process Explorer will cross check with the Microsoft servers if the file that is being compared is a legitimate process and hasn’t been replaced or compromised in someway. Each process has a unique digital signature and if Process Explorer shows that the process has been verified you can be fairly certain that the process you see running is legitimate.

Alg.exe verified by Process Explorer

You can also view the verification status of a process in the main windows of Process Explorer. As you can see that the process has been verified, ason the extreme right corner, whereas others have not. Hence we can conclude that the Alg.exe process that is running in our Windows is genuine.

Verified Alg.exe in Process Explorer

If you have questions or more useful information about this process, fire away in the comments.

Related Posts with Thumbnails
Like This Post? Share it on your Favorite Social Network:

Windows 7 Themes Gallery
This post was originally written on November 2, 2010
Tagged with:     
  • KS

    Thanks a lot it was very helpful !!

  • http://www.vikitech.com Viki

    You're welcome. I am glad you found this post useful. :-)

  • BLACKPHOENIXRIZIN

    To just say thanx is so very weak, in comparison 2 the this most wonderful of giftz which u have so very freely given. I can not even begin 2 tell u the agony, suffering, frustration & just pure torture I've been going through in attempting 2 locate gold such as this 2 aid me in finding & getting rid of these monsters lurking in my machine. So as weak as it is, it'z all I've got 2 render unto u my good man or woman!…(smile). Just know that it truely comez with the sincerest & most heart felt gratitude 1 human came give 2 another, 4 selflessness is not something u see much now-a-dayz. So just keep on doin this extraordinary thing that u do raight, & I'll B around peace baby! 1LOVE!

    • http://intensedebate.com/people/Viki Viki

      Thank You for your very kind words.
      I am really happy that I was able to help you with the information that we post here. After reading such good words, I feel motivated to do more and write better. Keep visiting and letting us know if we are doing a good job. Your good words are the best reward we can get for our work. Thanks again.

  • BLACKPHOENIXRIZIN

    WUT UP VIK…(SMILE)…it'z me again (BLACKPHOENIXRIZIN). Got ur holla back, that wuz so yep-yep!…(LOL). And u r just so welcome. Listen vik, I have a question I'm hopin u can help me with. When u use (PROCESS EXPLORER) 2 find out exactly where a process is located does (EXPLORER) also tell u if that process is a virus or not? And if it doesn't wut tell tale signs can u go by 2 tell if a process is legit or a virus? Will b waiting 2 hear from u soon, ur new pal (BLACKPHOENIXRIZIN) peace my lady…(wink,smile). Also vik, when u send an email how does 1 go about repling back 2 u directly? I wanted 2 reply directly 2 ur response 2 me, I saw the reply box but could figure out just how 2 send it! (HELP)? (SMILE) Peace ;-)

    • http://www.vikitech.com Viki

      Hello BLACKPHOENIXRIZIN,

      I'm happy to see you back so soon. Hope you are liking the new posts we have been writing. :)

      As for your question – Process Explorer is just one (incredible) tool that can help you understand if a process is valid or malware. There are more, which can help you find as well as prevent installation of such stuff on your PC, about which I would writing pretty soon and would ask you to check the upcoming posts.

      Since you asked for the signs – There are 3 common signs:
      1) When you locate the process – its not really where it should be: The virus/malware would always install these programs in a different location, since Windows does not allow them to overwrite the original service.

      2) Its impossible or at least very difficult to end such a process: If a process is valid, it would close down in a jiffy, however, a malware would not let its process close down, no matter how hard you try.

      3) There are multiple instances of same process running in the Task manager: Some genuine processes like "Svchost.exe" do run multiple instances. But in Process Explorer you can verify the software/company it belongs to. If you see several processes with similar names without association with any software – thats a sign of trouble.

      The email you got was a notification of my reply to your comment. All you need to do in that email is to hit reply and write a response like you are writing an email reply. It would automatically be posted a reply of my latest comment. Hope that clears it up. If you need any assistance, I would be happy to help. Cheers! :)

      PS: It would be easy for you to comment if you sign up with IntenseDebate.com – its the comment system I use on this blog. 

  • http://security-wire.com/ Remove Spyware

    Your article is really well-written.

  • http://www.facebook.com/Naresh006 NAresh Babu

    usefull

More in KB (6 of 8 articles)