Please Sign In with Norton Account to Ask a Question or comment in the Community
I constantly get a message that this threat has been blocked: Trojan Backdoor Activity 690
I've used the power eraser, but nothing has changed. (A screenshot of the alert is included.) Additionally, I ran a full system scan and did not find anything.
What can I do to resolve this problem? Is there an other software I should be utilizing to resolve this problem?
I'm running Windows 10.
Posted: 25-Aug-2022 | 6:22AM · Edited: 25-Aug-2022 | 6:38AM · Permalink
Hi Derin manoj:
What is your default browser, and can you tell by the time stamp of these logged alerts if this block occurs when your browser is open and/or if you visit a specific web site?
I’d suggest running a second-opinion scan with Malwarebytes Free for Windows v4.x (https://www.malwarebytes.com/mwb-download since you have Win 7 SP1 or higher; users with Win XP and Vista should go to https://downloads.malwarebytes.com/file/mb3_legacy to download the legacy Malwarebytes v3.5.1 for these older operating systems) to see if this scanner can find malware or a PUP (potentially unwanted program like adware, unwanted browser toolbars, etc.) or PUM (potentially unwanted registry modification) that might have been missed by your Norton antivirus. See Malwarebytes' full PUP criteria <here>.
If you haven’t used Malwarebytes before I generally recommend that users deactivate the 14-trial trial of the Premium features after installation at Settings (gear icon) | Account | Deactivate (see Deactivate Premium Trial in Malwarebytes for Windows) and just use Malwarebytes Free as a second-opinion on-demand scanner. I also have Malwarebytes configured to warn me before it removes any PUPs or PUMs at Settings (gear icon) | Security | Potentially Unwanted Items so I have a chance to review any lower-risk threats like browser toolbars, etc. that might be detected by Malwarebytes that I actually want to keep.
Click the blue Scan button in the main interface to run a standard Threat Scan, the recommended scan method that searches the most common system locations for higher-risk malware as well as lower-risk PUPs and PUMs.
NOTE: Please see my comments <here> about the Norton Power Eraser (NPE). The NPE is a very aggressive scanner and there is a warning on the NPE home page at https://us.norton.com/support/tools/npe.html that states in part "Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal..."
--------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v104.0.0 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.13.208-1.0.1740 * Macrium Reflect Free v8.0.6867
Posted: 25-Aug-2022 | 9:59PM · Permalink
I also have this problem. I have done all suggested without result. My internet connection is being hammered and reported by Norton as "an Intrusion Attempt" being blocked but nothing is done. I have VPN activated so I am puzzled as to how outside intrusion is seeing me.
Intrusion does not commence of course until internet connection is made.
I presume there is still something somewhere on my PC that is outbound on connection
Any more suggestions on action???????
Posted: 26-Aug-2022 | 6:00AM · Edited: 26-Aug-2022 | 6:02AM · Permalink
Hi Derin manoj / Terval D:
The Symantec / Broadcom description for System Infected: Trojan.Backdoor Activity 690 is very generic and provides few details. This is just a guess on my part, but these Trojan.Backdoor Activity detections sometimes occur when you have unknowingly been infected with a cryptocurrency miner. I know that Norton Crypto supports Ethereum crypto mining but Norton should not be detecting it's own Ethereum crypto miner as a backdoor trojan unless something has gone wrong with their heuristic (behaviour-based) detection system. If you have Norton Crypto turned on just turn it off and see if that stops the "System Infected: Trojan.Backdoor Activity 690" blocks.
If you believe you have malware on your system that both Norton and Malwarebytes can't detect I would recommend you post in the Malwarebytes' Windows Malware Removal Help & Support board and ask one of their trained malware removal specialists to check your system. See the posting guidelines pinned <here> that include instructions on how to collect and attach a Farbar Recovery Scan Tool (FRST) diagnostic logs to your initial post. You should only post in this forum if you have installed Malwarebytes and can provide a scan log to show that Malwarebytes was unable to detect and remove the "System Infected: Trojan.Backdoor Activity 690" threat.
There are other sites like BleepingComputer's Virus, Trojan, Spyware, and Malware Removal Help board that offer a free malware removal service from a trained specialist (see their posting guidelines pinned <here> for collecting FRST diagnostic logs). Just note that if you decide to use one of these malware removal sites post in ONE SITE ONLY and follow all instructions until the malware removal specialist assigned to assist you confirms your system is free of malware. If they learn that you are cross-posting in multiple malware removal sites about the same problem your topic may be closed before they have finished diagnosing and cleaning your system.
I have used the Malwarebytes and BleepingComputer malware removals site on different occasions and service on both sites was excellent. In my experience the turnaround time to have your FRST diagnostic logs analyzed by a malware removal specialist is usually a bit faster on the Malwarebytes site so I usually post there.
--------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v104.0.0 * Microsoft Defender v4.18.2205.7-1.1.19500.2 * Malwarebytes Premium v4.5.14.210-1.0.1751 * Macrium Reflect Free v8.0.6867
Posted: 26-Aug-2022 | 6:38AM · Edited: 26-Aug-2022 | 6:42AM · Permalink
I should also mention that you might find some useful information if you enter the domain name or IP address of the site Norton is blocking on the Whois Domain Lookup site at https://www.whois.com/whois/. The blocks in your Norton histories show a variety of IP addresses but I looked up a few, and the Whois report for 192.64.119.130 is at https://www.whois.com/whois/192.64.119.130 while the Whois report for 154.53.51.77 is at https://www.whois.com/whois/154.53.51.77.
Unfortunately, Whois.com likely won't provide much useful information if those domains are hosting web sites for multiple users and one of them is an attacker who has created their own malicious website on a subdomain.
Posted: 07-Sep-2022 | 8:18AM · Edited: 07-Sep-2022 | 8:19AM · Permalink
I was indeed infected by this backdoor trojan... Norton indeed identified it as a powershell.exe and gives its full address in the description but it said it was located in DEVICES/HARDDISK3/SYSTEM/ etc. etc. and ended with powershell.exe. The problem is I have no HARDDISK 3 or any devices attached to my computer so it was obviously well embeded and hidden in my system somewhere and Norton was unable to remove it. Kaspersky Virus Removal Tool did the trick. It identified the trojan as you can see by the screencapture as a powershell.exe as did Norton. Let it do its magic and finally got rid of this little bastard. Will update if it comes back and will be paying attention to what if any app or program I use when notifications begin just in case but everything appears solved as of now. I was afraid of having to reformat completely the computer before it was completely hacked and locked which was my biggest fear. Will update to let you guys now if it came back or not.
Posted: 07-Sep-2022 | 8:49AM · Permalink
MariaIsabelJuarez Gomez:I was indeed infected by this backdoor trojan... Kaspersky Virus Removal Tool did the trick...
Hi MariaIsabelJuarez Gomez:
Thanks for the feedback. Just to clarify, did you use the free Kaspersky Virus Removal Tool 2020 (currently v20.0.6.0) that is available on Kaspersky's Free Recovery Tools page at https://support.kaspersky.com/utility?
--------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v104.0.2 * Microsoft Defender v4.18.2207.7-1.1.19500.2 * Malwarebytes Premium v4.5.14.210-1.0.1751 * Macrium Reflect Free v8.0.6867
Posted: 07-Sep-2022 | 2:04PM · Edited: 07-Sep-2022 | 2:04PM · Permalink
HI! No... The version is 20.0.10.0 and still the computer is working wonderfully... Windows 10 x64. Downloaded from Kaspersky site directly.
There are currently 6 users online.
Re: System Infected: Trojan Backdoor Activity 690
Posted: 07-Sep-2022 | 8:18AM · Edited: 07-Sep-2022 | 8:19AM · Permalink
I was indeed infected by this backdoor trojan... Norton indeed identified it as a powershell.exe and gives its full address in the description but it said it was located in DEVICES/HARDDISK3/SYSTEM/ etc. etc. and ended with powershell.exe. The problem is I have no HARDDISK 3 or any devices attached to my computer so it was obviously well embeded and hidden in my system somewhere and Norton was unable to remove it. Kaspersky Virus Removal Tool did the trick. It identified the trojan as you can see by the screencapture as a powershell.exe as did Norton. Let it do its magic and finally got rid of this little bastard. Will update if it comes back and will be paying attention to what if any app or program I use when notifications begin just in case but everything appears solved as of now. I was afraid of having to reformat completely the computer before it was completely hacked and locked which was my biggest fear. Will update to let you guys now if it came back or not.