virus logo Virus

JS/Agent.E!tr

description-logoAnalysis

  • It drops the following files:
    • file.exe
    • update.exe
  • When visiting malicious websites containing this encrypted script, it may try to access malicious URLs:
    • One example is http://r52host.[blocked]/stat/2.png, where the malicious EXE files mentioned above may be secretly downloaded from

    recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
      FortiClient Systems
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR

    Version Updates

    Date Version Detail
    2019-09-10 71.50800 Sig Updated
    2019-07-30 70.35800 Sig Updated
    2019-06-11 69.17600 Sig Updated
    2019-05-01 68.21300 Sig Added
    ID 102917
    Released Feb 23, 2006
    Description
    Updated    		 Mar 04, 2008
    Aliases JS/Agent.E-tr(fortinet), JS/Downloader-AUD trojan (McAfee), Mal/ObfJS-A(Sophos), JS_PSYME.ANT (Trend)
    Platform Profile Java Script