Magic Control Agent

Welcome to Majorgeeks!

Magic Control Agent removal can be tricky.

Please download & run Blacklight Beta

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the Blacklight log file here.

 

The below procedure is normally used to removed Look2Me infections, but it can also sometimes fix problems with SeDebugPriviledges. Run it first and attach the Look2Me-Destroyer log here. The retry Blacklight.

Look2Me VX2 Removal

 

Download - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later to run it.


Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click OK.

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

c:\WINDOWS\Prefetch\JWPENF.EXE-113462DF.pf
c:\WINDOWS\system32\jwpenf.dat
C:\windows\system32\jwpenf.exe
c:\WINDOWS\system32\jwpenf_nav.dat
c:\windows\system32\key.~
c:\windows\system32\winupdt.008
c:\windows\system32\micront.exe

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself. However BOOT INTO SAFE MODE during this reboot and do not run anything but what I request. DO NOT open any browsers!

Please run HijackThis and do a System Scan only and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKCU\..\RunServices: [Required Service Drivers] micront.exe

Now exit HJT
Run Windows Explorer and double check to make sure the below files are all deleted (some we already got with killbox):
c:\WINDOWS\Prefetch\JWPENF.EXE-113462DF.pf
c:\WINDOWS\system32\jwpenf.dat
C:\windows\system32\jwpenf.exe
c:\WINDOWS\system32\jwpenf_nav.dat
c:\windows\system32\key.~
c:\windows\system32\winupdt.008
c:\windows\system32\micront.exe

Now reboot into normal mode and after reboot double check the same HJT entries I had you fix above and if any still remain, fix them again a second time.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now attach a new HJT log.

Also tell me how things are working!

 

The instructions begin as:

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.

After that proceed with the previous instructions.

 

Who was reporting MagicControl Agent? Was it Spybot? If it still reports it, attach a log from Spybot.

Have HijackThis fix the below line:

O4 - HKLM\..\Run: [jwpenf] c:\windows\system32\jwpenf.exe jwpenf


Then double check to make sure the below file is gone:
c:\windows\system32\jwpenf.exe

 

Two of the file reported by Panda I asked you to delete in message number 7. Did you delete the below:


c:\windows\system32\log.~
c:\windows\system32\winupdt.bin

Other than thay you are basically clean other than a few stray harmless registry entries that Panda is not giving any info on. So we cannot do anything to try to fix them anyway.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

You're welcome! Make sure you have enabled viewing of hidden and system files as instructed in the READ ME.

Surf Safely!