We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

hidden registry file in avira scan.. how to find out its cause?


theDarkness
Resolved

Likes # 0

This was shown after a full Avira scan as hidden:-

HKEYLOCALMACHINE\Software\Microsoft\DbgagD\1\value

How can I find out where its likely to have come from-or if its of any concern? Its not looking good when I google it up and am finding some infected users, although Avira admittedly didnt pick anything else up. After this I updated malwarebytes and ran a full scan with that also. It found malware, but it was my wirelesskeyviewer.exe. Even if ignored, after I update malwarebytes it sometimes get picked up again as malware, a false positive-to be expected with similar aspects to what real malware would do-look for valuable program related details. Its also stated on its official website in the FAQ first post how it can be picked up. http://www.nirsoft.net/utils/wirelesswepkey_faq.html

Nothing else was found in malwarebytes, so is my hidden registry key at the top (detected in only avira as a hidden entry) to be of any concern? I am trying to find out what Microsoft/DbgagD/1 usually relates to, eg if its related to one particular program, but have not had much luck yet :( thanks if anyone can help :)

Like this post
gengiscant

Likes # 0

It looks like it might be a virus. Google

Like this post
theDarkness

Likes # 0

It has appeared on many supposedly infected systems, but so do alot of other registry entries. Admittedly most of the posts I have found mentioning it, were suspect of it, and posted within the last few days. So far no antivirus programs state that this hidden registry entry is unwanted material or malware. I have had hidden entries detected before that did no damage. There seems to be no way of finding out what the entry could be connected with, and if its something that should be deleted. If so then Ill need to find out the best method of deletion if it turns out to be something I definately dont want.

Aside from my wirelesskey checking program, a fully updated malwarebytes did not find this hidden registry entry (or at least did not give me any related warnings). thanks

Like this post
theDarkness

Likes # 0

update:-Ill need to find a good tool to show this hidden entry-I use 'regedit' and when I click on the location I get "cannot be opened. an error is preventing this key being opened." but instead of "details: this key is protected" or similar, I get "the system cannot find the file specified".

Like this post
theDarkness

Likes # 0

one last post-Ive reinstalled windows, and the exact same registry entry has appeared yet again, in the same place. Although Ive created system restore points whilst updating windows, I am unable to restore to any set dates (eg before any windows update), as after the restoration Im given a general message saying that there was an issue and it couldnt go back to my set date. All I did after the reinstall of windows, was update it, and then install office 2007. The same registry entry shows once again as being non deletable/unreadable, as if corrupt? One of the folders in the registry under this DbgagD entry is called "1", and when I click on it, windows states that it cannot find the file specified, so I dont know whether to bother ignoring this entry from now on as just corrupt, or constantly reinstall windows until I work out what program could be causing the entry to appear :( i tried RegDelNull but in vista it would immediately state that the scan was finished upon clicking, so im looking for a similar tool that can remove registry entries with corrupt or null-embedded characters

Like this post
robinofloxley

Likes # 0

1st item here shows how to set up logging/events for it.

Maybe of use?

Like this post
theDarkness

Likes # 0

that was me :) ive found very little on it so far, DbGagD seems to be some sort of generic term, as other users have also been suspicious of it, located at [HKEYLOCALMACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

With my own value at Software\Microsoft in the registry, I cant do a system restore, but that could also be down to the protection software and not the suspicious registry file (I have avira and comodo installed). When I try a restore before the registry entry appeared, I get this:- http://img193.imageshack.us/img193/5453/unledlts.jpg

The bottom image is when I try and log off and in again as another user, im not sure if its related or not, but its been happening over the past few days too (the same time as the above registry entry reappearing-but that could be a coincidence). Im not sure what to do other than reinstall for the 3rd time and install nothing at all aside from windows updates (or just office updates) to see if thats the main cause. I cant remove the registry entry at all-that probably annoys me more than the possible fact that it (might not) be an infection :)

Like this post
robinofloxley

Likes # 0

I have found my Avira has caused Restores to fail and then succeeded when I disabled the Real Time Guard.

Dunno if yo want to try that.

Like this post
rdave13

Likes # 0

Reading your other posts on other forums it looks like Avira is sending false positives. Combofix fixed you alright and you reinstalled. Wait for Avira's next update to see if this reg file is still being prompted. It might be Avira picking up its own files?

Like this post
theDarkness

Likes # 0

Im using the free versions of avira and comodo. It could well be aviras updates adding uneditable/undeletable registry entries if its not microsofts own, but I have noticed DbgagD files from as far back as 2007 on google. I know avira is supposed to be one of the best free antivirus programs, but with the current COMCTL32.dl issue-ive just had this when trying to update avira and trying to check to see if real time guard is running. That indicates to me that avira could be the culprit, with the COMCTL32 driver at least. I might try another antivirus program for the time being. I think ill leave office 2007 (and all other major programs) off the system too until vista is fully up to date, to see if the same registry entry appears again. I thought comodo may have been more likely at blocking my system restores, as some websites state it can be an awkward program and block necessary processes etc, but avira seems to be the only one thats actually playing up. If I cant get a system restore, then perhaps after a reinstall I should try replacing the firewall too. Zonealarm is the only one that ive had issues with in the past (switching off on its own) but that was a long time ago :) thanks

Like this post
rdave13

Likes # 0

If you're running Vista then its own firewall is OK. Consider dumping Comodo and Avira and try Avast free for a while. Make sure you use the tools needed to uninstall these if applicable. Use Javacools Spywareblaster as a blocker and the usual Malwarebytes and SAS as free antimalware manual scanners. See how you get on.

Then go to regedit then Edit, then Find and paste HKEYLOCALMACHINE\Software\Microsoft\DbgagD\1\value, or other parts thereof to see if something comes up.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...