Trojan.JS.Agent.exz found inside Firefox Cache folder

[rounakr94]

Kaspersky just found this hidden in the Firefox cache folder and the funny part is that I don't even use Firefox that much. I didn't visit any sites on this particular Firefox except Facebook.

So, what sort of malware is this? A Trojan stealer or a dropper of some sort? I am running a Full Scan for now and I have uninstalled all the browsers incl Firefox, Chrome. 

Detection name: Trojan.JS.Agent.exz

Details below.

Spoiler

Event: Object deleted
User: DEMON-SLAYER-2\Rounak
User type: Initiator
Application name: avpui.exe
Application path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22
Component: File Anti-Virus
Result description: Deleted
Type: Trojan
Name: Trojan.JS.Agent.exz
Precision: Exactly
Threat level: High
Object type: File
Object name: 2309DFD956392BDFD0C84CA455FF6426B6B0FA9F
Object path: C:\Users\Rounak\AppData\Local\Mozilla\Firefox\Profiles\i2607jtb.default-release-1739822052193\cache2\entries
MD5 of an object: 6FEC3D1DC6D1802AEADC4F8611A9F326

 

Kaspersky Version 21.23.6.614
DB Release date 03-11-2025 12:17PM

 

 

Virustotal link: https://www(dot)virustotal(dot)com/gui/file/2cee43e2e59ade158bfe5b124c07e9e45b7a378e379a8be8bb3272b10cf344e2/detection

 

Do note that

• I don't visit any piracy websites for Games/Movies.
• Firefox is my second browser that is used for browsing my secondary FB account.
• I have Kaspersky extension and U Block origin on the browser.
• No once else can touch my PC as there is a Bios password on it.

Edited 8 hours ago by rounakr94
Added Pointers

[rounakr94]

Full scan completed. Kaspersky didn't detect any threats. So I am at a completely confused how that Trojan.JS got there in the first place 😐 

 

Edited 7 hours ago by rounakr94

[Berny]

@rounakr94

2 hours ago, rounakr94 said:

MD5 of an object: 6FEC3D1DC6D1802AEADC4F8611A9F326

↓ Kaspersky Open Tip ↓

 

2 hours ago, rounakr94 said:

Name: Trojan.JS.Agent.exz

Kasperky threats → Trojan.JS.Agent

" The most common use is in web browsers, where it is used for scripting to add interactivity to web pages. "

 

[rounakr94]

10 minutes ago, Berny said:

@rounakr94

↓ Kaspersky Open Tip ↓

 

Kasperky threats → Trojan.JS.Agent

" The most common use is in web browsers, where it is used for scripting to add interactivity to web pages. "

 

Can it be that the Cache file was pretty old and was recently picked up by Kaspersky as Opentip says it was first seen on 2nd Nov 2025 (SS below)?
There were two cache files and one of them I checked on Virustotal and Jotti's malware scan and the other I wasn't able to extract from Quarantine and I deleted it from there.
Maybe I had unknowingly visited a sketchy website pretty long back and the file was from then which the Antivirus AI picked up recently after the latest application version update.

Edited 5 hours ago by rounakr94

[Berny]

@rounakr94

Pleas see Kaspersky threats  Trojan.JS.Agent → " Detect date 04/25/2018 "

[rounakr94]

6 minutes ago, Berny said:

@rounakr94

Pleas see Kasperky threats  Trojan.JS.Agent → " Detect date 04/25/2018 "

I was talking about the file with the particular MD5 below and not the general Trojan.JS.Agent classification.

6FEC3D1DC6D1802AEADC4F8611A9F326

 

Anyways here is an article by Mozilla regarding some similar instances of Trojan detection in Cache. 

https://support.mozilla.org/en-US/kb/Firefox cache file was infected with a virus

Can you please ask any malware expert to take another look at the file with the above MD5. 

Edited 4 hours ago by rounakr94

[Berny]

@rounakr94

8 minutes ago, rounakr94 said:

Can you please ask any malware expert to take another look at the file with the above MD5. 

Please contact Kaspersky Technical Support :
→ https://support.kaspersky.com/b2c/#contacts 
1) Fill in the form
2) Did not find your answer ? Contact Customer Service