dragon_updater.exe always running

So is icedragon_updater.exe, here is a screenshot of them in process explorer:

Windows 8, Comodo firewall, Avira antivirus, Zemana AntiLogger, WinPatrol, EMET

I believe this is intended behavior, not a bug.

If you look at the full size pic you will see dragon_updater has a thread called KEYCRY~3.dll!InjectMe+0xaf0 that is actively using the CPU, and there are more shown in the pic. I noticed that a process called cmdupd.exe has a similar thread called !InjectMe+0xc40 that is using the CPU, although I think when I started this reply !InjectMe+0xe10 was active…

PS (Paranoia Script): After I typed the name of the thread, there was multiple rapid changes in the running threads and I was disconnected from the internet. One of the threads affected was a few (I have 7 running now) clones of !RtlUserThreadWithCsrss+0x174…

PPS: After I closed Firefox after positing this, I saw an error message underneath saying that Comodo Dragon has crashed, and asking me if I want to restart it… I was not using Dragon, just Firefox in the sandbox… which after closing also gave me an update error saying “patch apply failed”, but that is probably due to it being sandboxed… but I didn’t want to ignore any unusual behavior in this report.

I don’t use Dragon, but as I understand it, there is an updater service that is always running. I believe if you turn off auto-updates, it no longer runs.

I have turned off the auto-updater yet I still have the “dragon_updater.exe” or something like that running.

Yours might be different than mine, as you have disabled auto-update, but could you please check in process explorer in the threads and see if you have an !InjectMe… entry? I just found another one in rundll32.exe called KEYCRY~3.DLL!InjectMe+0xcf0, as well as KEYCRY~3.DLL!InjectMe+0xaf0, the later of which is using the CPU.

I would disable automatic updates, but it doesn’t seem like it would benefit me as apparently your is always running too…

I actually killed the process =S I’ll have to restart in order to check again however It’s later so I’ll do that tomorrow, sorry.

Unfortunately, turning off auto-update and terminating the process - which causes process hacker to hang :o - is only temporally solution. If you don’t want these processes running, disable the service(s) from services.msc and/or delete/rename the dragon_updater.exe/icedragon_updater.exe from each respective program folder.

Well I found out that the KEYCRY~3.dll!InjectMe+0xaf0 thread was referring to a core component of Zemana AntiLogger, a keylogger protection program… I don’t know anything about coding but it the !InjectMe part looks like the .dll was being targeted for an attack, as shortly after I noticed them my passwords were stolen… I’m not to worried about fixing everything now as it will likely be attacked again regardless, I just wanted to fill in the blank on the KEYCRY thing… although it looks like KEYCRY~4.dll is more common, a search for KEYCRY~3.dll on Google only returns 4 results, but I’m probably just being redirected… ahh whatever…

btw: why does my second post have a “!” above it?

If you check the registry, you’ll find 3 entry’s for dragon_updater.exe.
There is a REG_DWORD “Start” with a value of 2. If you change it to 1, the updater does not start.

I wonder (this is a question for a developer) what the REG_DWORD “Type” with a value of 10 does.
Is it possible there is a value for this, or both REG_DWORD’s, that will start dragon_updater.exe so it will check on startup of the OS and than exits?

[attachment deleted by admin]

For me I disabled Dragon_updated.exe within Services. Also It is Disabled within Settings under Dragon.

And I have not notice it running at all, since those changes.