removal of algg.exe

[jacky]

I have the following Softwares on my computer:

• McAfee Security Center 8.1,
• Virus scan 12.1
• personal firewall 9.1.

MY operating system is windows XP media center edition .recently when i scan my pc for Virus some files was identified as "New Malware.ab",but cannot not be deleted. These files were located at C:\windows\system32\algg.exe and C:\windows\system32\algg.exe\algg.exe . I tried using Ad Aware and SuperAntispyware, but when I scanned with McAfee again it was still there. Help! thanks in Advance

[DAIJIRO]

Algg.exe is Trojan/Backdoor.
Kill the process algg.exe and remove algg.exe from Windows startup.

[jacky]

My Friend says that he knows the location of the file and thinks it can be deleted easily , but he is not an expert. Is that a potentially dangerous thing to do? Thanks you for your Help

[Gagnesh]

The file "algg.exe" is known to be created under the following filename:
%System%\algg.exe

Note: %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

[Damin]

yup Here some info about that File

Algg.exe is an executable file of Trojan.Zlob. This program uses scare tactics, such as falsified scan reports, pop-ups and system notifications, to get users to buy the fake full version.

Location : %System%
Type : Rogue Software, Trojan Horses
Dangerous : YES
Removal : Immediately

[Marlon]

My Friend says that he knows the location of the file and thinks it can be deleted easily , but he is not an expert. Is that a potentially dangerous thing to do? Thanks you for your Help

Set a system restore point and then try it. You can always then go back to just before he did it if things go wrong.

[Damin]

File Behavior

1. ALGG.EXE has been seen to perform the following behavior:
2. The Process is packed and/or encrypted using a software packing process
3. Executes a Process
4. This Process Creates Other Processes On Disk
5. This Process Deletes Other Processes From Disk
6. Adds a Registry Key (RUN) to auto start Programs on system start up
7. Changes the Internet Explorer Search Page
8. Registers a Dynamic Link Library File
9. Terminates Processes
10. Creates new folders in the file system
11. Creates a Toolbar Extention for Internet Explorer
12. Creation and Registration of a Browser Helper Object in Internet Explorer
13. This Process is a file infector which modifies program files to include a host a copy of the infection
14. Enables an In Process Object/Server - Common with DLL Injections
15. This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list

ALGG.EXE has been the subject of the following behavior:

1. Executed from Temporary Folders
2. Created as a process on disk
3. Executed as a Process
4. Has code inserted into its Virtual Memory space by other programs
5. Added as a Registry auto start to load Program on Boot up
6. Deleted as a process from disk
7. Copied to multiple locations on the system
8. Terminated as a Process
9. Registered as a Dynamic Link Library File

[jacky]

McAfee quarantined the files before my friend got home. Prior to that time, McAfee had identified the infection, but could not remove it. Having read the last reply here and looked at the web sites listed, I was wondering if I should run the scans on the two sites. I was hoping that the quarantine had taken care of everything. Thanks again for the help!

[grizz699]

did you try malwarebytes.
usually pretty good at removing those nasties.