[INFO]
AnalystName=Cristi Dobos	
AnalystEMailID=dobosc@comodo.com
Team=Romania
Date=23-Feb-2010
Type=ApplicUnsaf
Platform=Win32
SubType=AdWare
Family=FakeInstaller
Variant=

[OVERVIEW]
FakeInstaller poses as the installation file for a legitimate program in order to get users to execute it.
It's main purpose is to get users to visit certain websites to generate ad revenue.

[TECHNICAL_DESCRIPTION]
Fakeinstaller is subject to the following behavior:
Upon execution it displays an installer like window, prompting the user to accept terms and conditions.
This window also allows for a prechecked option to place shortcuts to various websites and reset the homepage.
It creates shortcuts to these pages on the desktop, in the startmenu and adds them to Internet Explorer favourites. It also resets IE homepage.
The user is then forced to visit these pages, which also act as the default search provider.
After completing this task, it will either:
-download the actual free/shareware/demo setup file.
-download a random file from the product website, even the actual web page, and rename it as an .exe.
-download a fake setup file that requires the user to visit yet more websites to get a product key.

[SYMPTOMS]
The presence of the above mentioned shortcuts in the startmenu, desktop and IE favourites.
Hijack of the default search provider in browsers.

[DISINFECTION]
Manually delete shortcuts and install and scan with Comodo Anti Virus.