Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 846
  • Last Modified:

Could not resolver test domain pop-up

One of my user's is getting this weird pop-up that says "Could not resolve test domain, please contact your administrator." I have attached a screenshot. Has anyone seen this before? I have a feeling that it is some type of virus or something, but have been running a lot of scans anbd am not finding anything.
CropperCapture-1-.Bmp
0
italo5696
Asked:
italo5696
  • 5
  • 4
1 Solution
 
Adam LeinssCommented:
Doubt it's a virus given the icon looks like a VBScript program.  Probably a VBS file in your startup folder.
Can you give us a Hijackthis log?
0
 
italo5696Author Commented:
i am trying to download hijackthis, but it keeps stalling. will continue to try and downloadit.
0
 
italo5696Author Commented:
it keeps timing out at 70% every time. Whether I try and download the file or run it. also, i did not see any unusual scripts in the start-up folder.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Adam LeinssCommented:
Try running Autoruns from http://live.sysinternals.com/
Then to a File>Export and post the TXT file
0
 
italo5696Author Commented:
here you go.
AutoRuns.txt
0
 
Adam LeinssCommented:
You have two VB scripts running:
\\nps.doi.net\netlogon\confickerreps\confickersnitcher.vbs
\\inpnewhmemsrv02\smsgpoclientinstall\clientinstall.vbs
Likely, one of these is causing the error.  Open them up with Notepad and search for the phrase: "test domain"
These are assigned using Group Policy, so if one of them is causing the error you need to talk with your admin staff.
Not related to your direct question, but looking at your log, I see you have both Symantec Antivirus loaded and Windows Defender.  Why?  Symantec does greyware detection.
 
0
 
Adam LeinssCommented:
This could be caling a VB script as well:
\\inppeterm-50606\rm_scripts\peterm_drives.bat
0
 
italo5696Author Commented:
that is a script that maps network drives. it is supposed to be there.
0
 
Adam LeinssCommented:
99.9% sure it is the ConfickerSnitcher VB Script:
ftp://disftp.state.ar.us/pub/NT/AntiVirus/ConfickerSnitcher/setup.conf
if dnsfailed = 1 then
MsgBox "Could not resolve test domain, please contact your administrator", 0 + 16, "WARNING"
End If
 
 
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now