Tuesday, February 9th 2010, 1:11pm UTC+1

You are not logged in.

  • Login
  • Register

[Solved] C:\WINDOWS\system32\alg.exe

  • 1
  • 2

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



1

Tuesday, August 25th 2009, 7:18am

C:\WINDOWS\system32\alg.exe

My events-list indicates below activity of my Avira-firewall at login:

Blocked application:
Local IP: 127.0.0.1
Local Port: 6660
Remote IP: 0.0.0.0
Remote Port: 0
Action Code: Act as server
Application Path: C:\WINDOWS\system32\alg.exe
User: Lokale service

Why is that?? and should I do something about it??
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



2

Tuesday, August 25th 2009, 8:54am

Hi,
Please look for the OTCFG.bin file - you can find it here C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop
After you find it please upload it to a website (e.g. rapidshare.com) and post here the link.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



3

Tuesday, August 25th 2009, 9:28am

http://rapidshare.com/files/271196099/OTCfg.bin.html

Rgds, cvb
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



4

Tuesday, August 25th 2009, 9:37am

Hi,
You have this process on deny:

Found App \Device\HarddiskVolume2\WINDOWS\system32\alg.exe
App flags: [ ] [ ] [ ]
MD5 Change count: 0
MD5 [ 0xda 0xb2 0xa8 0x9f 0xde 0x5c 0xf7 0x91 0x16 0x12 0x0 0xd9 0xc 0x1b 0xcb 0x12 ]
App-User object: [ \Device\HarddiskVolume2\WINDOWS\system32\alg.exe, S-1-5-19 ]
AppUser [ \Device\HarddiskVolume2\WINDOWS\system32\alg.exe, S-1-5-19 ] Settings:
ClientContext 0x80000000
MD5ChangedCount 0
TCPConnect: Deny
Send: Deny
Recv: Deny
Listen: Deny
CodeInj: Deny
AdvancedMode: No
Privileged: Yes

Please change it to allow in the firewall configuration.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



5

Tuesday, August 25th 2009, 11:33am

Hi,
Has added alg.exe and rebooted.
However: firewall has blocked again and now the avira-umbrella does not unfold.
See http://rs318l3.rapidshare.com/cgi-bin/upload.cgi?rsuploadid=159076423031426097 for a screenprint of application rules (alg=applic...).
What about filtered and ask??
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



6

Tuesday, August 25th 2009, 11:43am

Hi,
Please give me another link, the one that you already posted gives me an error.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



7

Tuesday, August 25th 2009, 12:07pm

Hi,
Link is http://rapidshare.com/files/271240391/alg2.bmp.html
After rebooting again umbrella unfolds as usual.
'Events' still shows message as in my 1st post.
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



8

Tuesday, August 25th 2009, 12:11pm

Hi,
You should set the action for alg.exe to allow.

Regarding the privileged and filtered mods, please take a look here.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



9

Tuesday, August 25th 2009, 12:17pm

Of course, succeeded!
Thx
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



10

Wednesday, August 26th 2009, 6:58am

Hi,
Alg.exe is still been blocked, also at allow, privileged.
Pls advise.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



11

Wednesday, August 26th 2009, 7:54am

Quoted from "cvb"

Hi,
Alg.exe is still been blocked, also at allow, privileged.
Pls advise.
No positives at check with virustotal.com
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



12

Wednesday, August 26th 2009, 8:26am

Hi,
You can try this procedure - please be aware that this will bring the firewall configuration to the default one:

disable process protection (from Configuration -> General -> Security -> untick Protect [...] from unwanted termination), then stop the Firewall service (from Start -> Run -> Services.msc), then go to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop and remove the following files:

imcfg.xml
imcfg.bin
otcfg.bin
customimcfg.xml

then restart the computer and you will get the default configuration. You will probably want to enable process protection again.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



13

Wednesday, August 26th 2009, 9:16pm

Quoted from "Alexandru Frigioiu"

then stop the Firewall service (from Start -> Run -> Services.msc)
Do you mean delete Avira firewall from my Services-list, screenprint: http://rapidshare.com/files/271828789/services.JPG.html ??
Regards, cvb
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



14

Wednesday, August 26th 2009, 9:50pm

Quoted from "cvb"

Quoted from "Alexandru Frigioiu"

then stop the Firewall service (from Start -> Run -> Services.msc)
Do you mean delete Avira firewall from my Services-list, screenprint: http://rapidshare.com/files/271828789/services.JPG.html ??
Regards, cvb
Change start-up type Avira firewall to 'disabled'??
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



15

Thursday, August 27th 2009, 9:13am

Hi,
Just click on the "Stop" button.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



16

Friday, August 28th 2009, 6:47am

Hi,
After performing the procedure as indicated I still get the message that alg.exe has been blocked.

Through Google I found this thread on the internet: http://social.microsoft.com/Forums/en-US/onecarefirewall/thread/eef43154-0c90-40f3-9e71-b89da3541ab3
In a post in this thread on October 24, 2008 3:55 PM it is suggested to disable alg.exe; do you have any comments on this??
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



17

Friday, August 28th 2009, 8:25am

Hi,
I don't recommend you to stop this service. Please upload again the otcfg.bin file and give me the link.
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



18

Friday, August 28th 2009, 8:31am

http://rapidshare.com/files/272459982/OTCfg.bin.html
rgds, cvb
  • Go to the top of the page

Alexandru Frigioiu

Avira GmbH

Date of registration:
Dec 8th 2008


Version: Avira Prem. Security Suite


Operating System: XP and VISTA



19

Friday, August 28th 2009, 8:41am

Hi,
Well ... it's still on deny:

Found App \Device\HarddiskVolume2\WINDOWS\system32\alg.exe
App flags: [ ] [ ] [ ]
MD5 Change count: 0
MD5 [ 0xda 0xb2 0xa8 0x9f 0xde 0x5c 0xf7 0x91 0x16 0x12 0x0 0xd9 0xc 0x1b 0xcb 0x12 ]
App-User object: [ \Device\HarddiskVolume2\WINDOWS\system32\alg.exe, S-1-5-19 ]
AppUser [ \Device\HarddiskVolume2\WINDOWS\system32\alg.exe, S-1-5-19 ] Settings:
ClientContext 0x80000000
MD5ChangedCount 0
TCPConnect: Deny
Send: Deny
Recv: Deny
Listen: Deny
CodeInj: Deny
AdvancedMode: No
Privileged: Yes
  • Go to the top of the page

cvb

Date of registration:
Jul 23rd 2009


Version: Avira Prem. Security Suite


Operating System: XP


Location: the Netherlands, Etten-Leur



20

Friday, August 28th 2009, 9:00am

Hi,
Accg to Application Rules, screenprint, http://rapidshare.com/files/272468925/alg.JPG.html
alg is privileged, allowed.
  • Go to the top of the page
  • 1
  • 2