Riskware/InstalleRex

description-logoAnalysis


Riskware/InstalleRex is a generic detection for a type of grayware that arrives as an application installation package and might download and install unwanted software.

  • The installation has no notification and cannot be cancelled once it has started.

  • It creates the following files. These files are components of the InstallMate istallation package:
    • undefinedAppDataundefined\InstallMate\{Random GUID}\TsuDll.dll
    • undefinedAppDataundefined\InstallMate\{Random GUID}\_Setup.dll
    • undefinedAppDataundefined\InstallMate\{Random GUID}\_Setupx.dll
    • undefinedAppDataundefined\InstallMate\{Random GUID}\Setup.exe
    • undefinedAppDataundefined\InstallMate\{Random GUID}\Setup.exe

  • It creates the following files:
    • undefinedAppDataundefined\BetterSoft\Agent\Agent.exe
    • undefinedAppDataundefined\BetterSoft\Agent\profile.ini : This is an encrypted configuration file. It contains the software information which is used by Agent.exe to download the update.


recommended-action-logoRecommended Action

FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-02-19 92.01722
2024-02-14 92.01572
2024-01-31 92.01152
2024-01-29 92.01092
2024-01-24 92.00932
2024-01-23 92.00910
2024-01-22 92.00882
2024-01-20 92.00815
2024-01-18 92.00764
2024-01-17 92.00732