How do I remove how do I remove gzj.jsopen. i have run virus scan and boot scan and it is still here.
Ro Ro
Please attach your logs. (AdwCleaner, MBAM, and OTL…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
I just got this new Windows 8 machine and only have Avast. What logs do you want? I haven’t changed the things that I have installed on this new machine so you are seeing stuff that is on the Windows vista machine that I don’t use any more. Should I download one of the new adware checkers? If so which do you suggest?
I caused this problem by downloading a small program I think. I did uninstall it but apparently I can’t seem to get rid of this hijacker. I haven’t had any viruses for years since I started using Avast.
What logs do you want?
If so which do you suggest?did you not read asyn's post ::)
Just download the programs in the link which Asyn posted, Instructions are also there.
There is also shown where you should save these and where you can find the logs.
Please attach DONT COPY AND PASTE the logs.
Hi RoRo lets have a quick looksee
I think I know this miscreant
Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
There was only one file called OTL.txt. I have attached it.
There is the Norton Internet Security on your PC.
You should only have ONE antivirus on your PC at the same time.
I would recommend to remove this with this tool: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us
Choose the second option in the list.
I have removed Norton with the removal tool per your instructions. I hate that it comes with some of these machines and wanted to get rid of it throughly. I have been using Avast for many years and always been happy with it.
Thank you,
Ro Ro
OK let me know if this kills it for you
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:OTL
FF - prefs.js..extensions.enabledAddons: lyrix%40lyrixeeker.co:1.128
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyrix@lyrixeeker.co: C:\Program Files (x86)\LyriXeeker\128.xpi [2013/08/16 04:13:28 | 000,005,477 | ---- | M] ()
[2013/08/17 08:28:08 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/08/17 08:27:56 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\rshaw_000\AppData\Roaming\mozilla\Firefox\Profiles\f45kqbdr.default\extensions\plugin@getwebcake.com
[2013/08/16 04:13:28 | 000,005,477 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRIXEEKER\128.XPI
O2 - BHO: (LyricXeeker) - {47f90046-b382-4d3f-a9f9-57076589b4e6} - C:\Program Files (x86)\LyriXeeker\128.dll (LyricXeeker)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\rshaw_000\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-2233092874-3329584315-4037310277-1002..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
[2013/08/17 08:28:11 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/08/17 08:27:58 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Local\TopArcadeHits
[2013/08/17 08:27:44 | 000,000,000 | ---D | C] -- C:\Users\rshaw_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/08/17 08:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/16 04:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker
[2013/08/25 04:23:37 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download Junkware Removal Tool to your desktop.
[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.
I have done both processes and have attached the two log files.
So far so good. I haven’t seen the gzj.jsopen window open in firefox yet, and I have gone to several websites. If it shows up again, I will certainly come back to this topic.
Thank you so much for all your help. It was great and so are you.
RoRo 8)
There were actually four or five adbars in that. If you are happy run OTL and press cleanup then delete JRT from the desktop
Ok, for now I will leave everything as it is. If I get any more problems, I will be back.
Thanks again.
Ro 8)
Is it necessary or vital to run cleanup on OTL?
RoRo
No, but as it has no update function you’ve to download a new version anyway if you ever should need it again.