Could not resolver test domain pop-up

One of my user's is getting this weird pop-up that says "Could not resolve test domain, please contact your administrator." I have attached a screenshot. Has anyone seen this before? I have a feeling that it is some type of virus or something, but have been running a lot of scans anbd am not finding anything.
CropperCapture-1-.Bmp
italo5696Asked:
Who is Participating?
 
Adam LeinssConnect With a Mentor Senior Desktop EngineerCommented:
99.9% sure it is the ConfickerSnitcher VB Script:
ftp://disftp.state.ar.us/pub/NT/AntiVirus/ConfickerSnitcher/setup.conf
if dnsfailed = 1 then
MsgBox "Could not resolve test domain, please contact your administrator", 0 + 16, "WARNING"
End If
 
 
0
 
Adam LeinssSenior Desktop EngineerCommented:
Doubt it's a virus given the icon looks like a VBScript program.  Probably a VBS file in your startup folder.
Can you give us a Hijackthis log?
0
 
italo5696Author Commented:
i am trying to download hijackthis, but it keeps stalling. will continue to try and downloadit.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
italo5696Author Commented:
it keeps timing out at 70% every time. Whether I try and download the file or run it. also, i did not see any unusual scripts in the start-up folder.
0
 
Adam LeinssSenior Desktop EngineerCommented:
Try running Autoruns from http://live.sysinternals.com/
Then to a File>Export and post the TXT file
0
 
italo5696Author Commented:
here you go.
AutoRuns.txt
0
 
Adam LeinssSenior Desktop EngineerCommented:
You have two VB scripts running:
\\nps.doi.net\netlogon\confickerreps\confickersnitcher.vbs
\\inpnewhmemsrv02\smsgpoclientinstall\clientinstall.vbs
Likely, one of these is causing the error.  Open them up with Notepad and search for the phrase: "test domain"
These are assigned using Group Policy, so if one of them is causing the error you need to talk with your admin staff.
Not related to your direct question, but looking at your log, I see you have both Symantec Antivirus loaded and Windows Defender.  Why?  Symantec does greyware detection.
 
0
 
Adam LeinssSenior Desktop EngineerCommented:
This could be caling a VB script as well:
\\inppeterm-50606\rm_scripts\peterm_drives.bat
0
 
italo5696Author Commented:
that is a script that maps network drives. it is supposed to be there.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.