Additional Info

Share

JS/Downloader.Agent

JS/Downloader.Agent is a detection for JavaScript files that may have malicious intent to download and execute additional malware onto the computer. When it enters the computer, JS/Downloader.Agent will inject itself on Internet Explorer that may lead to web browser redirection. This Trojan also reduces overall system performance of the PC when running its own processes. Other activity includes excessive pop-up advertisement and constant communication to remote IP address. JS/Downloader.Agent is similarly utilized to spread rogue security software. In these cases, the Trojan will disguise as legitimate software update.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
When executed, JS/Downloader.Agent will inject harmful code on certain running processes. This gives the Trojan to run on itself when the infected process starts. It works its way to communicate to a distant host to download additional threats. JS/Downloader.Agent will also attempt to update configuration files and performs malicious activities on the infected computer.

  • Steal sensitive information like computer name and password
  • Gather FTP credentials including address, user name, and password
  • Access web files through FTP accounts of the infected computer user
  • Inject malicious code into header of .PHP, .HTML, .HTM and other web file formats that may result the whole web site to be compromised.

When user visits infected web sites, the injected script will trigger certain harmful actions including the following.

  • Drop malware on visitor’s computer
  • Download and install rogue security software
  • Redirect search result to predefined web sites
  • Display pop-up alerts and advertisements
  • Disable security applications including anti-virus and firewall

Distribution
This Trojan will spread through the Internet in a variety of ways. Because the Trojan has so many variants, each type has its own usual way of distribution process. Infected web sites are the main channel to propagate JS/Downloader.Agent. Others are sent as an attached file to spam email messages or link contained within a message of instant messenger programs.

How to Remove JS/Downloader.Agent

You will find below a simple removal guide to delete JS/Downloader.Agent virus from an infected computer. Please follow the steps carefully.

Clearing Java Cache

It is identified that JS/Downloader.Agent is associated to malicious Java Script file, so it is important that you clear the Java Plug-in cache.

1. Click on Start > Control Panel.
2. Click on Programs.
3. Click on Java icon. The Java Control Panel will appear.

Java Control Panel Icon

4. On General tab, please click on Settings under Temporary Internet Files area.

Java Settings

5. You will now see Temporary Files Settings.
6. Click on Delete Files.
7. It will prompt for types of files you want to delete. Check both Applications and Applets and Trace and Log Files. Then, click on OK.

Delete Java Files

8. You may now exit the Java Control Panel.

Note: This procedure will delete all Java downloaded applications and Applets from your cache. To delete specific types of applications and applets, instead of Settings (Step 4), choose View. It will open a Java Cache Viewer window where you can delete individual entries.

View Java Applications

JS/Downloader.Agent Removal Tool

1. Download Malwarebytes’ Anti-Malware. Save the file on your Desktop or any desired location as long as it is accessible to you.

2. When download completes, double-click on the file to install the program.

3. Follow the prompts and install the program using the “default” settings.

4. Update the program when installation completes.

5. Click on Finish. The program will run automatically. Once it prompts for update, please proceed before running a virus scan. This update is necessary in having the latest database to detect and remove JS/Downloader.Agent.

6. Scan your computer totally. Make sure that it inspects all files, folders and registry entries for possible infection.

7. When the scan is finished, click on Show Results.

8. Make sure that all detected threats are marked with check. Please click on Remove Selected.

9. After removing all items associated with JS/Downloader.Agent, it will prompt you to restart the computer. Click Yes. This will reboot the system in order to complete the cleaning process.

10. When computer starts, open the tool once more. Go to the tab with label Quarantine. Click on Delete All to remove all malicious items in your PC.

Note: Virus action may prevent you from downloading the recommended tool. If this happens, please download the program from a different computer. Rename it before running on infected system.

Alternative Removal Method for JS/Downloader.Agent

Option 1 : Use Windows System Restore to return Windows to previous state

If JS/Downloader.Agent enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before JS/Downloader.Agent infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

59 Comments

  1. precisesecurity
    Oct 06, 2007 @ 09:49:48

    1. Please use SmitfraudFix to remove this threat.

  2. Sharon
    Oct 08, 2007 @ 22:50:44

    I used this removal tool and it worked. All the threats are gone. I do have a question for you though. AVG showed changed DLL files before it found the actual threats. It is now listing them again. Is this because they have been changed back to the originals or is there still some work that I have to do? Thanks for the great fix tool!

    Sharon

  3. Denver
    Oct 09, 2007 @ 10:43:46

    Sharon, it would be great if you would elaborate more on your questions. If your AVG is having errors it advised to reinstall it and don’t forget to always update it.

  4. Kenny
    Oct 10, 2007 @ 04:50:17

    It did not work for me. My company had 40 computers that get this virus. AVG showed “virus found JS/downloader.agent” and we choose “move to vault”. I had tried to scan my computer by Norton, Trend Micro, Kaspersky, McAfee,
    Bit Defender, Spybot S&D, Spyware Doctor, AVG Anti-Spyware, Ccleaner, SmitFraudFix, and many other tools but still can’t remove this virus. This virus seems to spread from the network and can’t identify the root.
    Please help!

  5. precisesecurity
    Oct 11, 2007 @ 01:23:41

    It is harder to remove a virus particularly if it is capable of spreading over the network. It may be difficult but I guess you have to scan each computer while disconnected from the network.

    One more special tool to use is TrendMicro’s Sysclean.
    http://www.precisesecurity.com/tools-resources/threat-removal-procedure/trendmicro-sysclean/

  6. Kenny
    Oct 11, 2007 @ 02:42:37

    Thanks for your help! As I found that while the infected computer was switched off, the threat alert was gone. So I expected the infected computer will spread the script (flash.958167.com/main.js)to those computers accessing Internet only.
    I am tried to isolate the infected computer and scan again.

  7. Sue
    Oct 14, 2007 @ 16:45:35

    Thanks, thanks and more thanks! SmitfraudFix was very easy to install and the instructions were very easy to follow. After rebooting and AVG Free running again: NO Viruses! I’ll now search for where I can make a small donation to help defray costs.

  8. Sue
    Oct 14, 2007 @ 16:58:23

    Hi — I found the link to donate, BUT, it kept putting my US dollar amount as EUR pounds. Since I didn’t want Eur amount on my credit card I cancelled. Is there a way to donate in US dollars using a credit card? Thanks

  9. precisesecurity
    Oct 15, 2007 @ 10:12:49

    Sue, I’m sorry I cannot answer your question. This is not my tool and I have no direct connection with the author SiRi. Kindly visit his site and contact him.
    siri.geekstogo.com/SmitfraudFix.php

  10. BoFoSho
    Nov 13, 2007 @ 14:03:05

    Thanks, this program is a life saver I was on my room mates laptop and all the sudden it just popped up when I tried to download a codex. I spent 3 hours trying to fix it before finding this, 15 min later it’s gone. expect a great donation from me.

  11. Karen
    Nov 15, 2007 @ 23:48:58

    I used the Trend Micro SysClean to solve my problem with the JS Downloader.Agent virus and it worked great! No more virus. Thanks so much for the link for it.

  12. Heather
    Nov 27, 2007 @ 14:22:45

    I too have the virus, when I try to click on the link for the download it brings me to a page DNS.org… It does this whenever I try to click on any links. Could it be part of the virus. I have tried typing the link directly into the address bar, to no avail. Help! I’m ready to throw my computer out the window!

  13. Sc
    Nov 27, 2007 @ 19:09:57

    Hi. While I was using the Yahoo Messenger, some link pop-up and started spreading through my computer with the other person. I scanned and found out this virus but the problem is I am not able to heal the virus with the help of AVG.
    Does this virus affect the Internet connection by any chance?
    Kindly help ASAP.
    Thank you.

  14. Don
    Dec 08, 2007 @ 12:06:21

    I used Trend Micro’s house call to check and clean my system that had been acting funny for a good week anyway. I use AVG anti-virus and it never picked up the virus j/s download agent. I went through the procedure on Trend Micro to remove the virus but my AVG program picked it. Back up 2 days later so i don’t think Trend Micro got rid of it.

  15. David
    Dec 13, 2007 @ 00:02:06

    Last week AVG detected JS downloader agent but was unable to remove it. Thankfully the laptop remained working allowing me to find this helpful information. I downloaded Smitfraudfix from the link at the beginning of this thread. Then followed the procedure exactly… i.e. boot up in safe mode. And it completely eliminated the threat.

    Thank you for the help.
    David

  16. Michael
    Jan 22, 2008 @ 14:30:13

    I got this virus a few weeks ago but although AVG said there had been a healing error it moved the virus to the vault which I then cleared. I also cleaned the disc of temp Internet files etc and the virus appears to have gone. Two days ago while on the net an AVG pop-up warned that the virus was present at that site I immediately shut the Internet down cleaned off temp folders again and emptied the vault where AVG had put the virus. Scans since have not detected any presence.

  17. sandeep
    Jan 28, 2008 @ 07:49:18

    I will use it as i am also facing same problem.

  18. kwatra
    Jan 30, 2008 @ 13:02:52

    I have repeatedly tried to remove JS downloader.agent virus with the help of Smitfraudfix. While, It has helped in removing and cleaning the virus from the computer, but the moment I log on to Internet, again the virus threat messages come. They are content.ie5wdafk5m3\ads(1)js, ads(2)js, w8w9csu\ads(1)js. Please advise and help in removing repetitive onslaught of virus threat.

  19. kam
    Feb 01, 2008 @ 02:51:38

    Try these steps:

    1) Uninstall everything (including antivirus software) from your PC only keep your client software which is used to connect to the Internet.
    2) Download and install AVG spyware doctor and get latest update installed. Don’t perform any scan now.
    3) Go to safe mode.
    4) Open administrator account.
    5) Then do a final full system scan using AVG spyware doctor in safe mode.
    6) If this Trojan is present it will be shown as Trojan downloader.small.js
    7) As recommended action set delete on reboot. Reboot your computer
    8) You have done it.

    note: in these steps we have assumed that there is only one Trojan is present on machine that is JS/downloader.agent

  20. kam
    Feb 01, 2008 @ 02:57:36

    If you want to try other scanner please scan after uninstalling other software form your PC otherwise it will come again. This Trojan have embedded code in it, through which it have the ability to attach itself with other software files and hide with them so in order to completely remove it, first uninstall every other software including antivirus software before scanning

  21. Nick
    Feb 16, 2008 @ 13:50:38

    I believe if AVG finds this virus it’s a “false positive.” It happened a few times before, I never heal it, and the virus is gone. Also, it detected a Trojan from a World of Warcraft file, and it was confirmed that it was a false positive.

  22. eddy
    Feb 16, 2008 @ 15:24:18

    I’m using AVG and it has a couple of viruses in its virus bank.I’m not sure if I’m supposed to leave it alone or delete the files. I’m having trouble with my computer shutting off randomly and I’m not sure if the virus can cause it or its in the virus bank.

  23. Rob
    Feb 29, 2008 @ 02:23:55

    I used SmitFraudFix and followed all the instructions, but when I checked my AVG program following the scan, it says that the virus is still in the vault. Do I have to remove it from the vault so that SmitFraudFix can remove it? Or is it removed, but still showing up in AVG for some reason?

  24. GigB
    Feb 29, 2008 @ 02:44:42

    I’m running Vista and AVG detected this virus on my machine. SmitFraudFix says it works with XP and Windows 2000, does anyone know if it works with Vista?

  25. precisesecurity
    Feb 29, 2008 @ 08:23:11

    Rob, You have to empty the vault first.

    GigB, SmitFraudFix does not have a version for Vista.

  26. Kevin
    Mar 02, 2008 @ 00:09:57

    Trying to get rid of JS/downloader on Windows 98SE. Downloaded SmitFraudFix.exe to desktop, copied instructions, restarted in SafeMode, tried to start SmitfraudFix but nothing happened. Any suggestions? Thanks!

  27. Marlee
    Mar 02, 2008 @ 20:19:48

    After an AVG virus scan today, it detected JS/Downloader Agent. I clicked on the link to put it in the AVG Virus Vault. AVG’s Help states: “When you moved the file to the AVG Virus Vault it was deleted from its original location, coded, and then saved as a non-executable file in a hidden folder. Your PC is no longer infected.” Othere scans using different programs have found no viruses since then. The Help instructions go on to say: “If you are not missing any data files and your applications are running, then you can delete these vaulted files from the AVG Virus Vault.”

  28. Mariano
    Mar 05, 2008 @ 02:42:50

    I´m from Argentina. I don’t know very well the language (English). My PC detected JS/Downloader.Agent and my AVG can’t delete it. I have Windows Vista. What can I do?

  29. dave
    Mar 13, 2008 @ 20:19:48

    My AVG scans every day, is this right? Its just started telling me I’ve got JS/downloader.agent. It’s been put in the virus vault. Am I supposed to do anything with it? Everything seems to be OK now. I’m using Windows Vista and sort of computer illiterate.

  30. andy
    Mar 16, 2008 @ 16:37:47

    I have used smitfraud fix with vista and it works fine. Just make sure you’re in safe mode. I got rid of jsdownloader agent by deleting temp Internet files.

  31. Dan Catlin
    Apr 02, 2008 @ 08:10:33

    I got the disks to reload my 1 year old laptop, it formatted the hard drive, after all is done, I downloaded AVG and bang within minutes there is JS downloader agent? Is this a false-positive? I am going crazy with this. Has anyone else got this virus without running AVG?

  32. cara
    Apr 10, 2008 @ 05:29:37

    My computer is infected with js/downloader agent. It’s affecting my Internet explorer. I am unable to open Internet explorer so unable to download and use smitfraudfix. How do I go about removing the infection? My computer runs on Windows Vista.

  33. louie
    Apr 14, 2008 @ 15:31:46

    AVG scans found the JS/dl virus on my CPU. AVG could not heal it so I looked at the path of the virus and deleted all my temporary Internet files and re-scanned. The virus was not detected again although I will re-scan tomorrow just to be sure.

  34. momen
    Apr 19, 2008 @ 20:03:52

    I joined the Internet by network (with a lot of other computers) and one of the member had that virus called JS.Downloader. When I’m surfing the net it always shows an alert message. I don’t know which computer is infected. I need to know the option in the AVG that can delete that virus automatically.Please help.

  35. Ali
    Apr 20, 2008 @ 21:23:54

    Dear friends,
    I have a Java script virus JS/Ddlr.Agent.ZY detected by Avira Antivir, but this Antivirus can not remove it.
    Consequently, It is impossible to open any web site with JAva script element.

    I need help.
    Thank you

  36. Scott
    Apr 24, 2008 @ 05:22:14

    That’s not good, what kind of virus is this? I see that its “LOW” on the meter of Viruses.
    Somebody help me get rid of this for good!

  37. Priscilla
    Apr 28, 2008 @ 18:00:27

    I had the js/downloader virus as well. Avg could not put it in the vault, so I went to my temporary Internet files and deleted them. Ran the scan again and it showed no virus. So does that mean that it is gone? Also, now when I run AVG, this pops up…
    file infection path hosts change C:/WINDOWS/system32/drivers.

  38. Joe
    May 01, 2008 @ 23:42:33

    Had both the js/downloader virus and an exploit virus. Don’t know if AVG have put out update that fixed the problem, but was able to move them to virus vault and delete them. Have done another scan and they seem to be gone. Fingers crossed, hopefully they are gone from my PC.

  39. candice
    May 29, 2008 @ 16:34:50

    I met this virus today. However, I moved it to vault and I don’t know how to do with it then. By the way, may I know what is the symptom when JS/Downloader.Agent working?

  40. Dan Williams
    Jun 02, 2008 @ 15:10:43

    I have a problem with the JS\Downloader Agent. I still use Windows 98 SE, I can’t afford to update my OS at this time. Is there any downloads out there for Windows 98SE that will get rid of this JS Downloader Agent. Thanks, Dan

  41. Buster
    Jun 08, 2008 @ 16:30:47

    I had JS/Downloader agent and moved it to AVG Vault. I then deleted it, deleted all temp Internet files and Java temp Internet files then did full AVG scan. Fingers crossed it seems ok now.

  42. Anne Potruff
    Jun 19, 2008 @ 11:27:34

    I have not been able to access my e-mail or Internet in over a week. Can the JS virus cause this to happen suddenly or am I dealing with two separate things. Without the Internet I cant get to smitfraudfix.

  43. JustAGuy1
    Jul 07, 2008 @ 22:26:00

    JS/Downloader.Agent

    I have this problem and suddenly another JS thing comes up in my AVG test results. But after few minutes the virus is gone.. I wonder why really. Is it hiding in my computer and I should remove it as fast as possible or should I just leave it there? Anyway I cant move any virus to the vault cause every scan is ended it says: Error healing files. Please help me as fast as possible.

  44. JustAGuy1
    Jul 07, 2008 @ 22:43:08

    Suddenly I got a new virus Trojan Horse Generic10.AYOS. I moved this file to Virus Vault and removed it. I hope this is gone now. Somehow this is connected to JS/Downloader.Agent. Still I cant find any virus or the JS/Downloader.Agent. I deleted all my temporary Internet files and re-scanned and found this Trojan Horse virus. I removed it and going to check for more virus. No wonder why my computer were a little slower.. Anyway if you guys see a virus called ruco.exe remove it by using any anti-virus program.

  45. nomi
    Jul 11, 2008 @ 17:19:37

    I have not been able to get any fruitful results from all the above mentioned methods. I scanned my computer over and over again. I even had to format my C: drive twice. But it still don’t seem to work. Can anyone help me here please?

  46. danny
    Jul 23, 2008 @ 12:36:10

    I got js/downloader took a while to sort it finally deleted temporary Internet files. AVG no longer finds the virus but all my files now open the Internet with full toolbars. It seems that if this virus has left a backdoor this odd connection allows access to every file. When I close a file that may hold music the broken Internet connection produces a error message and my computer closes down and starts up almost in a flicker. This reproduces standard messages in starting my computer. how can I reset my files so as not to connect to Internet.

    Danny

  47. its me
    Jul 31, 2008 @ 12:39:30

    Any kind of java virus can be removed by free Avira AntiVir. Because I have the same virus. I tried Avira and it was successful, its very good.

  48. Charlie Wang
    Aug 07, 2008 @ 13:28:08

    Hi precisesecurity,
    This virus seems difficult to remove from my PC. I tried SmitfraudFix and TrendMicro’s Sysclean, but could not clean up this problem. Very annoyed! Please give me other removal tool. Thanks a lot! Charlie

  49. Tarun sharma
    Aug 11, 2008 @ 11:51:14

    I want a solution for this JS/Downloader.agent as I tried all anti-virus and anti-spyware but no such solution to remove from my network. I tried to delete new link file of this virus and corrupts my system.

  50. thepearl
    Sep 08, 2008 @ 19:46:13

    This thing is the bloody pits! I post a lot of web pages in HTML, and it was writing long script files that I know didn’t come from my CPU. In any case, I downloaded and ran ( smitfraudfix ) in the Safe Mode, and it looks like the infection has been cleared. I’ll post again if it comes back, and thank you so much for the information.

  51. Elisha
    Sep 14, 2008 @ 18:15:13

    Question: After I scanned my computer AVG found 9 viruses. I think, and some warnings that I don’t understand, then it got moved from the virus vault, does that mean my computer is virus free? Was it healed automatically? Or does the viruses still remain in my computer? Thanks

  52. Debbie
    Nov 06, 2008 @ 13:19:49

    Hi, I was on the Internet when my computer suddenly flashed that JS/downloader Agent had been detected, I selected the option to move it into the virus vault, is this all that I have to do – or do I still need to run a removal tool? and is it okay to just leave it in the virus vault or should I do something with it?

  53. Burak
    Dec 23, 2008 @ 21:06:53

    Hi,

    I recently downloaded and installed a program called Graboid, Its meant to be for online streaming movies videos etc. After the installation my PC was affected with various amount of Trojans and this particular virus, I am wondering if it could have any connection with the Graboid program? I will try to use SmitFraudFix to see if it could help.

  54. Morgaine
    Jan 05, 2009 @ 12:56:45

    Hi,
    I am a webmaster and got some complaints from users about this js downloader agent. I started checking Google. I have Norton 360 and Sophos antivirus and did not get the message.
    Surprisingly I only found people using AVG that have this problem?
    Does this ring any bell’s? Maybe its an OK Free Virus scan but it comes with a virus.
    By the way, its a low priority virus.
    Thanks again. It should not be there.
    I think AVG is the problem and you should spend a little money on a virus scan that works ok?

  55. Larry
    Jan 06, 2009 @ 14:07:49

    My son’s laptop has this js/downloader agent virus. Found virus using AVG. downloaded both solutions mentioned in this thread. Cannot start in safe mode. Ran smithfraudfix any way and did get text file report as result. However virus still exists. Tried TrendMicro downloads but cannot run as desktop keeps refreshing and I cannot open zip file. will paste text file from smithfraud if anyone thinks they can help me. I am at my wits end with this. Help please!

  56. Christine
    Jan 19, 2009 @ 21:52:32

    Morgaine, I sincerely doubt AVG Free “comes with” or contains the JS/Downloader.Agent virus. I’ve been running it for eight years with no problems. In all that time, I’ve had only two viruses “attempting” to enter my computer, both of which AVG Free caught immediately. I then quarantined and removed.

  57. Niamh
    Jun 27, 2009 @ 13:33:46

    My avg has just found two viruses but i managed to send one to vault, its JS/Downloader .agent
    you talking about deleting Internet files
    what does this mean?
    I’ve been backing up all my documents and pictures just in case this virus deletes them what else should i be doing?

  58. Dawg
    Mar 15, 2010 @ 23:23:36

    I ran the program SmitfraudFix from here and now my clock is in military time and windows security center tells me I have no virus protection and no firewall. I’m running nortons for both…ohh and the virus is still on my comp! Now how do I fix all the new problems this program has created?

  59. Richard
    Dec 30, 2010 @ 06:37:43

    My computer just got hit with JS:Downloader-AJY. Any Sugeestions that have worked? Is in the vault now… am worried…

Leave a Reply

*