Virus

W32/Agent.YIJ!tr

Analysis

W32/Agent.YIJ!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Agent.YIJ!tr may have varying behaviour.

This malware uses various icons to disguise itself:
Figure 1: Icons.

During our tests the only observable effects of this malware was the Injection to some host system processes.

Some instance of this malware appear to be damaged.

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2024-02-16	92.01634
2024-02-06	92.01334
2024-01-11	92.00541
2024-01-05	92.00380
2024-01-05	92.00372
2022-05-25	90.02622
2022-05-24	90.02591
2020-03-17	76.03000	Sig Updated
2020-01-17	74.58600	Sig Updated
2019-03-19	67.17100	Sig Updated

ID	1683053
Released	Mar 26, 2010
Description Updated	Sep 29, 2017
Aliases	Gen:Trojan.Heur.FU.jeX@aqRC2Rm, Gen:Variant.Mikey.70684, Gen:Variant.Razy.18822, Gen:Variant.Zusy.258620, GenericRXCD-ZZ!DECD5D6C54A1 trojan, Troj/Agent-AXGN, TROJ_GEN.R002C0WIS17, TROJ_INJECTOR.AUSRENR, Trojan.Generic.22352605, Trojan-Spy.Win32.Noon.bna,
Platform Profile	Win32 file format / PE 32 bit