VBA/Agent.BE50!tr.dldr is a generic detection for a type of macro downloader trojan that downloads the Locky ransomware onto the compromised computer. Since this is a generic detection, files that are detected as VBA/Agent.BE50!tr.dldr may have varying behavior.
Below are examples of some of these behavior:
- It downloads the Locky ransomware as the following file:
- %Temp%[Random].exe : This file is detected as W32/Kryptik.FUJR!tr .
- It adds the ".lukitus" extension to encrypted files.
- It attempts to connect to the following URLs:
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.