Tech Helproom
It's free to register, to post a question or to start / join a discussion
hidden registry file in avira scan.. how to find out its cause?
Likes # 0
Posted October 11, 2011 at 2:08PM
This was shown after a full Avira scan as hidden:-
HKEYLOCALMACHINE\Software\Microsoft\DbgagD\1\value
How can I find out where its likely to have come from-or if its of any concern? Its not looking good when I google it up and am finding some infected users, although Avira admittedly didnt pick anything else up. After this I updated malwarebytes and ran a full scan with that also. It found malware, but it was my wirelesskeyviewer.exe. Even if ignored, after I update malwarebytes it sometimes get picked up again as malware, a false positive-to be expected with similar aspects to what real malware would do-look for valuable program related details. Its also stated on its official website in the FAQ first post how it can be picked up. http://www.nirsoft.net/utils/wirelesswepkey_faq.html
Nothing else was found in malwarebytes, so is my hidden registry key at the top (detected in only avira as a hidden entry) to be of any concern? I am trying to find out what Microsoft/DbgagD/1 usually relates to, eg if its related to one particular program, but have not had much luck yet :( thanks if anyone can help :)
Likes # 0
Posted October 11, 2011 at 6:27PM
It has appeared on many supposedly infected systems, but so do alot of other registry entries. Admittedly most of the posts I have found mentioning it, were suspect of it, and posted within the last few days. So far no antivirus programs state that this hidden registry entry is unwanted material or malware. I have had hidden entries detected before that did no damage. There seems to be no way of finding out what the entry could be connected with, and if its something that should be deleted. If so then Ill need to find out the best method of deletion if it turns out to be something I definately dont want.
Aside from my wirelesskey checking program, a fully updated malwarebytes did not find this hidden registry entry (or at least did not give me any related warnings). thanks
Likes # 0
Posted October 11, 2011 at 6:38PM
update:-Ill need to find a good tool to show this hidden entry-I use 'regedit' and when I click on the location I get "cannot be opened. an error is preventing this key being opened." but instead of "details: this key is protected" or similar, I get "the system cannot find the file specified".
Likes # 0
Posted November 4, 2011 at 8:48PM
one last post-Ive reinstalled windows, and the exact same registry entry has appeared yet again, in the same place. Although Ive created system restore points whilst updating windows, I am unable to restore to any set dates (eg before any windows update), as after the restoration Im given a general message saying that there was an issue and it couldnt go back to my set date. All I did after the reinstall of windows, was update it, and then install office 2007. The same registry entry shows once again as being non deletable/unreadable, as if corrupt? One of the folders in the registry under this DbgagD entry is called "1", and when I click on it, windows states that it cannot find the file specified, so I dont know whether to bother ignoring this entry from now on as just corrupt, or constantly reinstall windows until I work out what program could be causing the entry to appear :( i tried RegDelNull but in vista it would immediately state that the scan was finished upon clicking, so im looking for a similar tool that can remove registry entries with corrupt or null-embedded characters
Likes # 0
Posted November 4, 2011 at 9:44PM
1st item here shows how to set up logging/events for it.
Maybe of use?
Likes # 0
Posted November 4, 2011 at 10:22PM
that was me :) ive found very little on it so far, DbGagD seems to be some sort of generic term, as other users have also been suspicious of it, located at [HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
With my own value at Software\Microsoft in the registry, I cant do a system restore, but that could also be down to the protection software and not the suspicious registry file (I have avira and comodo installed). When I try a restore before the registry entry appeared, I get this:- http://img193.imageshack.us/img193/5453/unledlts.jpg
The bottom image is when I try and log off and in again as another user, im not sure if its related or not, but its been happening over the past few days too (the same time as the above registry entry reappearing-but that could be a coincidence). Im not sure what to do other than reinstall for the 3rd time and install nothing at all aside from windows updates (or just office updates) to see if thats the main cause. I cant remove the registry entry at all-that probably annoys me more than the possible fact that it (might not) be an infection :)
Likes # 0
Posted November 4, 2011 at 10:26PM
I have found my Avira has caused Restores to fail and then succeeded when I disabled the Real Time Guard.
Dunno if yo want to try that.
Likes # 0
Posted November 4, 2011 at 11:10PM
Reading your other posts on other forums it looks like Avira is sending false positives. Combofix fixed you alright and you reinstalled. Wait for Avira's next update to see if this reg file is still being prompted. It might be Avira picking up its own files?
Likes # 0
Posted November 4, 2011 at 11:35PM
Im using the free versions of avira and comodo. It could well be aviras updates adding uneditable/undeletable registry entries if its not microsofts own, but I have noticed DbgagD files from as far back as 2007 on google. I know avira is supposed to be one of the best free antivirus programs, but with the current COMCTL32.dl issue-ive just had this when trying to update avira and trying to check to see if real time guard is running. That indicates to me that avira could be the culprit, with the COMCTL32 driver at least. I might try another antivirus program for the time being. I think ill leave office 2007 (and all other major programs) off the system too until vista is fully up to date, to see if the same registry entry appears again. I thought comodo may have been more likely at blocking my system restores, as some websites state it can be an awkward program and block necessary processes etc, but avira seems to be the only one thats actually playing up. If I cant get a system restore, then perhaps after a reinstall I should try replacing the firewall too. Zonealarm is the only one that ive had issues with in the past (switching off on its own) but that was a long time ago :) thanks
Likes # 0
Posted November 4, 2011 at 11:51PM
If you're running Vista then its own firewall is OK. Consider dumping Comodo and Avira and try Avast free for a while. Make sure you use the tools needed to uninstall these if applicable. Use Javacools Spywareblaster as a blocker and the usual Malwarebytes and SAS as free antimalware manual scanners. See how you get on.
Then go to regedit then Edit, then Find and paste HKEYLOCALMACHINE\Software\Microsoft\DbgagD\1\value, or other parts thereof to see if something comes up.
Reply to this topic
This thread has been locked.
Check out PC Advisor's other tech forums
Top 5 Most Popular
-
New Xbox One release date, specs, features and price in UK
-
Samsung Galaxy S4 vs Nexus 4 smartphone comparison review: what's the best Android?
-
Samsung Galaxy S4 vs Apple iPhone 5 comparison review
-
Galaxy S4 vs BlackBerry Z10 comparison review - which is best, the Samsung or the BlackBerry?
-
Microsoft Windows 8 review
