Threat Encyclopedia

Riskware/InstallMate

Analysis


Riskware/InstallMate is a generic detection for a type of grayware that arrives as an application installation package and might download and install unwanted software.
Below are typical actions done by this type of application:

  • It attempts to download and install other potentially unwanted software.
  • Web browser toolbars may also be installed by default.
  • There may be no 'Cancel' or 'Exit' button on the installation interface.
  • It may create the following files:
    • undefinedTEMPundefined\tsu{random}.dll
    • undefinedAppDataundefined\InstallMate\{Random}\cfg\1.ini


Recommended Action

FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.