hidden registry file in avira scan.. how to find out its cause?

  theDarkness 11 Oct 11
Locked
Answered

This was shown after a full Avira scan as hidden:-

HKEYLOCALMACHINE\Software\Microsoft\DbgagD\1\value

How can I find out where its likely to have come from-or if its of any concern? Its not looking good when I google it up and am finding some infected users, although Avira admittedly didnt pick anything else up. After this I updated malwarebytes and ran a full scan with that also. It found malware, but it was my wirelesskeyviewer.exe. Even if ignored, after I update malwarebytes it sometimes get picked up again as malware, a false positive-to be expected with similar aspects to what real malware would do-look for valuable program related details. Its also stated on its official website in the FAQ first post how it can be picked up. http://www.nirsoft.net/utils/wirelesswepkey_faq.html

Nothing else was found in malwarebytes, so is my hidden registry key at the top (detected in only avira as a hidden entry) to be of any concern? I am trying to find out what Microsoft/DbgagD/1 usually relates to, eg if its related to one particular program, but have not had much luck yet :( thanks if anyone can help :)

  gengiscant 11 Oct 11

It looks like it might be a virus. Google

  theDarkness 11 Oct 11

It has appeared on many supposedly infected systems, but so do alot of other registry entries. Admittedly most of the posts I have found mentioning it, were suspect of it, and posted within the last few days. So far no antivirus programs state that this hidden registry entry is unwanted material or malware. I have had hidden entries detected before that did no damage. There seems to be no way of finding out what the entry could be connected with, and if its something that should be deleted. If so then Ill need to find out the best method of deletion if it turns out to be something I definately dont want.

Aside from my wirelesskey checking program, a fully updated malwarebytes did not find this hidden registry entry (or at least did not give me any related warnings). thanks

  theDarkness 11 Oct 11

update:-Ill need to find a good tool to show this hidden entry-I use 'regedit' and when I click on the location I get "cannot be opened. an error is preventing this key being opened." but instead of "details: this key is protected" or similar, I get "the system cannot find the file specified".

  theDarkness 04 Nov 11

one last post-Ive reinstalled windows, and the exact same registry entry has appeared yet again, in the same place. Although Ive created system restore points whilst updating windows, I am unable to restore to any set dates (eg before any windows update), as after the restoration Im given a general message saying that there was an issue and it couldnt go back to my set date. All I did after the reinstall of windows, was update it, and then install office 2007. The same registry entry shows once again as being non deletable/unreadable, as if corrupt? One of the folders in the registry under this DbgagD entry is called "1", and when I click on it, windows states that it cannot find the file specified, so I dont know whether to bother ignoring this entry from now on as just corrupt, or constantly reinstall windows until I work out what program could be causing the entry to appear :( i tried RegDelNull but in vista it would immediately state that the scan was finished upon clicking, so im looking for a similar tool that can remove registry entries with corrupt or null-embedded characters

  robin_x 04 Nov 11

1st item here shows how to set up logging/events for it.

Maybe of use?

  theDarkness 04 Nov 11

that was me :) ive found very little on it so far, DbGagD seems to be some sort of generic term, as other users have also been suspicious of it, located at [HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

With my own value at Software\Microsoft in the registry, I cant do a system restore, but that could also be down to the protection software and not the suspicious registry file (I have avira and comodo installed). When I try a restore before the registry entry appeared, I get this:- http://img193.imageshack.us/img193/5453/unledlts.jpg

The bottom image is when I try and log off and in again as another user, im not sure if its related or not, but its been happening over the past few days too (the same time as the above registry entry reappearing-but that could be a coincidence). Im not sure what to do other than reinstall for the 3rd time and install nothing at all aside from windows updates (or just office updates) to see if thats the main cause. I cant remove the registry entry at all-that probably annoys me more than the possible fact that it (might not) be an infection :)

  robin_x 04 Nov 11

I have found my Avira has caused Restores to fail and then succeeded when I disabled the Real Time Guard.

Dunno if yo want to try that.

  rdave13 04 Nov 11

Reading your other posts on other forums it looks like Avira is sending false positives. Combofix fixed you alright and you reinstalled. Wait for Avira's next update to see if this reg file is still being prompted. It might be Avira picking up its own files?

  theDarkness 04 Nov 11

Im using the free versions of avira and comodo. It could well be aviras updates adding uneditable/undeletable registry entries if its not microsofts own, but I have noticed DbgagD files from as far back as 2007 on google. I know avira is supposed to be one of the best free antivirus programs, but with the current COMCTL32.dl issue-ive just had this when trying to update avira and trying to check to see if real time guard is running. That indicates to me that avira could be the culprit, with the COMCTL32 driver at least. I might try another antivirus program for the time being. I think ill leave office 2007 (and all other major programs) off the system too until vista is fully up to date, to see if the same registry entry appears again. I thought comodo may have been more likely at blocking my system restores, as some websites state it can be an awkward program and block necessary processes etc, but avira seems to be the only one thats actually playing up. If I cant get a system restore, then perhaps after a reinstall I should try replacing the firewall too. Zonealarm is the only one that ive had issues with in the past (switching off on its own) but that was a long time ago :) thanks

  rdave13 04 Nov 11

If you're running Vista then its own firewall is OK. Consider dumping Comodo and Avira and try Avast free for a while. Make sure you use the tools needed to uninstall these if applicable. Use Javacools Spywareblaster as a blocker and the usual Malwarebytes and SAS as free antimalware manual scanners. See how you get on.

Then go to regedit then Edit, then Find and paste HKEYLOCALMACHINE\Software\Microsoft\DbgagD\1\value, or other parts thereof to see if something comes up.

Advertisement

This thread is now locked and can not be replied to.

Should I upgrade to Windows 10? 8 reasons why you should upgrade to Windows 10... and 2 why you…

We are being sold the ability to spend money we don't have. And we love it

Encore creates eerie effects for Spielberg's new TV show The Whispers

How to use Apple Music in the UK: Complete guide to Apple Music's features

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message