Solved

Could not resolver test domain pop-up

Posted on 2009-04-06
9
829 Views
Last Modified: 2013-11-22
One of my user's is getting this weird pop-up that says "Could not resolve test domain, please contact your administrator." I have attached a screenshot. Has anyone seen this before? I have a feeling that it is some type of virus or something, but have been running a lot of scans anbd am not finding anything.
CropperCapture-1-.Bmp
0
Comment
Question by:italo5696
  • 5
  • 4
9 Comments
 
LVL 22

Expert Comment

by:Adam Leinss
Comment Utility
Doubt it's a virus given the icon looks like a VBScript program.  Probably a VBS file in your startup folder.
Can you give us a Hijackthis log?
0
 

Author Comment

by:italo5696
Comment Utility
i am trying to download hijackthis, but it keeps stalling. will continue to try and downloadit.
0
 

Author Comment

by:italo5696
Comment Utility
it keeps timing out at 70% every time. Whether I try and download the file or run it. also, i did not see any unusual scripts in the start-up folder.
0
 
LVL 22

Expert Comment

by:Adam Leinss
Comment Utility
Try running Autoruns from http://live.sysinternals.com/
Then to a File>Export and post the TXT file
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:italo5696
Comment Utility
here you go.
AutoRuns.txt
0
 
LVL 22

Expert Comment

by:Adam Leinss
Comment Utility
You have two VB scripts running:
\\nps.doi.net\netlogon\confickerreps\confickersnitcher.vbs
\\inpnewhmemsrv02\smsgpoclientinstall\clientinstall.vbs
Likely, one of these is causing the error.  Open them up with Notepad and search for the phrase: "test domain"
These are assigned using Group Policy, so if one of them is causing the error you need to talk with your admin staff.
Not related to your direct question, but looking at your log, I see you have both Symantec Antivirus loaded and Windows Defender.  Why?  Symantec does greyware detection.
 
0
 
LVL 22

Expert Comment

by:Adam Leinss
Comment Utility
This could be caling a VB script as well:
\\inppeterm-50606\rm_scripts\peterm_drives.bat
0
 

Author Comment

by:italo5696
Comment Utility
that is a script that maps network drives. it is supposed to be there.
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 500 total points
Comment Utility
99.9% sure it is the ConfickerSnitcher VB Script:
ftp://disftp.state.ar.us/pub/NT/AntiVirus/ConfickerSnitcher/setup.conf
if dnsfailed = 1 then
MsgBox "Could not resolve test domain, please contact your administrator", 0 + 16, "WARNING"
End If
 
 
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now