JS/Agent.NDSW!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as JS/Agent.NDSW!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware is an obfuscated/injected JS file that uses an observed common variable name found amongst all its variants set initially to "undefined".
- Below are some of the sites to which some of the samples observed tried to connect to:
- Following are some of the exact file hashes associated with this detection:
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.