Virus

LNK/Agent.FZ!tr

Analysis

LNK/Agent.FZ!tr is a detection for a LNK trojan. Below are some of its observed characteristics/behaviours:

This malware may have been a part or component from another malware. Its sole intention maybe to serve as an autostart, by making itself point to %System32%\wscript.exe \DEVICE\system\folder\start.vbs

This malware maybe part of a coinminer.

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2022-11-29	90.08277
2022-08-31	90.05566
2022-01-28	89.09106
2021-11-01	89.06481
2021-04-06	85.00256
2020-06-16	78.20800	Sig Updated
2020-02-21	75.43000	Sig Updated
2020-02-05	75.05100	Sig Updated
2020-02-05	75.04700	Sig Updated
2020-02-03	75.00000	Sig Updated

ID	8049815
Released	May 09, 2019
Description Updated	May 08, 2019
Aliases	LNK/Agent.FZ!tr,LNK_RUNNER.Q,Trojan.LNK.Starter.M
Platform Profile	used for link malware (shortcut in Microsoft Windows)