Solved

What is zrt_lookup.js from Google?

Posted on 2014-10-03
8
1,734 Views
Last Modified: 2016-11-23
I have begun receiving a notification to "Open or save zrt_lookup.js from googleads.g.doubleclick.net?" fairly regularly while on the Internet after recently installing a Comodo firewall and would like to find out more about it. I'm on a Dell Inspiron 1505 w/ Win7 and IE 10, current updates and clean. Would like to block message if possible if I don't need to run this file. Thanks,

Sam
0
Comment
Question by:SamK04
  • 4
  • 3
8 Comments
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
SamK04--
First, some background.
This may be related to Google AdSense.  Is this happening on a website you coded?  Is this happening on one specific website or many?
There are many references to zrt_lookup.html but very few to zrt_lookup.js.  A scan of the latter using many different antivirus scanners resulted in only one hit--related to a Trojan Win32/Urelas.W .
http://r.virscan.org/report/b0dd9c1a0a31bff01154ae614144422d

That Trojan can be eliminated using the long procedure here
http://malwaretips.com/blogs/trojan-win32-urelas-w-removal/
(see the section "How to remove Trojan:Win32/Urelas.W virus (Removal Guide)")

That is a lot of work for what may be an incorrect diagnosis.

I understand this started fairly recently.  Can you use System Restore to go back to a date before you got the messages?  Try that first.

Do you find a file named zrt_lookup.js on your PC?  If so have Virus Total do a scan of it.  https://www.virustotal.com/

You may want to post this question here
http://www.experts-exchange.com/Software/Anti-Virus/
0
 

Author Comment

by:SamK04
Comment Utility
It's fairly steady and comes up about every third or fourth website.
 I don't remember it before I installed that Comodo firewall.
I don't have a file by that name from a file search either.
I will review the links and check for infection but I run MS Security Essentials and Malwarebytes scans regularly.
I hope it's just something that provides another ad window on a webpage and would like to block it if possible.
Thanks
0
 
LVL 18

Expert Comment

by:hopeleonie
Comment Utility
Can you upload zrt_lookup.js to https://www.virustotal.com/ ?
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
SamK04--
From my post http:#a40361396  
"Can you use System Restore to go back to a date before you got the messages?  "

"That Trojan can be eliminated using the long procedure here
http://malwaretips.com/blogs/trojan-win32-urelas-w-removal/
 (see the section "How to remove Trojan:Win32/Urelas.W virus (Removal Guide)") "

"You may want to post this question here
http://www.experts-exchange.com/Software/Anti-Virus/  "

While only a work around, do you have the IE Popup Blocker turned on?  (IE Tools|Popup Blocker)
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:SamK04
Comment Utility
I have no system restore point to revert back to before the notifications began, but I did run the long list of scans and came up clean. I uploaded the file to virustotal and it came back ok also. Let me post this in the antivirus forum and see what else may come.

If I post somewhere else can someone advise how to grade this question?
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 500 total points
Comment Utility
SamK04--
"If I post somewhere else can someone advise how to grade this question? "
If you feel the suggestions made so far have some value see
http://www.experts-exchange.com/help/viewHelpPage.jsp?helpPageID=26

But have you used the popup blocker?
Do you use AdSense?  http://www.google.com/adsense/start/

Since your scans indicate the zrt_lookup.js is not malware, you could try
1)  Opening it as the message suggests.   (Backup or create a System Restore point first.)
2)  Disabling zrt_lookup.js by renaming it.
0
 

Author Closing Comment

by:SamK04
Comment Utility
Thank you, I took your advice and backed up, scanned and let it run. No problems since. Continued scans have turned up clean and all suggested malware scans earlier were helpful.....

Sam
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
SamK04--
Glad all is well.  You are welcome.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
This video demonstrates how to use each tool, their shortcuts, where and when to use them, and how to use the keyboard to improve workflow.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now