From today I am getting Popups saying URL blocked by Avast. The process is svchost.exe
The URL is to the domain http://referently.club

The exact full URL is:
http://referently.club:8080/?tr=tNVOV1rk5ydiaEu13_PF8B--aW5ilgWxnFISE1x5BQyC3aqNhxyAt9gQd9BhNjLHX4z27xeBnN1kwL9BcYJEyDp7O3x5VF2s-hWBoSDQmQbAU-X_8esQE2A4olPcC_KEOuex7OlkUryd5ilUOsBlTPQxuzG5KkG2vKGuAlfaveTN0TwkDbkzm4jzf6QFC84j8TxV99zTXCnSuXnp7OVoqg0sdzVR1W0cU3r

Now I have tried to look for some process piggy banking on svchost.exe but not found any suspicious program or service. Boot time scan is clean. Malwarebytes scan is clean. Nothing suspicious at autorun or services list.

I disabled Avast for a few seconds and pasted this URL in browser which downloads a file named file.dat which Avast detects as generic malware. Virustotal analysis:
https://www.virustotal.com/gui/file/87cc748c326a03e6bbacbe486409d2964113fb33a410692b30465207bee8baba/detection

Google doesn’t throw up any similar domain.

Will be glad to know where to look to eliminate what I suspect is well hidden trojan downloader.

Start a topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0

OK Doing that shortly thanks.