Author Topic: gzj.jsopen  (Read 1453 times)

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
gzj.jsopen
« on: August 24, 2013, 10:20:39 PM »
How do I remove how do I remove gzj.jsopen.  i have run virus scan and boot scan and it is still here. 
Ro Ro
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24899
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #1 on: August 24, 2013, 10:38:21 PM »
Please attach your logs. (AdwCleaner, MBAM, and OTL..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
« Last Edit: August 24, 2013, 10:45:58 PM by Asyn »
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #2 on: August 24, 2013, 11:02:40 PM »
I just got this new Windows 8 machine and only have Avast.  What logs do you want?  I haven't changed the things that I have installed on this new machine so you are seeing stuff that is on the Windows vista machine that I don't use any more.  Should I download one of the new adware checkers?  If so which do you suggest?
I caused this problem by downloading a small program I think.  I did uninstall it but apparently I can't seem to get rid of this hijacker.  I haven't had any viruses for years since I started using Avast.
« Last Edit: August 24, 2013, 11:07:40 PM by roro »
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21651
  • Gender: Male
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #3 on: August 24, 2013, 11:12:37 PM »
Quote
What logs do you want?
Quote
If so which do you suggest?
did you not read asyn's post    ::)

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1825
  • Gender: Male
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #4 on: August 24, 2013, 11:13:28 PM »
Just download the programs in the link which Asyn posted, Instructions are also there.

There is also shown where you should save these and where you can find the logs.
Please attach DONT COPY AND PASTE the logs. ;)
Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2017 SP1 Beta, Malwarebytes 2 PRO, MCShield, Secunia PSI, Unchecky

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #5 on: August 25, 2013, 09:54:32 AM »
Hi RoRo lets have a quick looksee

I think I know this miscreant :)

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #6 on: August 25, 2013, 11:12:27 AM »
There was only one file called OTL.txt.  I have attached it.
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline Steven Winderlich

  • Super Poster
  • ***
  • Posts: 1825
  • Gender: Male
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #7 on: August 25, 2013, 11:32:13 AM »
There is the Norton Internet Security on your PC.
You should only have ONE antivirus on your PC at the same time.

I would recommend to remove this with this tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Choose the second option in the list.
Windows 8.1 Update 1 64-Bit, Avast 2014 Free 9.0.2017 SP1 Beta, Malwarebytes 2 PRO, MCShield, Secunia PSI, Unchecky

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #8 on: August 25, 2013, 12:35:33 PM »
I have removed Norton with the removal tool per your instructions.  I hate that it comes with some of these machines and wanted to get rid of it throughly.  I have been using Avast for many years and always been happy with it. 
Thank you,
Ro Ro
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #9 on: August 25, 2013, 01:06:32 PM »
OK let me know if this kills it for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: lyrix%40lyrixeeker.co:1.128
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\128.xpi [2013/08/16 04:13:28 | 000,005,477 | ---- | M] ()
[2013/08/17 08:28:08 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/08/17 08:27:56 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\plugin@getwebcake.com
[2013/08/16 04:13:28 | 000,005,477 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRIXEEKER\128.XPI
O2 - BHO: (LyricXeeker) - {47f90046-b382-4d3f-a9f9-57076589b4e6} - C:\Program Files (x86)\LyriXeeker\128.dll (LyricXeeker)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\rshaw_000\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-2233092874-3329584315-4037310277-1002..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
[2013/08/17 08:28:11 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/08/17 08:27:58 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Local\TopArcadeHits
[2013/08/17 08:27:44 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/08/17 08:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/16 04:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
[2013/08/25 04:23:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #10 on: August 25, 2013, 03:51:29 PM »
I have done both processes and have attached the two log files.
So far so good.  I haven't seen the gzj.jsopen window open in firefox yet, and I have gone to several websites.   If it shows up again, I will certainly come back to this topic.
Thank you so much for all your help.  It was great and so are you.

RoRo 8)
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #11 on: August 25, 2013, 04:49:40 PM »
There were actually four or five adbars in that.  If you are happy run OTL and press cleanup then delete JRT from the desktop :)

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #12 on: August 25, 2013, 06:12:50 PM »
Ok, for now I will leave everything as it is. If I get any more problems, I will be back.
Thanks again.
Ro 8)
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline roro

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 437
  • Gender: Female
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #13 on: August 26, 2013, 10:12:27 AM »
Is it necessary or vital to run cleanup on OTL? 
RoRo
2003 Win XP SP3, Pent4 2.4 GHz, OE, 1 GB RAM, 80GB HD, comodo firewall
2008 Windows 7 32 bit, 1,8 GHZ, 4 GB RAM,,Windows Defender, windows firewall
(all Machines Avast 8.01483, MBAM, SAS, Firefox 20.01 and IE 8

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24899
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: gzj.jsopen
« Reply #14 on: August 26, 2013, 10:29:28 AM »
Is it necessary or vital to run cleanup on OTL? 
RoRo

No, but as it has no update function you've to download a new version anyway if you ever should need it again.
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now