What's new

Any Thoughts on This?

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
929
528
OS
Windows 10
BR
Chrome 75.0.3770.142
Every time I do a cold start my firewall blocks

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malware
Domain: ddl7.data.hu
IP Address: 217.65.97.33
Port: [49709]
Type: Outbound
File: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Anyone have any idea what's making this call? The URL is a dead link according to some remote websites and a DNS lookup. Beats the heck out of me and no A/V malware program can flag the source.
I get it that it was one time used to download a payload but this site was neutralized long before I even loaded the O/S on this system so I am thinking it's a "little gift" that came along with something I installed but it's so old IE was the target. I'd like to get to the bottom of it because you know me by now.
-Thanks



(end)
 

Snuffy

Well-Known Member
Dec 10, 2011
68
20
OS
Windows 10
BR
Firefox 68.0
URLhaus Database

You are currently viewing the URLhaus database entry for which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.
Database Entry



ID:211085
URL:
URL Status:Offline
Host:ddl7.data.hu
Date added:2019-06-22 06:52:09 UTC
Threat:
Malware download
Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@abuse_ch
Abuse complaint sent (?):
Yes (2019-06-22 06:54:02 UTC to abuse{at}telekom[dot]hu)
Takedown time:2 days, 22 hours, 55 minutes
Poor
 

Howcho

Member
Aug 8, 2019
6
0
OS
Windows 10
BR
Chrome 76.0.3809.100
no expert but I would give cc cleaner a try, Works for me most every time I have issues
 

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
929
528
OS
Windows 10
BR
Chrome 76.0.3809.100
Yeah well I think I got it. What a pain in the butt. It was a powershell infection, the worst IMHO. I have very high confidence the source was "Tenorshare 4uKey". I am not going to mention names but you don't have to be real clever to see who the uploader was. Think this was this just a repack of someone else's work? If so and they were distributing it w/o a thorough check then well you fill in the blank here.
It wasn't the end of the world, but jeez!
All the goodies were in a the folder C:/users/<user name>/downloadimageldr. Exterminate that folder and all your troubles will be gone. Never hurts to follow up with Malwarebytes.
 

ThumperTM

La Patróna
Owner
Aug 18, 2010
12,471
8,906
OS
OS X
BR
Chrome 74.0.3729.169
Yeah well I think I got it. What a pain in the butt. It was a powershell infection, the worst IMHO. I have very high confidence the source was "Tenorshare 4uKey". I am not going to mention names but you don't have to be real clever to see who the uploader was. Think this was this just a repack of someone else's work? If so and they were distributing it w/o a thorough check then well you fill in the blank here.
It wasn't the end of the world, but jeez!
All the goodies were in a the folder C:/users/<user name>/downloadimageldr. Exterminate that folder and all your troubles will be gone. Never hurts to follow up with Malwarebytes.
Yup, malwarebytes must be run ;)
 

Online statistics

Members online
1
Guests online
90
Total visitors
91
Top