Riskware/InstalleRex

description-logoAnalysis


Riskware/InstalleRex is a generic detection for a type of grayware that arrives as an application installation package and might download and install unwanted software.

  • The installation has no notification and cannot be cancelled once it has started.

  • It creates the following files. These files are components of the InstallMate istallation package:
    • undefinedAppDataundefined\InstallMate\{Random GUID}\TsuDll.dll
    • undefinedAppDataundefined\InstallMate\{Random GUID}\_Setup.dll
    • undefinedAppDataundefined\InstallMate\{Random GUID}\_Setupx.dll
    • undefinedAppDataundefined\InstallMate\{Random GUID}\Setup.exe
    • undefinedAppDataundefined\InstallMate\{Random GUID}\Setup.exe

  • It creates the following files:
    • undefinedAppDataundefined\BetterSoft\Agent\Agent.exe
    • undefinedAppDataundefined\BetterSoft\Agent\profile.ini : This is an encrypted configuration file. It contains the software information which is used by Agent.exe to download the update.


recommended-action-logoRecommended Action

FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-18 92.02567
2024-03-18 92.02561
2024-03-17 92.02523
2024-03-14 92.02447
2024-03-14 92.02446
2024-03-14 92.02433
2024-03-13 92.02417
2024-03-13 92.02414
2024-03-13 92.02396
2024-03-12 92.02365