Could not resolver test domain pop-up

One of my user's is getting this weird pop-up that says "Could not resolve test domain, please contact your administrator." I have attached a screenshot. Has anyone seen this before? I have a feeling that it is some type of virus or something, but have been running a lot of scans anbd am not finding anything.
CropperCapture-1-.Bmp
italo5696Asked:
Who is Participating?
 
Adam LeinssServer SpecialistCommented:
99.9% sure it is the ConfickerSnitcher VB Script:
ftp://disftp.state.ar.us/pub/NT/AntiVirus/ConfickerSnitcher/setup.conf
if dnsfailed = 1 then
MsgBox "Could not resolve test domain, please contact your administrator", 0 + 16, "WARNING"
End If
 
 
0
 
Adam LeinssServer SpecialistCommented:
Doubt it's a virus given the icon looks like a VBScript program.  Probably a VBS file in your startup folder.
Can you give us a Hijackthis log?
0
 
italo5696Author Commented:
i am trying to download hijackthis, but it keeps stalling. will continue to try and downloadit.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
italo5696Author Commented:
it keeps timing out at 70% every time. Whether I try and download the file or run it. also, i did not see any unusual scripts in the start-up folder.
0
 
Adam LeinssServer SpecialistCommented:
Try running Autoruns from http://live.sysinternals.com/
Then to a File>Export and post the TXT file
0
 
italo5696Author Commented:
here you go.
AutoRuns.txt
0
 
Adam LeinssServer SpecialistCommented:
You have two VB scripts running:
\\nps.doi.net\netlogon\confickerreps\confickersnitcher.vbs
\\inpnewhmemsrv02\smsgpoclientinstall\clientinstall.vbs
Likely, one of these is causing the error.  Open them up with Notepad and search for the phrase: "test domain"
These are assigned using Group Policy, so if one of them is causing the error you need to talk with your admin staff.
Not related to your direct question, but looking at your log, I see you have both Symantec Antivirus loaded and Windows Defender.  Why?  Symantec does greyware detection.
 
0
 
Adam LeinssServer SpecialistCommented:
This could be caling a VB script as well:
\\inppeterm-50606\rm_scripts\peterm_drives.bat
0
 
italo5696Author Commented:
that is a script that maps network drives. it is supposed to be there.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.