While in Chrome, I'm constantly receiving popups saying "We blocked an attack from System Infected: Trojan.Backdoor Activity 797". The details state it is a HIGH severity, and the Activity stats that "An intrusion attempt by Ahazko.com has blocked". This occurs every few minutes. The question I have is has anyone seen this before, and if so, is there anything I can do to stop this? Note that I know how to stop receiving the popups, but this just masks the issue? Appreciate any information you can provide on this!
Note that I'm running Windows 10 with the latest version of Norton 360, with the latest version of LiveUpdate installed
Malwarebytes offers free one-on-one malware removal assistance.
Malwarebytes staff & experts help all. Malwarebytes subscription is not required.
Malwarebytes Malware Removal Help will gather & analyze logs and run custom scripts & tools.
Note: were my machine
I'd ask Malwarebytes Malware Removal Help Forums to check my machine.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
06/11/24 04:16:09 PM,High,An intrusion attempt by ahazko.com was blocked.,Blocked,No Action Required,System Infected: Trojan.Backdoor Activity 797,No Action Required,No Action Required,"ahazko.com (194.67.193.206, 59619)",http://ahazko.com/blogs/skinny/bleat/index.php,"MY-HP-PAVILION (192.168.1.252, 60127)",ahazko.com (194.67.193.206),"TCP, Port 59619"
Network traffic from <b>http://ahazko.com/blogs/skinny/bleat/index.php</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\REGSVR32.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Website blocked due to trojan
Website Blocked: ahazko.com
v2.6.27 | Trojan: 2.0.202406271105
Malwarebytes Browser Guard blocked this page because it may contain malicious activity.
ahazko.com/blogs/skinny/bleat/index.php
Scan failed
Host not found
Site is not Blacklisted
Scan Failed
http://ahazko.com/blogs/skinny/bleat/index.php (More Details)
Unable to scan your site. Host not found
We can't resolve the domain ahazko.com
194.67.193.206 was not found in our database
ISP Dzardanov Artur Kazbekovich
Usage Type Data Center/Web Hosting/Transit
Domain Name ihor-hosting.ru
Country Russian Federation
City Digora, Severnaya Osetiya, Respublika
Hello @John Ben
Did you recently update/install any program / browser extension?
Did you recently allow browser push notification?
Do you run Chrome sync?
Did you ask for help over on Malwarebytes Forums?
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
John Ben:
File Attachment:
Squashier Issue 2024-06-24.zip
AMD64 Family 23 Model 1 Stepping 1 AuthenticAMD is a 16 thread processor configuration.
Ok, a recent Norton update looks to have fixed the issue I was having by removing the "Squashier.dll" file from my system (see attachment). Note however that I am now receiving many popups saying that the Squashier.dll file "failed to load" (see attachment). Yes, I'm happy to have this trojan virus removed and Norton popups stopped, but now I have this other annoying popup. Does anyone know how I can get this "failed to load" popup to stop?
Yes, I am still getting those popups. Note that I've tried Malwarebytes, Norton 360 (Full-Scan) and Power Eraser, running using Norton VPN, and I'm still getting them. I take it that Norton is blocking it, but I'd feel more comfortable if it could be totally removed (without having to reinstall the OS). Appreciate it if anyone could give me some guidance on what I could to to get this thing removed
BJM_ ... I'm not exactly sure what I'm suppose to do with the information you provided. Could you give some Help on what I need to do with it? Thanks in advance for your help!
John Ben:
While in Chrome, I'm constantly receiving popups saying "We blocked an attack from System Infected: Trojan.Backdoor Activity 797".
Browser-related remediation (especially concerning preference/configuration files) can be particularly troublesome given the safeguards built into the browsers, along with syncing mechanisms and other complications associated with Internet browsers. The issue you're experiencing is likely caused by the syncing mechanism associated with your Google account.
John Ben:
Note that I already ran Malwarebytes and it did not find anything.
Malwarebytes offers free one-on-one malware removal assistance.
Malwarebytes staff & experts help all. Malwarebytes subscription is not required.
Malwarebytes Malware Removal Help will gather & analyze logs and run custom scripts & tools.
Note: were my machine
I'd ask Malwarebytes Malware Removal Help Forums to check my machine.
Hello! Note that I already ran Malwarebytes and it did not find anything. I will checkout the other guides and forums to see if they might be able to help. Attached you will find a zip file containing snipits of the Norton Threat Block Alert, along with a copy of the Advanced Details for the alert. Let me know if you require any further information on this.
Thanks!
p.s. Just in case, below is a clipboard copy of the details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
06/11/24 04:16:09 PM,High,An intrusion attempt by ahazko.com was blocked.,Blocked,No Action Required,System Infected: Trojan.Backdoor Activity 797,No Action Required,No Action Required,"ahazko.com (194.67.193.206, 59619)",http://ahazko.com/blogs/skinny/bleat/index.php,"MY-HP-PAVILION (192.168.1.252, 60127)",ahazko.com (194.67.193.206),"TCP, Port 59619"
Network traffic from <b>http://ahazko.com/blogs/skinny/bleat/index.php</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\REGSVR32.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.
Malware Removal Help Forums dedicated to cleaning infected devices. Get personalized help removing adware, malware, spyware, ransomware, trojans, viruses and more from tech experts. Follow the instructions in the pinned topics first. All assistance here is used at your own risk and we take no responsibility should there be damage to the system in question.
