Any Thoughts on This?

DVDR_Dog

Well-Known Member
Donator
Nov 5, 2018
240
OS
Windows 10
BR
Chrome 75.0.3770.142
Every time I do a cold start my firewall blocks

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malware
Domain: ddl7.data.hu
IP Address: 217.65.97.33
Port: [49709]
Type: Outbound
File: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Anyone have any idea what's making this call? The URL is a dead link according to some remote websites and a DNS lookup. Beats the heck out of me and no A/V malware program can flag the source.
I get it that it was one time used to download a payload but this site was neutralized long before I even loaded the O/S on this system so I am thinking it's a "little gift" that came along with something I installed but it's so old IE was the target. I'd like to get to the bottom of it because you know me by now.
-Thanks



(end)
 

Snuffy

Active Member
Dec 10, 2011
25
OS
Windows 10
BR
Firefox 68.0
URLhaus Database

You are currently viewing the URLhaus database entry for which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.
Database Entry



ID:211085
URL:
URL Status:Offline
Host:ddl7.data.hu
Date added:2019-06-22 06:52:09 UTC
Threat:
Malware download
Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@abuse_ch
Abuse complaint sent (?):
Yes (2019-06-22 06:54:02 UTC to abuse{at}telekom[dot]hu)
Takedown time:2 days, 22 hours, 55 minutes
Poor
 

DVDR_Dog

Well-Known Member
Donator
Nov 5, 2018
240
OS
Windows 10
BR
Chrome 76.0.3809.100
Yeah well I think I got it. What a pain in the butt. It was a powershell infection, the worst IMHO. I have very high confidence the source was "Tenorshare 4uKey". I am not going to mention names but you don't have to be real clever to see who the uploader was. Think this was this just a repack of someone else's work? If so and they were distributing it w/o a thorough check then well you fill in the blank here.
It wasn't the end of the world, but jeez!
All the goodies were in a the folder C:/users/<user name>/downloadimageldr. Exterminate that folder and all your troubles will be gone. Never hurts to follow up with Malwarebytes.
 

ThumperTM

La Patróna
Owner
Aug 18, 2010
11,777
New Zealand
OS
OS X
BR
Chrome 74.0.3729.169
Yeah well I think I got it. What a pain in the butt. It was a powershell infection, the worst IMHO. I have very high confidence the source was "Tenorshare 4uKey". I am not going to mention names but you don't have to be real clever to see who the uploader was. Think this was this just a repack of someone else's work? If so and they were distributing it w/o a thorough check then well you fill in the blank here.
It wasn't the end of the world, but jeez!
All the goodies were in a the folder C:/users/<user name>/downloadimageldr. Exterminate that folder and all your troubles will be gone. Never hurts to follow up with Malwarebytes.
Yup, malwarebytes must be run ;)
 
  • Like
Reactions: Snuffy