Threat name: JS:Agent-ENC [Trj]
Threat type: Trojan Horse - This threat pretends to be something else (e.g., picture, document, or other file) to trick you into running it and infecting your computer.
Status: Moved to Quarantine
Options: Report false detection
Detected by: Auto-Protect
On PC from: 2/20/26, 1:33 PM
Last Used: 2/20/26, 1:33 PM
Startup Item: No
Unknown
It is unknown how many users in the Norton Community have used this file.
Unknown
The file release is currently unknown
High
The file risk is high
Activity
Path | Type | Status
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13416086004380862 | File | Repaired
========================================
JS:Agent-ENC [Trj] is a generic detection for a malicious JavaScript file disguised as a legitimate document or media file to trick users into executing it. Because “JS:Agent” is a broad classification, its behavior can range from simple browser redirections to serious data theft.
Key Characteristics & Risks
- Disguise Tactics: It often arrives as an email attachment (e.g., a fake invoice or bank statement) or via “drive-by downloads” from compromised websites.
- Malicious Actions: Once active, it can steal browser credentials, monitor keystrokes, or act as a “downloader” to install more severe malware like ransomware or cryptocurrency miners.
- Evasion: The -ENC suffix typically indicates that the script is encrypted or obfuscated to bypass basic security scanners.
Recommended Removal Steps
Disconnect from the Internet: Immediately cut your connection to stop the Trojan from communicating with its Command & Control (C2) server or exfiltrating your data.
Clean Your Browsers: Since this is JavaScript-based, it often resides in browser components.
- Remove any unrecognized extensions or add-ons.
- Clear your browser cache and cookies to remove temporary malicious scripts.
- Use the Microsoft Edge Reset Tool or similar settings in other browsers if the threat persists.
Run a Deep Scan:
- Use Microsoft Defender Antivirus to run a Full Scan.
- For deeply embedded threats, perform an Offline Scan which runs before Windows fully boots.
Check Startup Programs: Use the Microsoft Autoruns tool to identify and delete suspicious entries that allow the malware to relaunch after a reboot.
=============================================
When Norton 360 flags JS:Agent-ENC [Trj], it has identified an encrypted (ENC) JavaScript-based Trojan designed to masquerade as a safe file. These often reside in browser caches or system temporary folders after visiting a compromised site.
Immediate Removal Actions
Check Norton Quarantine: Open Norton 360 > Security > Security History. Select Quarantine from the drop-down. If the threat is listed, Norton has already isolated it. It is recommended to delete quarantined items rather than restoring them.
Run Norton Power Eraser: For persistent threats, use the Norton Power Eraser tool. It uses aggressive scanning to detect “crimeware” that standard scans might miss.
Perform a Full System Scan: In the Norton main window, go to Security > Scans > Full System Scan. Ensure “Scan all archives” is enabled in the scan settings to find hidden scripts.
Clear Browser Data: Since this is a JavaScript threat, it may be stuck in your browser’s temporary storage. Clear your browser cache and cookies and remove any recently added, unrecognized extensions.
False Positive Potential
Sometimes Norton flags legitimate scripts (like those from Intel or media players) as a Trojan Horse - SNH-gen [Trj] due to their behavior. If the detected path is within a trusted application folder (e.g., C:\Program Files\Intel), it may be a false positive.
===========================================
That specific file path indicates the threat is located within
Chrome’s Session Storage. This means the malicious JavaScript wasn’t necessarily a file you “downloaded” manually, but rather a script from a website you currently or recently had open in a tab.
Norton is flagging the session data because Chrome “remembered” the malicious script so it could reload your tabs if the browser crashed.
How to Clear It
Since the threat is embedded in your active session, standard antivirus deletion might fail if Chrome is currently using that file.
Close Google Chrome completely.
Clear Browsing Data: Reopen Chrome and use the shortcut Ctrl+Shift+Del. Set the time range to “All time” and ensure “Cookies and other site data” and “Cached images and files” are checked. You can follow the Official Google Chrome Clear Cache guide.
Manual Deletion: If Norton still alerts you, navigate to C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\ and delete everything inside that folder. This will wipe your open tabs, but it will kill the script’s hiding spot.
Check Extensions: Go to chrome://extensions/ and remove anything you didn’t personally install. Some malicious extensions can reinfect your sessions.
Is your PC safe?
As long as the detection stays within the ...\Google\Chrome\User Data\... folder, the threat is likely contained within the browser and hasn’t infected your Windows system files yet. Norton is doing its job by blocking it before it “breaks out” of the browser session.
====================================
Visiting https://www.paroisse-mamers.fr/ likely triggered the alert because the site appears to be compromised or is hosting a script that behaves like a downloader.
While the website is for a legitimate parish in France, it currently uses an insecure connection (http://) for many of its files, and several search results indicate it contains outdated content and unverified downloads (like old PDF bulletins). This makes it a prime target for “drive-by download” attacks, where a malicious script (like JS:Agent-ENC [Trj]) is silently injected into the site’s code.
Why the alert is in your “Sessions” folder
The JS:Agent-ENC [Trj] detection in your Chrome Sessions folder means the malicious script was loaded into your browser’s memory while you were viewing that site. Chrome then saved a “snapshot” of that active session to your hard drive so it could restore your tabs later. Norton’s real-time scanner caught the script as Chrome tried to write that snapshot to your disk.
How to resolve this immediately
Close Chrome: Do not just close the tab; exit the entire program to release the session files.
Delete the Session Files: Go to C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\ and delete every file in that folder. This permanently removes the “memory” of the malicious script.
Clear Browser Cache: Follow the Google Chrome Clear Cache guide and select “All time” for “Cookies and other site data” and “Cached images and files.”
Run a Norton Full Scan: Since you can’t use Power Eraser, run a Norton 360 Full System Scan to ensure the script didn’t manage to drop any secondary files outside of the browser.
Avoid returning to that specific website until you are certain its security has been updated.
Did you download any PDF bulletins or click any links while you were on that parish website?
========================================
Note: AI sourced content may make mistakes
Note: Norton Power Eraser EOL
Norton Power Eraser (NPE) is officially reaching its End-of-Life (EOL) on April 30, 2026.
After this date, the tool will stop functioning and will no longer receive updates.
