# Why is this happening!?



## 14yearpcmaker (Mar 11, 2007)

This just started this morning, when I search with any search engine, and click on a link that it brings up, it takes me to a diffrent search site. Once I click on one of the links on the diffrent search site, it says "The page cannot be displayed"...I have ran ccleaner,adaware,spybot S&D,spysweeper,avg free and none of them finds any problems. I have done all of the monthly tasks, etc...

This is an example of where I start out at:








And this is where I end up:









AND YES, I still have IE 6.0....7.0's tabs and looks make me want to puke. I even have this search problem in Firefox, so the version of IE isn't my problem. I have all currnet updates installed, and Zone alarm free.


----------



## Nevada (Sep 9, 2004)

I think you can be pretty sure you have an adware infection. If normal adware cleaning doesn't get rid of it, try using regedit and search your registry for "frisgo". Change anything that has frisgo.com to google.com.


----------



## 14yearpcmaker (Mar 11, 2007)

:shrug: Thanks. Nothing in my registry from frisgo..
Although, it's getting worse..I think...Something (or some one)
keeps trying to access my internet connection...This is the only computer on the net in our house... This is what zone alarm says:










Once again, I have ran all of the general scanners for junk...still nothing :shrug:


----------



## Nevada (Sep 9, 2004)

What is the IP address of your computer? How about your router? Can you ping 192.168.254.1?

Port 1625 is not normally associated with virus activity. I suspect it's a legit call. Can you remember what you were going when the warning arrived?


----------



## legacy (Oct 16, 2005)

Try changing your home page to "blank" and see what happens. Before you do that, delete every cookie in your cache. Ccleaner and adaware won't get them all and something may be hiding in there. Just in case you haven't already done so, RUN "%temp%" program if you have Windows XP and delete all the files you find, and then run a SEARCH for ".tmp" files and delete them all.


----------



## pixelphotograph (Apr 8, 2007)

I get people scanning me for netbios attacks all the time these are people randomly scanning the web and when they find an open Ip address they hit it with a netbios attack. Luckily your firewall is dont what it is supposed to and is stopping the attack by not allowing the scanner into your computer. You can turn off the alert so you dont see them anymore if it bothers you.

As for Firefox doing its weird thing......what version are you using?
No matter what version you are using turn off any scripting in your settings under tools I believe. Then reboot and restart Firefox to see if you still have the problem. Many times that will stop the problem.
Hope it helps.
Thanks Mike


----------



## 14yearpcmaker (Mar 11, 2007)

Nevada said:


> What is the IP address of your computer? How about your router? Can you ping 192.168.254.1?
> 
> Port 1625 is not normally associated with virus activity. I suspect it's a legit call. Can you remember what you were going when the warning arrived?


Uhh, I have no networking skills, so I have no clue as how to find my ip address form my computer and router. I also don't know how to 'ping'. Any help as how to do/find these settings would be greatly appreciated. 

I get the warning calls as soon as I go to a search engine...when searching for things such as "free media players" "Website themes and skins" "web board hosting services" etc.... 
It usually comes up before I even type into the search engine.


----------



## 14yearpcmaker (Mar 11, 2007)

legacy said:


> Try changing your home page to "blank" and see what happens. Before you do that, delete every cookie in your cache. Ccleaner and adaware won't get them all and something may be hiding in there. Just in case you haven't already done so, RUN "%temp%" program if you have Windows XP and delete all the files you find, and then run a SEARCH for ".tmp" files and delete them all.


Thanks for your help. I am running windows xp, and have done everything you have suggested, yet, I still have problems.


----------



## 14yearpcmaker (Mar 11, 2007)

pixelphotograph said:


> I get people scanning me for netbios attacks all the time these are people randomly scanning the web and when they find an open Ip address they hit it with a netbios attack. Luckily your firewall is dont what it is supposed to and is stopping the attack by not allowing the scanner into your computer. You can turn off the alert so you dont see them anymore if it bothers you.
> 
> As for Firefox doing its weird thing......what version are you using?
> No matter what version you are using turn off any scripting in your settings under tools I believe. Then reboot and restart Firefox to see if you still have the problem. Many times that will stop the problem.
> ...


Thanks for your help. I would rather know when zone alarm is blocking an attack for now, so I can see what sites it happens at most. I just downloaded the most current version of Firefox from mozilla.org last night, yet, I am still having problems. I also followed your suggestions..still have the problem.


----------



## Nevada (Sep 9, 2004)

14yearpcmaker said:


> Uhh, I have no networking skills, so I have no clue as how to find my ip address form my computer and router. I also don't know how to 'ping'. Any help as how to do/find these settings would be greatly appreciated.
> 
> I get the warning calls as soon as I go to a search engine...when searching for things such as "free media players" "Website themes and skins" "web board hosting services" etc....
> It usually comes up before I even type into the search engine.


I think it's from the search engine. I don't think it's a virus, but it's probably adware or spyware of some sort, otherwise it wouldn't try to use NetBIOS. I wouldn't let it in.

To see your basic network settings, go to your Command Prompt and type 'route print' (less quotes) then press Enter. The first number under Interface will be your IP address, and the first number under Gateway will be your router IP address. I would be interested in both.

To ping a host (either an IP address or domain name) go to the Command Prompt and type 'ping 192.168.254.1' (less quotes) then press Enter. If you got replies then you are communicating to the host. If you got timeouts then the host didn't reply. If you got "host unreachable" then at IP address can't be found at all.


----------



## 14yearpcmaker (Mar 11, 2007)

192.168.254.2 is the ip address. 
192.168.254 is the router ip address.

as for the 'pings' I got the "request times out" message.
Thanks for your help.


----------



## Nevada (Sep 9, 2004)

14yearpcmaker said:


> 192.168.254.2 is the ip address.
> 192.168.254 is the router ip address.
> 
> as for the 'pings' I got the "request times out" message.
> Thanks for your help.


The router IP address is missing a number. I'm gussing it's 192.168.254.1

Try to ping again. Your router should reply to pings. It's possible that ZoneAlarm is blocking ping requests. You can test your ping utility by pinging your own IP address.

At any rate, the NetBIOS request is definately coming from the outside. It displays your router IP address, but you can bet that is comes from somewhere else.


----------



## pixelphotograph (Apr 8, 2007)

I would contac Frisgo and ask them why they keep showing up after you log into google search. Their website in teh ABOUT US Section states "Frisgo does not produce, support, or condone any forms of malicious spyware, adware, or other unwanted desktop applications or software."

Youve done alot of the things I wouldve done to get rid of it so seems rather odd.
Have you checked the control panel add remove programs to see if there is anything odd in there you dont recognize that may have gotten installed.


----------



## 14yearpcmaker (Mar 11, 2007)

Router is replying to pings after I reset it. Funny thing, I just downloaded and installed Crazy Browser, and the problem quit. (The problem still remains in FF and IE tho) I have to say that crazy browser is some what faster and better than FF and IE, I guess I will stick with it if it gets rid of my problem.


----------



## pixelphotograph (Apr 8, 2007)

Thats weird Crazy Browser uses the IE engine so you would think it would affect it as well.


----------



## 14yearpcmaker (Mar 11, 2007)

pixelphotograph said:


> Thats weird Crazy Browser uses the IE engine so you would think it would affect it as well.


I know, I thought the same thing...the only broswers that aren't infected are: opera, k-meleon,and krazy browser. I just DLed those, and they all wrok fine. I'm completely stumped on this one. :shrug: I guess I'll stick with crazy browser. Although, other suggestions as how to fix the IE and FF would be greatly appreciated.


----------



## 14yearpcmaker (Mar 11, 2007)

Okay, I just noticed something. Once click on a search result link and it starts taking me to the weird diffent search sites, this number(ip address?) is in VERY small print in the upper left corner of the page: 216.133.243.28/2 is this SOMETHING or just a number?


----------



## 14yearpcmaker (Mar 11, 2007)

Just did some Google searching on that 'number' and quite a few websites say it 'belongs' to this website: http://www.findology.com/index.html


----------



## 14yearpcmaker (Mar 11, 2007)

this is confusing, when searching on google, it says that that ip address belongs to so many spyware related webistes..... im completely lost....


----------



## 14yearpcmaker (Mar 11, 2007)

See, copy and paste this into your browser: http://216.133.243.28/2.php? (which is that ip address that keeps appearing all over now) and it takes you to http://www.findology.com/index.html


----------



## Nevada (Sep 9, 2004)

14yearpcmaker said:


> Just did some Google searching on that 'number' and quite a few websites say it 'belongs' to this website: http://www.findology.com/index.html


That's a standard feature of the Apache web server. You can have any number of domains associated with the same IP address. Shared IP hosting is the norm, not the exception.


----------



## 14yearpcmaker (Mar 11, 2007)

allright...it's starting to get worse.... zone alarm alerts me that things are trying to access my computer like every 3 seconds now....has the same ip address as the picture I posted in post #3. This is getting frustrating!!!


----------



## 14yearpcmaker (Mar 11, 2007)

Okay, I stayed up lastnight trying my best to remove the little culprit on my computer...I ran Hijack this, and found a bunch of things that just said 'search assistant' I removed all of those and the problem went away. But, I'm still lost!! Why wouldn't all of the updated virus scans and spyware scans pick this up, but Hijack this would??


----------



## Nevada (Sep 9, 2004)

14yearpcmaker said:


> Why wouldn't all of the updated virus scans and spyware scans pick this up, but Hijack this would??


It's probably new.


----------



## Kung (Jan 19, 2004)

14yearpcmaker said:


> Okay, I stayed up lastnight trying my best to remove the little culprit on my computer...I ran Hijack this, and found a bunch of things that just said 'search assistant' I removed all of those and the problem went away. But, I'm still lost!! Why wouldn't all of the updated virus scans and spyware scans pick this up, but Hijack this would??


That, and the fact that HiJack This looks for actual currently running processes and DLL's and such, whereas a lot of malware/spyware programs sometimes operate a bit differently.


----------

