Avast WEBforum

Other => Viruses and worms => Topic started by: roro on August 25, 2013, 12:20:39 AM

Title: gzj.jsopen
Post by: roro on August 25, 2013, 12:20:39 AM
How do I remove how do I remove gzj.jsopen.  i have run virus scan and boot scan and it is still here. 
Ro Ro
Title: Re: gzj.jsopen
Post by: Asyn on August 25, 2013, 12:38:21 AM
Please attach your logs. (AdwCleaner, MBAM, and OTL..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
Title: Re: gzj.jsopen
Post by: roro on August 25, 2013, 01:02:40 AM
I just got this new Windows 8 machine and only have Avast.  What logs do you want?  I haven't changed the things that I have installed on this new machine so you are seeing stuff that is on the Windows vista machine that I don't use any more.  Should I download one of the new adware checkers?  If so which do you suggest?
I caused this problem by downloading a small program I think.  I did uninstall it but apparently I can't seem to get rid of this hijacker.  I haven't had any viruses for years since I started using Avast.
Title: Re: gzj.jsopen
Post by: Pondus on August 25, 2013, 01:12:37 AM
Quote
What logs do you want?
Quote
If so which do you suggest?
did you not read asyn's post    ::)

Title: Re: gzj.jsopen
Post by: Secondmineboy on August 25, 2013, 01:13:28 AM
Just download the programs in the link which Asyn posted, Instructions are also there.

There is also shown where you should save these and where you can find the logs.
Please attach DONT COPY AND PASTE the logs. ;)
Title: Re: gzj.jsopen
Post by: essexboy on August 25, 2013, 11:54:32 AM
Hi RoRo lets have a quick looksee

I think I know this miscreant :)

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
Secondary link  (http://www.itxassociates.com/OT-Tools/OTL.exe)
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT


Title: Re: gzj.jsopen
Post by: roro on August 25, 2013, 01:12:27 PM
There was only one file called OTL.txt.  I have attached it.
Title: Re: gzj.jsopen
Post by: Secondmineboy on August 25, 2013, 01:32:13 PM
There is the Norton Internet Security on your PC.
You should only have ONE antivirus on your PC at the same time.

I would recommend to remove this with this tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Choose the second option in the list.
Title: Re: gzj.jsopen
Post by: roro on August 25, 2013, 02:35:33 PM
I have removed Norton with the removal tool per your instructions.  I hate that it comes with some of these machines and wanted to get rid of it throughly.  I have been using Avast for many years and always been happy with it. 
Thank you,
Ro Ro
Title: Re: gzj.jsopen
Post by: essexboy on August 25, 2013, 03:06:32 PM
OK let me know if this kills it for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: lyrix%40lyrixeeker.co:1.128
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\128.xpi [2013/08/16 04:13:28 | 000,005,477 | ---- | M] ()
[2013/08/17 08:28:08 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/08/17 08:27:56 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\plugin@getwebcake.com
[2013/08/16 04:13:28 | 000,005,477 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRIXEEKER\128.XPI
O2 - BHO: (LyricXeeker) - {47f90046-b382-4d3f-a9f9-57076589b4e6} - C:\Program Files (x86)\LyriXeeker\128.dll (LyricXeeker)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\rshaw_000\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-2233092874-3329584315-4037310277-1002..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
[2013/08/17 08:28:11 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/08/17 08:27:58 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Local\TopArcadeHits
[2013/08/17 08:27:44 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/08/17 08:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/16 04:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
[2013/08/25 04:23:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
THEN

Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Title: Re: gzj.jsopen
Post by: roro on August 25, 2013, 05:51:29 PM
I have done both processes and have attached the two log files.
So far so good.  I haven't seen the gzj.jsopen window open in firefox yet, and I have gone to several websites.   If it shows up again, I will certainly come back to this topic.
Thank you so much for all your help.  It was great and so are you.

RoRo 8)
Title: Re: gzj.jsopen
Post by: essexboy on August 25, 2013, 06:49:40 PM
There were actually four or five adbars in that.  If you are happy run OTL and press cleanup then delete JRT from the desktop :)
Title: Re: gzj.jsopen
Post by: roro on August 25, 2013, 08:12:50 PM
Ok, for now I will leave everything as it is. If I get any more problems, I will be back.
Thanks again.
Ro 8)
Title: Re: gzj.jsopen
Post by: roro on August 26, 2013, 12:12:27 PM
Is it necessary or vital to run cleanup on OTL? 
RoRo
Title: Re: gzj.jsopen
Post by: Asyn on August 26, 2013, 12:29:28 PM
Is it necessary or vital to run cleanup on OTL? 
RoRo

No, but as it has no update function you've to download a new version anyway if you ever should need it again.