JS/Downloader.Agent
JS/Downloader.Agent is a detection for JavaScript files that may have malicious intent to download and execute additional malware onto the computer. When successfully invaded a computer, JS/Downloader.Agent will inject itself on Internet Explorer that may lead to redirection of web browser. This Trojan will reduce overall system performance of the when running its own processes that takes-up memory. Excessive pop-up advertisements are also expected to arise. It is observe that JS/Downloader.Agent is utilized in propagation of rogue security application by posing as legitimate software update.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
How to Remove JS/Downloader.Agent:
MANUAL REMOVAL OF JS/Downloader.Agent:
1. Clear Java Plug-in cache.
- Go to Start > Control Panel, click on Java Icon. For Windows Vista/7 users, it is unde Programs.
- On Temporary Internet Files, click on Settings.
- While on Temporary Internet Files windows, click on Delete Files.
- If prompted to delete temporary files, select both Application and Applets and Trace and Log Files.
- Click on OK to start the removing downloaded applications and unnecessary files from the cache.
2. Update installed anti-virus application to have the latest definition file.
3. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
4. Thoroughly scan the system and clean/delete all infected file(s).
5. Restart the computer.
JS/Downloader.Agent Removal Tool:
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart the computer.
precisesecurity
Oct 06, 2007 @ 09:49:48
1. Please use SmitfraudFix to remove this threat.
Sharon
Oct 08, 2007 @ 22:50:44
I used this removal tool and it worked. All the threats are gone. I do have a question for you though. AVG showed changed DLL files before it found the actual threats. It is now listing them again. Is this because they have been changed back to the originals or is there still some work that I have to do? Thanks for the great fix tool!
Sharon
Denver
Oct 09, 2007 @ 10:43:46
Sharon, it would be great if you would elaborate more on your questions. If your AVG is having errors it advised to reinstall it and don’t forget to always update it.
Kenny
Oct 10, 2007 @ 04:50:17
It did not work for me. My company had 40 computers that get this virus. AVG showed “virus found JS/downloader.agent” and we choose “move to vault”. I had tried to scan my computer by Norton, Trend Micro, Kaspersky, McAfee,
Bit Defender, Spybot S&D, Spyware Doctor, AVG Anti-Spyware, Ccleaner, SmitFraudFix, and many other tools but still can’t remove this virus. This virus seems to spread from the network and can’t identify the root.
Please help!
precisesecurity
Oct 11, 2007 @ 01:23:41
It is harder to remove a virus particularly if it is capable of spreading over the network. It may be difficult but I guess you have to scan each computer while disconnected from the network.
One more special tool to use is TrendMicro’s Sysclean.
http://www.precisesecurity.com/tools-resources/threat-removal-procedure/trendmicro-sysclean/
Kenny
Oct 11, 2007 @ 02:42:37
Thanks for your help! As I found that while the infected computer was switched off, the threat alert was gone. So I expected the infected computer will spread the script (flash.958167.com/main.js)to those computers accessing Internet only.
I am tried to isolate the infected computer and scan again.
Sue
Oct 14, 2007 @ 16:45:35
Thanks, thanks and more thanks! SmitfraudFix was very easy to install and the instructions were very easy to follow. After rebooting and AVG Free running again: NO Viruses! I’ll now search for where I can make a small donation to help defray costs.
Sue
Oct 14, 2007 @ 16:58:23
Hi — I found the link to donate, BUT, it kept putting my US dollar amount as EUR pounds. Since I didn’t want Eur amount on my credit card I cancelled. Is there a way to donate in US dollars using a credit card? Thanks
precisesecurity
Oct 15, 2007 @ 10:12:49
Sue, I’m sorry I cannot answer your question. This is not my tool and I have no direct connection with the author SiRi. Kindly visit his site and contact him.
siri.geekstogo.com/SmitfraudFix.php
BoFoSho
Nov 13, 2007 @ 14:03:05
Thanks, this program is a life saver I was on my room mates laptop and all the sudden it just popped up when I tried to download a codex. I spent 3 hours trying to fix it before finding this, 15 min later it’s gone. expect a great donation from me.
Karen
Nov 15, 2007 @ 23:48:58
I used the Trend Micro SysClean to solve my problem with the JS Downloader.Agent virus and it worked great! No more virus. Thanks so much for the link for it.
Heather
Nov 27, 2007 @ 14:22:45
I too have the virus, when I try to click on the link for the download it brings me to a page DNS.org… It does this whenever I try to click on any links. Could it be part of the virus. I have tried typing the link directly into the address bar, to no avail. Help! I’m ready to throw my computer out the window!
Sc
Nov 27, 2007 @ 19:09:57
Hi. While I was using the Yahoo Messenger, some link pop-up and started spreading through my computer with the other person. I scanned and found out this virus but the problem is I am not able to heal the virus with the help of AVG.
Does this virus affect the Internet connection by any chance?
Kindly help ASAP.
Thank you.
Don
Dec 08, 2007 @ 12:06:21
I used Trend Micro’s house call to check and clean my system that had been acting funny for a good week anyway. I use AVG anti-virus and it never picked up the virus j/s download agent. I went through the procedure on Trend Micro to remove the virus but my AVG program picked it. Back up 2 days later so i don’t think Trend Micro got rid of it.
David
Dec 13, 2007 @ 00:02:06
Last week AVG detected JS downloader agent but was unable to remove it. Thankfully the laptop remained working allowing me to find this helpful information. I downloaded Smitfraudfix from the link at the beginning of this thread. Then followed the procedure exactly… i.e. boot up in safe mode. And it completely eliminated the threat.
Thank you for the help.
David
Michael
Jan 22, 2008 @ 14:30:13
I got this virus a few weeks ago but although AVG said there had been a healing error it moved the virus to the vault which I then cleared. I also cleaned the disc of temp Internet files etc and the virus appears to have gone. Two days ago while on the net an AVG pop-up warned that the virus was present at that site I immediately shut the Internet down cleaned off temp folders again and emptied the vault where AVG had put the virus. Scans since have not detected any presence.
sandeep
Jan 28, 2008 @ 07:49:18
I will use it as i am also facing same problem.
kwatra
Jan 30, 2008 @ 13:02:52
I have repeatedly tried to remove JS downloader.agent virus with the help of Smitfraudfix. While, It has helped in removing and cleaning the virus from the computer, but the moment I log on to Internet, again the virus threat messages come. They are content.ie5wdafk5m3\ads(1)js, ads(2)js, w8w9csu\ads(1)js. Please advise and help in removing repetitive onslaught of virus threat.
Magz
Jan 31, 2008 @ 01:59:33
It worked just great for me!!!
Wonderful!! Thanks for your help!
kam
Feb 01, 2008 @ 02:51:38
Try these steps:
1) Uninstall everything (including antivirus software) from your PC only keep your client software which is used to connect to the Internet.
2) Download and install AVG spyware doctor and get latest update installed. Don’t perform any scan now.
3) Go to safe mode.
4) Open administrator account.
5) Then do a final full system scan using AVG spyware doctor in safe mode.
6) If this Trojan is present it will be shown as Trojan downloader.small.js
7) As recommended action set delete on reboot. Reboot your computer
8) You have done it.
note: in these steps we have assumed that there is only one Trojan is present on machine that is JS/downloader.agent
kam
Feb 01, 2008 @ 02:57:36
If you want to try other scanner please scan after uninstalling other software form your PC otherwise it will come again. This Trojan have embedded code in it, through which it have the ability to attach itself with other software files and hide with them so in order to completely remove it, first uninstall every other software including antivirus software before scanning
Nick
Feb 16, 2008 @ 13:50:38
I believe if AVG finds this virus it’s a “false positive.” It happened a few times before, I never heal it, and the virus is gone. Also, it detected a Trojan from a World of Warcraft file, and it was confirmed that it was a false positive.
eddy
Feb 16, 2008 @ 15:24:18
I’m using AVG and it has a couple of viruses in its virus bank.I’m not sure if I’m supposed to leave it alone or delete the files. I’m having trouble with my computer shutting off randomly and I’m not sure if the virus can cause it or its in the virus bank.
Rob
Feb 29, 2008 @ 02:23:55
I used SmitFraudFix and followed all the instructions, but when I checked my AVG program following the scan, it says that the virus is still in the vault. Do I have to remove it from the vault so that SmitFraudFix can remove it? Or is it removed, but still showing up in AVG for some reason?
GigB
Feb 29, 2008 @ 02:44:42
I’m running Vista and AVG detected this virus on my machine. SmitFraudFix says it works with XP and Windows 2000, does anyone know if it works with Vista?
precisesecurity
Feb 29, 2008 @ 08:23:11
Rob, You have to empty the vault first.
GigB, SmitFraudFix does not have a version for Vista.
luke
Mar 01, 2008 @ 07:11:41
I have Windows Vista. How do I get rid of js/downloader.agent please help.
Kevin
Mar 02, 2008 @ 00:09:57
Trying to get rid of JS/downloader on Windows 98SE. Downloaded SmitFraudFix.exe to desktop, copied instructions, restarted in SafeMode, tried to start SmitfraudFix but nothing happened. Any suggestions? Thanks!
Marlee
Mar 02, 2008 @ 20:19:48
After an AVG virus scan today, it detected JS/Downloader Agent. I clicked on the link to put it in the AVG Virus Vault. AVG’s Help states: “When you moved the file to the AVG Virus Vault it was deleted from its original location, coded, and then saved as a non-executable file in a hidden folder. Your PC is no longer infected.” Othere scans using different programs have found no viruses since then. The Help instructions go on to say: “If you are not missing any data files and your applications are running, then you can delete these vaulted files from the AVG Virus Vault.”
Mariano
Mar 05, 2008 @ 02:42:50
I´m from Argentina. I don’t know very well the language (English). My PC detected JS/Downloader.Agent and my AVG can’t delete it. I have Windows Vista. What can I do?
dave
Mar 13, 2008 @ 20:19:48
My AVG scans every day, is this right? Its just started telling me I’ve got JS/downloader.agent. It’s been put in the virus vault. Am I supposed to do anything with it? Everything seems to be OK now. I’m using Windows Vista and sort of computer illiterate.
andy
Mar 16, 2008 @ 16:37:47
I have used smitfraud fix with vista and it works fine. Just make sure you’re in safe mode. I got rid of jsdownloader agent by deleting temp Internet files.
Dan Catlin
Apr 02, 2008 @ 08:10:33
I got the disks to reload my 1 year old laptop, it formatted the hard drive, after all is done, I downloaded AVG and bang within minutes there is JS downloader agent? Is this a false-positive? I am going crazy with this. Has anyone else got this virus without running AVG?
Monica
Apr 05, 2008 @ 21:47:25
How can you solve the problem with AVG without downloading anything?
cara
Apr 10, 2008 @ 05:29:37
My computer is infected with js/downloader agent. It’s affecting my Internet explorer. I am unable to open Internet explorer so unable to download and use smitfraudfix. How do I go about removing the infection? My computer runs on Windows Vista.
louie
Apr 14, 2008 @ 15:31:46
AVG scans found the JS/dl virus on my CPU. AVG could not heal it so I looked at the path of the virus and deleted all my temporary Internet files and re-scanned. The virus was not detected again although I will re-scan tomorrow just to be sure.
momen
Apr 19, 2008 @ 20:03:52
I joined the Internet by network (with a lot of other computers) and one of the member had that virus called JS.Downloader. When I’m surfing the net it always shows an alert message. I don’t know which computer is infected. I need to know the option in the AVG that can delete that virus automatically.Please help.
Ali
Apr 20, 2008 @ 21:23:54
Dear friends,
I have a Java script virus JS/Ddlr.Agent.ZY detected by Avira Antivir, but this Antivirus can not remove it.
Consequently, It is impossible to open any web site with JAva script element.
I need help.
Thank you
Scott
Apr 21, 2008 @ 05:22:32
I have virus found JS/downloader.agent” and I chose “move to vault.” It’s there now. If I removed/delete from vault, is it deleted from my computer?
Please let me know ASAP!
dave
Apr 23, 2008 @ 18:49:11
Scott, I deleted js/dl from virus vault. It went from the vault Ok, but every time AVG scans it says I’ve still got it only now it doesn’t even give me the option to “move to vault”!
Scott
Apr 24, 2008 @ 05:22:14
That’s not good, what kind of virus is this? I see that its “LOW” on the meter of Viruses.
Somebody help me get rid of this for good!
Priscilla
Apr 28, 2008 @ 18:00:27
I had the js/downloader virus as well. Avg could not put it in the vault, so I went to my temporary Internet files and deleted them. Ran the scan again and it showed no virus. So does that mean that it is gone? Also, now when I run AVG, this pops up…
file infection path hosts change C:/WINDOWS/system32/drivers.
Joe
May 01, 2008 @ 23:42:33
Had both the js/downloader virus and an exploit virus. Don’t know if AVG have put out update that fixed the problem, but was able to move them to virus vault and delete them. Have done another scan and they seem to be gone. Fingers crossed, hopefully they are gone from my PC.
Jim
May 18, 2008 @ 21:01:32
It worked for me but now my cousin can’t get on runescape and my limewire wouldn’t open.
candice
May 29, 2008 @ 16:34:50
I met this virus today. However, I moved it to vault and I don’t know how to do with it then. By the way, may I know what is the symptom when JS/Downloader.Agent working?
Dan Williams
Jun 02, 2008 @ 15:10:43
I have a problem with the JS\Downloader Agent. I still use Windows 98 SE, I can’t afford to update my OS at this time. Is there any downloads out there for Windows 98SE that will get rid of this JS Downloader Agent. Thanks, Dan
Buster
Jun 08, 2008 @ 16:30:47
I had JS/Downloader agent and moved it to AVG Vault. I then deleted it, deleted all temp Internet files and Java temp Internet files then did full AVG scan. Fingers crossed it seems ok now.
Buster
Jun 08, 2008 @ 16:31:53
Sorry, forgot to say I have Windows XP.
Anne Potruff
Jun 19, 2008 @ 11:27:34
I have not been able to access my e-mail or Internet in over a week. Can the JS virus cause this to happen suddenly or am I dealing with two separate things. Without the Internet I cant get to smitfraudfix.
JustAGuy1
Jul 07, 2008 @ 22:26:00
JS/Downloader.Agent
I have this problem and suddenly another JS thing comes up in my AVG test results. But after few minutes the virus is gone.. I wonder why really. Is it hiding in my computer and I should remove it as fast as possible or should I just leave it there? Anyway I cant move any virus to the vault cause every scan is ended it says: Error healing files. Please help me as fast as possible.
JustAGuy1
Jul 07, 2008 @ 22:43:08
Suddenly I got a new virus Trojan Horse Generic10.AYOS. I moved this file to Virus Vault and removed it. I hope this is gone now. Somehow this is connected to JS/Downloader.Agent. Still I cant find any virus or the JS/Downloader.Agent. I deleted all my temporary Internet files and re-scanned and found this Trojan Horse virus. I removed it and going to check for more virus. No wonder why my computer were a little slower.. Anyway if you guys see a virus called ruco.exe remove it by using any anti-virus program.
nomi
Jul 11, 2008 @ 17:19:37
I have not been able to get any fruitful results from all the above mentioned methods. I scanned my computer over and over again. I even had to format my C: drive twice. But it still don’t seem to work. Can anyone help me here please?
danny
Jul 23, 2008 @ 12:36:10
I got js/downloader took a while to sort it finally deleted temporary Internet files. AVG no longer finds the virus but all my files now open the Internet with full toolbars. It seems that if this virus has left a backdoor this odd connection allows access to every file. When I close a file that may hold music the broken Internet connection produces a error message and my computer closes down and starts up almost in a flicker. This reproduces standard messages in starting my computer. how can I reset my files so as not to connect to Internet.
Danny
its me
Jul 31, 2008 @ 12:39:30
Any kind of java virus can be removed by free Avira AntiVir. Because I have the same virus. I tried Avira and it was successful, its very good.
Charlie Wang
Aug 07, 2008 @ 13:28:08
Hi precisesecurity,
This virus seems difficult to remove from my PC. I tried SmitfraudFix and TrendMicro’s Sysclean, but could not clean up this problem. Very annoyed! Please give me other removal tool. Thanks a lot! Charlie
Charlie Wang
Aug 07, 2008 @ 13:30:34
By the way, the alert message pops out when I enter a particular web site only.
Tarun sharma
Aug 11, 2008 @ 11:51:14
I want a solution for this JS/Downloader.agent as I tried all anti-virus and anti-spyware but no such solution to remove from my network. I tried to delete new link file of this virus and corrupts my system.
thepearl
Sep 08, 2008 @ 19:46:13
This thing is the bloody pits! I post a lot of web pages in HTML, and it was writing long script files that I know didn’t come from my CPU. In any case, I downloaded and ran ( smitfraudfix ) in the Safe Mode, and it looks like the infection has been cleared. I’ll post again if it comes back, and thank you so much for the information.
Elisha
Sep 14, 2008 @ 18:15:13
Question: After I scanned my computer AVG found 9 viruses. I think, and some warnings that I don’t understand, then it got moved from the virus vault, does that mean my computer is virus free? Was it healed automatically? Or does the viruses still remain in my computer? Thanks
Debbie
Nov 06, 2008 @ 13:19:49
Hi, I was on the Internet when my computer suddenly flashed that JS/downloader Agent had been detected, I selected the option to move it into the virus vault, is this all that I have to do – or do I still need to run a removal tool? and is it okay to just leave it in the virus vault or should I do something with it?
Burak
Dec 23, 2008 @ 21:06:53
Hi,
I recently downloaded and installed a program called Graboid, Its meant to be for online streaming movies videos etc. After the installation my PC was affected with various amount of Trojans and this particular virus, I am wondering if it could have any connection with the Graboid program? I will try to use SmitFraudFix to see if it could help.
Morgaine
Jan 05, 2009 @ 12:56:45
Hi,
I am a webmaster and got some complaints from users about this js downloader agent. I started checking Google. I have Norton 360 and Sophos antivirus and did not get the message.
Surprisingly I only found people using AVG that have this problem?
Does this ring any bell’s? Maybe its an OK Free Virus scan but it comes with a virus.
By the way, its a low priority virus.
Thanks again. It should not be there.
I think AVG is the problem and you should spend a little money on a virus scan that works ok?
Larry
Jan 06, 2009 @ 14:07:49
My son’s laptop has this js/downloader agent virus. Found virus using AVG. downloaded both solutions mentioned in this thread. Cannot start in safe mode. Ran smithfraudfix any way and did get text file report as result. However virus still exists. Tried TrendMicro downloads but cannot run as desktop keeps refreshing and I cannot open zip file. will paste text file from smithfraud if anyone thinks they can help me. I am at my wits end with this. Help please!
Christine
Jan 19, 2009 @ 21:52:32
Morgaine, I sincerely doubt AVG Free “comes with” or contains the JS/Downloader.Agent virus. I’ve been running it for eight years with no problems. In all that time, I’ve had only two viruses “attempting” to enter my computer, both of which AVG Free caught immediately. I then quarantined and removed.
mark
Jun 16, 2009 @ 04:48:15
AVG falsely says my site is infected with downlaoderAgent
Niamh
Jun 27, 2009 @ 13:33:46
My avg has just found two viruses but i managed to send one to vault, its JS/Downloader .agent
you talking about deleting Internet files
what does this mean?
I’ve been backing up all my documents and pictures just in case this virus deletes them what else should i be doing?
Dawg
Mar 15, 2010 @ 23:23:36
I ran the program SmitfraudFix from here and now my clock is in military time and windows security center tells me I have no virus protection and no firewall. I’m running nortons for both…ohh and the virus is still on my comp! Now how do I fix all the new problems this program has created?
Richard
Dec 30, 2010 @ 06:37:43
My computer just got hit with JS:Downloader-AJY. Any Sugeestions that have worked? Is in the vault now… am worried…