Any Thoughts on This?

[DVDR_Dog]

Every time I do a cold start my firewall blocks

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malware
Domain: ddl7.data.hu
IP Address: 217.65.97.33
Port: [49709]
Type: Outbound
File: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Anyone have any idea what's making this call? The URL is a dead link according to some remote websites and a DNS lookup. Beats the heck out of me and no A/V malware program can flag the source.
I get it that it was one time used to download a payload but this site was neutralized long before I even loaded the O/S on this system so I am thinking it's a "little gift" that came along with something I installed but it's so old IE was the target. I'd like to get to the bottom of it because you know me by now.
-Thanks



(end)

 

[Snuffy]

URLhaus Database

You are currently viewing the URLhaus database entry for

Data.hu | Fájl nem létezik

Az adott fájl nem létezik. Valószínűleg a tulajdonosa már törölte rendszerünkből, vagy a 2001. évi CVIII. törvény alapján, jogsértés miatt került eltávolításra.

ddl7.data.hu

which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.
Database Entry

ID:	211085
URL:	Data.hu | Fájl nem létezik Az adott fájl nem létezik. Valószínűleg a tulajdonosa már törölte rendszerünkből, vagy a 2001. évi CVIII. törvény alapján, jogsértés miatt került eltávolításra. ddl7.data.hu
URL Status:	Offline
Host:	ddl7.data.hu
Date added:	2019-06-22 06:52:09 UTC
Threat:	Malware download
Google Safe Browsing:	Clean
Spamhaus DBL:	Not listed
SURBL:	Not listed
Reporter:	@abuse_ch
Abuse complaint sent (?):	Yes (2019-06-22 06:54:02 UTC to abuse{at}telekom[dot]hu)
Takedown time:	2 days, 22 hours, 55 minutes

 

[Howcho]

no expert but I would give cc cleaner a try, Works for me most every time I have issues

 

[DVDR_Dog]

Yeah well I think I got it. What a pain in the butt. It was a powershell infection, the worst IMHO. I have very high confidence the source was "Tenorshare 4uKey". I am not going to mention names but you don't have to be real clever to see who the uploader was. Think this was this just a repack of someone else's work? If so and they were distributing it w/o a thorough check then well you fill in the blank here.
It wasn't the end of the world, but jeez!
All the goodies were in a the folder C:/users/<user name>/downloadimageldr. Exterminate that folder and all your troubles will be gone. Never hurts to follow up with Malwarebytes.

 

[ThumperTM]

Yeah well I think I got it. What a pain in the butt. It was a powershell infection, the worst IMHO. I have very high confidence the source was "Tenorshare 4uKey". I am not going to mention names but you don't have to be real clever to see who the uploader was. Think this was this just a repack of someone else's work? If so and they were distributing it w/o a thorough check then well you fill in the blank here.
It wasn't the end of the world, but jeez!
All the goodies were in a the folder C:/users/<user name>/downloadimageldr. Exterminate that folder and all your troubles will be gone. Never hurts to follow up with Malwarebytes.

Yup, malwarebytes must be run