Organizing Windows alg.exe information

Process File: alg.exe
Process Name: Application Layer Gateway Service
Process Category: Other Processes
English Description:
alg.exe is a part of the Microsoft Windows operating system. It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall. This program is important for the stable and secure running of your computer and should
Chinese reference:
alg.exe is Microsoft The program that comes with the Windows operating system. It is used to handle Microsoft Windows network connection sharing and network connection firewall. Application Gateway Service, which provides support for third-party protocol plug-ins for Internet Connection Sharing and Windows Firewall. This process is a Windows system service. This program is very important for the normal operation of your system.
Producer: Microsoft Corp.
belongs to: Microsoft Windows Operating System
If this file is in C:\\windows\\alg.exe:
This is a virus sample eraseme_88446.exe released to the system .
C:\\windows\\alg.exe sneak into the system, the next time you boot, you will encounter 1-2 blue screen restarts.

Features:
1, C:\\windows\\alg.exe is registered as a system service to achieve boot load.
2, C:\\windows\\alg.exe controls the winLogon.exe process. Therefore, the C:\\windows\\alg.exe process cannot be terminated under WINDOWS.
3, in the "ports" list of IceSword can be seen C:\\windows\\alg.exe open 5-6 ports to access the network.
4, C:\\windows\\alg.exe modify the system files ftp.exe and tftp.exe. Compared with the original system file, the ftp.exe and tftp.exe file sizes after the virus change are unchanged, but the MD5 values ​​are changed to 09d81f8dca0cbd5b110e53e6460b0d3b. The original normal files ftp.exe and tftp.exe are renamed to backup.ftp and backup.tftp, and are stored in the C:\\WINDOWS\\system32\\Microsoft\\ directory.

Manual anti-virus process:
1, clean up the registry:
(1) Expand: HKLM\\System\\CurrentControlSet\\Services
Delete: Application Layer Gateway Services (point to C:\\windows\\ Alg.exe)

(2) Expand: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon
Change the value of SFCDisable to dword:00000000

(3)Expand :HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon
Delete: "SFCScan"=dword:00000000

(4) Expand: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions
Delete: "v7b5x2s1i4h3"="12/15/2006, 01:26 PM"

2, restart the system. Show hidden files.
3, delete C:\\windows\\alg.exe.
4, in the C: \\ WINDOWS \\ system32 \\ Microsoft \\ directory to find backup.ftp, renamed ftp.exe; find backup.tftp, renamed tftp.exe. Then, drag and drop ftp.exe and tftp.exe into the system32 folder, overwriting the ftp.exe and tftp.exe that have been overwritten by the virus.
What is the virus alg.exe?
Normal alg.exe is a program that comes with Windows, but it may be infected by a virus or disguised;
alg - alg.exe - Process information
Process file: alg or alg.exe
Process Name: Application Layer Gateway Service
Description:
alg.exe is a program that comes with the Microsoft Windows operating system. It is used to handle Microsoft Windows network connection sharing and network connection firewall. This program is very important for the normal operation of your system.

C:\\windows\\alg.exe Virus:
This is a virus sample eraseme_88446.exe (sample from "Jianmeng") released into the system. Rising's virus database today is not reported.
C:\\windows\\alg.exe sneak into the system, the next time you boot, you will encounter 1-2 blue screen restarts.

Features:
1, C:\\windows\\alg.exe is registered as a system service to achieve boot load.
2, C:\\windows\\alg.exe controls the winLogon.exe process. Therefore, the C:\\windows\\alg.exe process cannot be terminated under WINDOWS.
3, in the "ports" list of IceSword can be seen C:\\windows\\alg.exe open 5-6 ports to access the network.
4, C:\\windows\\alg.exe modify the system files ftp.exe and tftp.exe. Compared with the original system file, the ftp.exe and tftp.exe file sizes after the virus change are unchanged, but the MD5 values ​​are changed to 09d81f8dca0cbd5b110e53e6460b0d3b. The original normal files ftp.exe and tftp.exe are renamed to backup.ftp and backup.tftp, and are stored in the C:\\WINDOWS\\system32\\Microsoft\\ directory.

Manual anti-virus process:
1, clean up the registry:
(1) Expand: HKLM\\System\\CurrentControlSet\\Services
Delete: Application Layer Gateway Services (point to C:\\windows\\ Alg.exe)

(2) Expand: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon
Change the value of SFCDisable to dword:00000000
(3) Expand: HKEY_LOCAL_MACHINE\\ SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon
Delete: "SFCScan"=dword:00000000

(4) Expand: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions
Delete: "v7b5x2s1i4h3"="12/15/2006, 01:26 PM"
2, restart the system. Show hidden files.
3, delete C:\\windows\\alg.exe.
4, in the C: \\ WINDOWS \\ system32 \\ Microsoft \\ directory to find backup.ftp, renamed ftp.exe; find backup.tftp, renamed tftp.exe. Then, drag and drop ftp.exe and tftp.exe into the system32 folder, overwriting the ftp.exe and tftp.exe that have been overwritten by the virus.