> VilmaTech Blog > Solution to JS/Agent.NKW Trojan, Manual Removal Method to Follow up

Solution to JS/Agent.NKW Trojan, Manual Removal Method to Follow up

Broad Lines

Trojan is a kind of threat created by cyber criminals to help collect valuable information by gathering credentials or by infiltrating into system memory. To distinguish each Trojan threat so as to make good use of its strengths, it is named after the technique it employs and the general property. According to the name of this JS/Agent.NKW Trojan that has been reported to hinder PC users from visiting websites and found mostly by ESET, it applies JavaScript technique, which implies its capability of modifying DNS settings, possible collection of log-in credentials and escaping the removal by installed anti-virus programs due to the fact that JavaScript technique has been utilized by computer programmers to improve the surfing experience ever since first time it was created. “Agent” is thus used to tell that the Trojan doesn’t occupy typical virulent features and JS/Agent.NKW is another newly released Trojan that is the most suitable item to help accumulate extra fortune by alleviating the implantations of browser malware.

Such redirector Trojan is capable of giving rise to concrete damages regardless of the operation of installed anti-virus program. To get efficient solution and general picture of damages, you are welcome to finish this article or to get more information as well as on-demand help from VilmaTech Online Support.

live chat


Concrete Damages

By applying JavaScript technique, JS/agent.nkw is enabled to modify the values there, which is why some redirect issue would emerge in the middle of Internet surfing. Generally, coupon sites and some commercial popup ads might come into victims’ sight. By adding traffic to those sites, js/agent.nkw is able to obtain extra revenue. In the event where some websites are prevented from visit, log-in credentials can possibly be recorded to send unsolicited emails that contains vicious codes, or, even worse, to empty out bank card.

People should also notice that random modifications on browser settings will lead to web vulnerability which is the favorite for most infections nowadays since it is the most high-speed way to get into a target computer for further infiltration. It is the reason why more unknown applications are caught to be on the target machine affected by JS/Agent.NKW Trojan.

On the occurrence of additional popup adware, CPU usage would soar steeply when surfing the Internet as it needs a lot of resource to display many content at a time, which contributes to longer time when visiting a web site as well as a slow-performance machine. To prevent from possibly additional threats and to retrieve perfect surfing experience, it is recommended to remove JS/Agent.NKW Trojan right away before it chisels up backdoor to allow unauthorized backdoor for direct control. Given the fact that js/agent.nkw utilizes JS technique for covering, there’s no chance for anti-virus programs to remove JS/Agent.NKW Trojan completely and thoroughly. Therefore, manual removal method is recommended. Below is the manual removal steps made to your reference by a specialized technician. You are welcome to follow up and help yourself.

live chat


Efficient Solution to JS/Agent.NKW – Manual Removal Steps

Run full scan to note down the directory of js/agent.nkw, which is recommended to be performed under Safe Mode where is the place to stop some aggressive operation that is capable of escaping detection.

Windows 7/Vista/XP

  • Restart the computer from Start Menu.
  • As the computer is booting but before Windows launches, tap the “F8 key” continuously. “Windows Advanced Options Menu” will be then seen in seconds.
  • Use arrow keys to highlight ‘Safe Mode’ option and press Enter mode

Windows 8

  • Restart the computer.                                                                        restart win81
  • Hold down Shift key and repeatedly hit the F8 key (Shift+F8) when computer restarts but before Windows launches.                                                                                                  shift+f8
  • “Recovery Mode” screen will be seen in seconds.
  • Click on See advanced repair options to continue.
  • Choose an option Screen will be your next selection so as to choose Troubleshoot.win8 safe mode1
  • Next select Advanced Options.
  • Choose Windows Startup Settings in the next screen to click Restart.
  • Safe Mode options will pop up, all you need to do is to press ENTER or Press a number to choose Safe Mode.                                                                                                       win8 safe mode4

Go to Registry Editor for rectifications so as to remove js/agent.nkw Trojan without errors and the like in the following removal steps.

  • Use Win key and R key together to bring up Run box.            win+r
  • Type “regedit” and hit Enter key on the keyboard, which will bring you to Registry Editor.
  • Navigate to the following entries respectively to find suspicious key value started with “Run” and delete accordingly.                                                                                           registry enditor2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Startup=”C:\windows\start menu\programs\startup

Show hidden items all together to find out and remove vicious items generated by JS/Agent.NKW Trojan. Some system-file-like items can be generated in the target machine, therefore it is recommended to arrange files by date to remove the items created on the day when JS/Agent.NKW Trojan was found, which is the best way to shun from mistaken removal.

  • Right click on space to select ‘arrange icons by’/ ‘sort by.’
  • Select ‘Day’/‘Date’/‘Modified’.                                                                                                                 Arrangebyday
  • Scroll to the bottom to remove files created on the day when JS/Agent.NKW Trojan was detected.

Step one: show hidden items.

Windows 8

  • Open Windows Explorer on Start Screen to tap View tab.
  • Tick ‘File name extensions’ and ‘Hidden items’ options at once and press OK button to show all hidden items.                                                                                                        win8 hidden file

Windows 7/XP/Vista

  • Click open ‘Control Panel’ from Start Menu to select ‘user accounts and family safety’.user accounts and family safety
  • Double click on ‘Folder Options’ so as to tick ‘Show hidden files and folders and non-tick ‘Hide protected operating system files (Recommended)’ under View tab.                                               folder options1
  • Press ‘OK’ to show all hidden items.

Step two: files need to remove.

  • Navigate to Root directory under C disk to remove any item that is not familiar to you and is created on the day when JS/Agent.NKW Trojan was detected.
  • Remove C:\ Users\USERNAME\AppData\Local|Microsoft|Windows\Temporary Internet Files\Low\Content.IE5\PEZI44NV\cityloftsquare_com{1}.htm.
  • Remove files under c:\windows that were created on the day when JS/Agent.NKW Trojan.
  • Remove all temp folders under C:\Windows\System32.
  • Navigate to C:\windows\winstart.bat, C:\windows\wininit.ini and C:\windows\Autoexec.bat to find and delete every files and folders named after JS/Agent.NKW Trojan. (tip: the above listed files and folder might differ from OS, not all of the above listed will occur on your infected machine.)


  • Optimize the whole system after reboot.
  • Reset browsers or remove associated items with JS/Agent.NKW Trojan.
  • Bring up system configuration window to manage start up items and remove vicious items from there.
  • Run another full scan to remove detected items, if any, all over again.


Usually, JS/Agent.NKW manages to worm through web vulnerability and system loopholes; there are other cases where JS/Agent.NKW attacks some freeware and shareware. In other word, getting alert warnings about js/agent.nkw implies that the target machine was not protected well and that good PC practice has not been followed up carefully. One more thing to which attention should be pad is that the above manual removal steps are exclusively applicable to js/agent.nkw Trojan. Should there be additional malware/infections found on the target machine without your knowledge, failure can be anticipated notwithstanding. Due to the uncertainty as to additional malware/infection will land on the target machine, it is suggested to follow the above given steps only when sufficient computer skill is reachable; otherwise, contact VilmaTech Online Support and get professional assistance to remove js/agent.nkw Trojan completely without re-image.

live chat

Comments are closed.

Latest Posts