Get answers from your peers along with millions of IT pros who visit Spiceworks.
Join Now

So this happened yesterday and is still happening now, When I went on my PC I was gonna open chrome and then this black thing that looked like the Command Prompt popped up, and the name of it was C:\Windows\System32\nslookup.exe and I checked there and there was nothing called nslookup.exe, and its getting pretty annoying, and I really just wanna fix this, its not some type after logon it pops up and doesent pop up anymore, im talking about every minute or half a minute, and while im typing this it keeps on popping up, can anyone help? also nothing called nslookup is download/in my PC, and when I go to cmd and search nslookup, it says "'nslookup' is not recognized as an internal or external command,
operable program or batch file." If you can help, please tell me and thank you


Spiceworks Help Desk

The help desk software for IT. Free.

Track users' IT needs, easily, and with only the features you need.

5 Replies

· · ·
G.I. Jones
Anaheim
OP
G.I. Jones This person is a Verified Professional
This person is a verified professional.
Verify your account to enable IT peers to see that you are a professional.

nslookup.exe is expected to be on Windows, as it's used as a command line tool for DNS queries.

Can you expand on your environment? Is this a domain-joined computer, or are you in a workgroup at home?

nslookup is located in C:\Windows\System32\ directory by default. Navigate to it, and right-click it to check it's Properties>Details tab. What does the Details tab list?

Does Task Scheduler have this listed as a schedule task?

0
· · ·
RickIsGreat
Jalapeno
OP
RickIsGreat This person is a Verified Professional
This person is a verified professional.
Verify your account to enable IT peers to see that you are a professional.

NSlookup is a system utility for finding IP address by host name and vice versa.

I would be concerned as to why your system is trying to query host names or ip addresses spontaneously.

one of the first things after a breach is recon of the network.

make sure nothing funky is running in task manager, no "strange" users have sessions open and run full malware scans

Maybe I'm just paranoid, but it's always best to err on the side of caution.

1
· · ·
Laird Spicehead
Cayenne
OP
Laird Spicehead This person is a Verified Professional
This person is a verified professional.
Verify your account to enable IT peers to see that you are a professional.

I'd be pretty worried if that was happening to me.

Take the machine off the network and run some decent malware / AV scans.

0
· · ·
ken525
Serrano
OP
ken525 This person is a Verified Professional
This person is a verified professional.
Verify your account to enable IT peers to see that you are a professional.

Sounds like this issue from Bleeping Computer - https://www.bleepingcomputer.com/forums/t/617663/nslookupexe-popups-at-startup-and-proxy-reset-to-%C...

If you are working for a company either in a facility or on their VPN I would disconnect from all systems immediately and contact helpdesk via telephone or have a coworker enter a ticket on your behalf.  They should escalate to the security team if you have one.

If it is your personal computer, then agree with Laird Spicehead

Follow Bleeping computer fix and do one of the following.

I would highly advise using an offline scanner or rescue disk scanner that boots to known good kernel then runs scan so it can detect rootkits, etc.

1
· · ·
EminentX
Datil
OP
EminentX This person is a Verified Professional
This person is a verified professional.
Verify your account to enable IT peers to see that you are a professional.

I would second offline scanning. Some malicious processes won't allow AV to be scanned. Therefore, Scanning for malware before OS loading is a best practice. Nevertheless, none of the AVs are not complete literally.

0
Oops, something's wrong below.