I think I might have a virus/spyware infection on my sbs2003 server and would like to verify a few services I am not sure about. I compared to a few other sbs2003 servers and I don't see these. Do they look like normal/valid apps ? The server was almost stalled this morning even after having shutdown most of the non-essential services.
- Appication Layer Gateway Server 21115012 (C:\WINDOWS\system32\svchost.exe /k netsvcs)
- Appication Layer Gateway Service (C:\WINDOWS\system32\alg.exe)
- Appication Layer Gateway Serviec (C:\WINDOWS\temp\svehost.exe)
(this last one worries me a lot: misspelling, temp folder, svehost.exe)
I am running a scan on these with malwarebytes/hijackthis/superantispyware