can't remove magicControl.agent can some one help

Welcome to Majorgeeks!

Please do not post any logs inline and while doing the steps below, make sure you install HijackThis exactly where requested in C:\Program Files\HJT\hijackthis.exe If you don't do this, steps we will need to do later will not work.

Make sure you also pay attention to step 3, you have multiple antivirus applications installed.

Question: Is your copy of Ewido a paid version or free trial? If free, when was it installed.


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Okay! Now that you have HijackThis installed correctly. We can run the procedure I was mentioning. It is a special way of running HijackThis that will help us locate a hidden process that is running.
Copy the below quoted text into a new notepad document.
Click File> Save as... and change Save as type to all files, set the File name to runhjt.bat and save it to your Desktop.

Now execute runhjt.bat by double clicking on it. A new HJT log will come up. The file is already save in the folder where HJT is run from. This should be C:\Program Files\HJT if you followed our directions for installing HJT. Attach this new log. I'm suspecting it will reveal another hidden executable process which is the cause for MCA coming back. HJT is also still running minimized. You can close it.

 

It does not look like you ran the runhjt.bat file to run HijackThis. If it is not run exactly as requested it will not reveal what I'm looking for.

Did you run it exactly as requested from the .bat file?

As a backup to that procedure, also run the below.

Please download Silent Runner's

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and attach it to your next message.

NOTE: If you receive any warning messages from your antivirus or antispyware programs about a script trying to be run , please choose to allow the script to run.

 

Your logs are not showing the typical symptoms that are seen with MagicControlAgent. Let's try the below!

Uninstall Windows Defender and then reboot.

Now copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixMCA.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixMCA.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now do a new Spybot scan and attach the log from Spybot so I can see exactly what it is reporting.


Also let's get an installed programs list from HijackThis.

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Let's try another patch to the registry since Spybot is detecting another key that I did not ask you to fix in the last patch.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixMCA2.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixMCA2.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Did that work?

 

This is typical of MagicControlAgent and it normally means that there is a hidden process that is running. But when you ran the runhjt.bat file, nothing is showing up like it normally does. This is a little confusing.

Let's try the below procedure and attach the log:

Running WinPfind by OldTimer

 

Well that is more than likely the hidden process I was looking for! You will notice in the WinPfind log the below is observed:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
bpsidg c:\windows\system32\bpsidg.exe bpsidg

This bpsidg process is the one I was indicating that should be showing up when HJT was run using the runhjt.bat method. Did you fix this using Blacklight? Have you deleted the c:\windows\system32\bpsidg.exe file? Is Spybot clean now?

 

You're welcome!

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Great! Surf safely!