Author Topic: gzj.jsopen  (Read 7665 times)

0 Members and 1 Guest are viewing this topic.

roro

  • Guest
gzj.jsopen
« on: August 25, 2013, 12:20:39 AM »
How do I remove how do I remove gzj.jsopen.  i have run virus scan and boot scan and it is still here. 
Ro Ro

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: gzj.jsopen
« Reply #1 on: August 25, 2013, 12:38:21 AM »
Please attach your logs. (AdwCleaner, MBAM, and OTL..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
« Last Edit: August 25, 2013, 12:45:58 AM by Asyn »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

roro

  • Guest
Re: gzj.jsopen
« Reply #2 on: August 25, 2013, 01:02:40 AM »
I just got this new Windows 8 machine and only have Avast.  What logs do you want?  I haven't changed the things that I have installed on this new machine so you are seeing stuff that is on the Windows vista machine that I don't use any more.  Should I download one of the new adware checkers?  If so which do you suggest?
I caused this problem by downloading a small program I think.  I did uninstall it but apparently I can't seem to get rid of this hijacker.  I haven't had any viruses for years since I started using Avast.
« Last Edit: August 25, 2013, 01:07:40 AM by roro »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: gzj.jsopen
« Reply #3 on: August 25, 2013, 01:12:37 AM »
Quote
What logs do you want?
Quote
If so which do you suggest?
did you not read asyn's post    ::)


Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: gzj.jsopen
« Reply #4 on: August 25, 2013, 01:13:28 AM »
Just download the programs in the link which Asyn posted, Instructions are also there.

There is also shown where you should save these and where you can find the logs.
Please attach DONT COPY AND PASTE the logs. ;)
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: gzj.jsopen
« Reply #5 on: August 25, 2013, 11:54:32 AM »
Hi RoRo lets have a quick looksee

I think I know this miscreant :)

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs

roro

  • Guest
Re: gzj.jsopen
« Reply #6 on: August 25, 2013, 01:12:27 PM »
There was only one file called OTL.txt.  I have attached it.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: gzj.jsopen
« Reply #7 on: August 25, 2013, 01:32:13 PM »
There is the Norton Internet Security on your PC.
You should only have ONE antivirus on your PC at the same time.

I would recommend to remove this with this tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Choose the second option in the list.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

roro

  • Guest
Re: gzj.jsopen
« Reply #8 on: August 25, 2013, 02:35:33 PM »
I have removed Norton with the removal tool per your instructions.  I hate that it comes with some of these machines and wanted to get rid of it throughly.  I have been using Avast for many years and always been happy with it. 
Thank you,
Ro Ro

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: gzj.jsopen
« Reply #9 on: August 25, 2013, 03:06:32 PM »
OK let me know if this kills it for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: lyrix%40lyrixeeker.co:1.128
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\128.xpi [2013/08/16 04:13:28 | 000,005,477 | ---- | M] ()
[2013/08/17 08:28:08 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/08/17 08:27:56 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\plugin@getwebcake.com
[2013/08/16 04:13:28 | 000,005,477 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRIXEEKER\128.XPI
O2 - BHO: (LyricXeeker) - {47f90046-b382-4d3f-a9f9-57076589b4e6} - C:\Program Files (x86)\LyriXeeker\128.dll (LyricXeeker)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\rshaw_000\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-2233092874-3329584315-4037310277-1002..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
[2013/08/17 08:28:11 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/08/17 08:27:58 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Local\TopArcadeHits
[2013/08/17 08:27:44 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/08/17 08:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/16 04:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
[2013/08/25 04:23:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

roro

  • Guest
Re: gzj.jsopen
« Reply #10 on: August 25, 2013, 05:51:29 PM »
I have done both processes and have attached the two log files.
So far so good.  I haven't seen the gzj.jsopen window open in firefox yet, and I have gone to several websites.   If it shows up again, I will certainly come back to this topic.
Thank you so much for all your help.  It was great and so are you.

RoRo 8)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: gzj.jsopen
« Reply #11 on: August 25, 2013, 06:49:40 PM »
There were actually four or five adbars in that.  If you are happy run OTL and press cleanup then delete JRT from the desktop :)

roro

  • Guest
Re: gzj.jsopen
« Reply #12 on: August 25, 2013, 08:12:50 PM »
Ok, for now I will leave everything as it is. If I get any more problems, I will be back.
Thanks again.
Ro 8)

roro

  • Guest
Re: gzj.jsopen
« Reply #13 on: August 26, 2013, 12:12:27 PM »
Is it necessary or vital to run cleanup on OTL? 
RoRo

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: gzj.jsopen
« Reply #14 on: August 26, 2013, 12:29:28 PM »
Is it necessary or vital to run cleanup on OTL? 
RoRo

No, but as it has no update function you've to download a new version anyway if you ever should need it again.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0