Threat Detection Library


Troj/Agent indicates that Sophos has detected Trojan horse (“Trojan”) malware.

Trojan horses are files that appear harmless but are malicious. They include

a broad range of different malware families with a wide array of functionality, including threats that perform distributed denial of service, fake anti-virus, and ransomware.

Trojan horse malware can be used for many kinds of malware including:

  • Ransomware: Encrypts key files and demands financial payment in return for decrypting them.
  • Crimeware bots: Malware like Emotet and QBot which are used to sell access to compromised machines to other attackers or criminal groups such as ransomware groups.
  • Cryptominers: Malware that hijacks computer CPU resources to “mine” cryptocurrency like Bitcoin or Monero for attackers’ financial gain.
  • Distributed Denial of Service bots: Malicious code that makes a compromised system participate in Distributed Denial of Service (DDoS) attacks that attempt to take down websites or otherwise disrupt the internet.
  • Downloaders and Droppers: Malicious code that attempts to download other malicious code like ransomware.
  • Information Stealers: Capture keystrokes to gain personal information.
  • Remote Access Trojans or Tools (RATs): Malicious software that gives attackers full control of your system.

A Trojan horse agent is a particular kind of Trojan horse that gives the attacker continued, complete, ongoing control over the infected system. An attacker can use the agent to install additional malware, steal passwords or financial information, or take any action on the system that the user can.

You can find information on Trojan horse attacks on Sophos Naked Security here and the Sophos X-Ops blog here.

If you believe this detection is incorrect, please report this file to Sophos Support.

Send our lab samples for analysis.

Submit a Sample