Backdoor.Trojan Activity 2 - how to remove?

What Trojans I could find by this name (and their variations) are all Windows malware. Since the message is coming from the firewall, the most likely probability is that someone from outside is trying to get the Trojan onto your Mac and the firewall is blocking their attempts. Not that it would work even if they did.

Any AV or similar software, especially from Norton in the case of the Mac OS, are garbage. The only thing they excel at is slowing down the system, causing the OS to behave incorrectly, and report a lot of false positives. Really, you should just delete it and anything else you have related to security software.

If you feel you need to use something, OS X already has a commercial grade firewall built into the OS. It's in the System Preferences under the Security icon. Turn that on.

The only thing you need to remove is the antivirus software. OS X already includes antivirus software. All of the 3rd party antivirus programs for Macs cause more problems than any virus.

The message coming from the firewall indicates that the Trojan is on the computer and the program is blocking it going out.

Did you notice where I said Norton is the worst AV software for the Mac, and that it is known to produce many false positives? I wouldn't doubt for a moment that Norton itself is causing the problems, and is also itself blocking access to the lottery site.

There is no such backdoor Trojan that affects OS X. Windows only (one of two pages Norton has mentioning anything even close to this threat name, both Windows only). Uninstall the garbage that is Norton and use OS X's firewall. You should see an immediate improvement.

The only place on the entire web you will find any other reference to this "Trojan" is on Symantec's own forums where other Mac users, also using the utterly useless Norton software all think they have the same thing.

This is most likely a false positive. "Backdoor.Trojan Activity 2" is so generic as to be an entirely meaningless name, and is probably used to refer to inspecific activity that may or may not actually be malicious. When I Google for this, I see a number of reports of this, all linked to a variety of entirely legitimate sites.

I would advocate the same thing that has already been said: remove Norton. It's well-known for causing performance and stability problems, and it's only so-so at detecting Mac malware. Mac OS X does a better job out of the box than Norton does.

Next, to set your mind at ease, get a copy of ClamXav and scan your hard drive. It currently detects all known Mac malware. If it doesn't find anything, you probably aren't infected with anything.

Finally, if you're still worried about outgoing connections, install Little Snitch. Be forewarned, though... Little Snitch will expose you to a number of perfectly normal outgoing connections going on all the time that you're not aware of. This can easily lead to a descent into rampant paranoia if you let it, so just be ready to research all the processes making these connections and not freak out about it.

Florabelles wrote:

The message coming from the firewall indicates that the Trojan is on the computer and the program is blocking it going out.

Without knowing the name of the file that is trying to open outbound communications as well as the site it is attempting to contact, protocol and port being requested, it's impossible for us to give you a definitive answer as to whether it's malware, a false alarm or worst case some legitimate system process that would cripple your computer if deleted.

There is a reported false positive in this Symantec (Backdoor.Trojan Activity 2) signature, and will hopefully be addressed by Symantec soon. They are working to correct this.