PDA

View Full Version : Nurech



Sarin
2008-10-09, 11:58
Hey, i have been diagnosed with nurech in my latest spybot scan. following is a HiJackThis log. any help in the removal of it would be much apreciated.

also, when i pressed 'alt control delete' i found a programe running called alg.exe, after googling this i was told it is some nasty, spybot did not find this.

thanks

Logfile of Trend Micro HijackThis v2.0.2

Tom.K
2008-10-09, 20:45
alg.exe is a system file. Where did you found that the file is dangerous?
Info:


The Application Layer Gateway Service is a subcomponent of the Windows networking subsystem. It provides support for plug-ins that allow network protocols to pass through the firewall and work behind Internet connection sharing. Application Layer Gateway (ALG) plug-ins can open ports and change data that is embedded in packets, such as ports and IP addresses. File Transfer Protocol (FTP) is the only network protocol that has a plug-in included with Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition.
The ALG FTP plug-in is designed to support active FTP sessions through the Network Address Translation (NAT) engine that is included with Windows. To do this, the ALG FTP plug-in redirects all traffic that passes through the NAT and that is destined for port 21 to a private listening port in the 3000-5000 range on the loopback adapter. The ALG FTP plug-in then monitors/updates traffic on the FTP control channel so that the FTP plug-in can plumb port mappings through the NAT for the FTP data channels. The FTP plug-in will also update ports in the FTP control channel stream.
If the Application Layer Gateway Service stops, network connectivity for the referenced protocols will be unavailable and adversely affect the network. For example, if you disable this service the Windows Messenger and MSNŽ Messenger instant messaging applications will fail.
(From http://www.microsoft.com/technet/sec.../tcgch07n.mspx (http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch07n.mspx))

Note: Please do NOT post hjt logs in the Spybot forum, see here for link to malware removal (http://forums.spybot.info/showthread.php?t=1266)

Sarin
2008-10-10, 04:13
sorry , i must of gone to the wrong forum