What is zrt_lookup.js from Google?

Posted on 2014-10-03
Last Modified: 2016-11-23
I have begun receiving a notification to "Open or save zrt_lookup.js from" fairly regularly while on the Internet after recently installing a Comodo firewall and would like to find out more about it. I'm on a Dell Inspiron 1505 w/ Win7 and IE 10, current updates and clean. Would like to block message if possible if I don't need to run this file. Thanks,

Question by:SamK04
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 50

Expert Comment

ID: 40361396
First, some background.
This may be related to Google AdSense.  Is this happening on a website you coded?  Is this happening on one specific website or many?
There are many references to zrt_lookup.html but very few to zrt_lookup.js.  A scan of the latter using many different antivirus scanners resulted in only one hit--related to a Trojan Win32/Urelas.W .

That Trojan can be eliminated using the long procedure here
(see the section "How to remove Trojan:Win32/Urelas.W virus (Removal Guide)")

That is a lot of work for what may be an incorrect diagnosis.

I understand this started fairly recently.  Can you use System Restore to go back to a date before you got the messages?  Try that first.

Do you find a file named zrt_lookup.js on your PC?  If so have Virus Total do a scan of it.

You may want to post this question here

Author Comment

ID: 40361700
It's fairly steady and comes up about every third or fourth website.
 I don't remember it before I installed that Comodo firewall.
I don't have a file by that name from a file search either.
I will review the links and check for infection but I run MS Security Essentials and Malwarebytes scans regularly.
I hope it's just something that provides another ad window on a webpage and would like to block it if possible.
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 40361824
Can you upload zrt_lookup.js to ?
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

LVL 50

Expert Comment

ID: 40362250
From my post http:#a40361396 
"Can you use System Restore to go back to a date before you got the messages?  "

"That Trojan can be eliminated using the long procedure here
 (see the section "How to remove Trojan:Win32/Urelas.W virus (Removal Guide)") "

"You may want to post this question here  "

While only a work around, do you have the IE Popup Blocker turned on?  (IE Tools|Popup Blocker)

Author Comment

ID: 40362947
I have no system restore point to revert back to before the notifications began, but I did run the long list of scans and came up clean. I uploaded the file to virustotal and it came back ok also. Let me post this in the antivirus forum and see what else may come.

If I post somewhere else can someone advise how to grade this question?
LVL 50

Accepted Solution

jcimarron earned 500 total points
ID: 40364057
"If I post somewhere else can someone advise how to grade this question? "
If you feel the suggestions made so far have some value see

But have you used the popup blocker?
Do you use AdSense?

Since your scans indicate the zrt_lookup.js is not malware, you could try
1)  Opening it as the message suggests.   (Backup or create a System Restore point first.)
2)  Disabling zrt_lookup.js by renaming it.

Author Closing Comment

ID: 40398539
Thank you, I took your advice and backed up, scanned and let it run. No problems since. Continued scans have turned up clean and all suggested malware scans earlier were helpful.....

LVL 50

Expert Comment

ID: 40399845
Glad all is well.  You are welcome.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question