Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Avast Found Rootkit - TrustedInstaller.exe


27 May 2010   #1

Win7
 
 
Avast Found Rootkit - TrustedInstaller.exe

I have a 2 day old install has had limited Internet contact to only install updates and AV/Firewall/Malware software. Avast prompted me with a Rootkit Found message pointing to C:\Windows\servicing\TrustedInstaller.exe. I ran Avast and Emsisoft Anti-Malware on the file in that location showing it is clean. My guess is that this is a false positive. Is anyone else aware of this notification? My work PC with Win 7 has this file as well, but I am running MSE on that machine.

Thanks!

My System SpecsSystem Spec
.

27 May 2010   #2

Windows 8.1 Pro (x64)
 
 

There is suppose to be said file on Windows. Maybe take a copy of the file and send it up to VirusTotal.com and have it checked.
My System SpecsSystem Spec
27 May 2010   #3

Win7
 
 

Thanks for the link! I got the following results:

File has already been analysed:


MD5: 840f7fb849f5887a49ba18c13b2da920 First received: 2009.08.26 17:49:21 UTC Date: 2010.05.27 20:16:22 UTC [<1D] Results: 0/41
I assume that this means that 0 out of the 41 AV engines found this to be a dangerous file? Not sure if it was also able to use the MD5 to compare with MS.

Thanks,
My System SpecsSystem Spec
.


27 May 2010   #4

Windows 8.1 Pro (x64)
 
 

0/41 means 0 of the 41 AVs flagged this file as dangerous....meaning it is safe.
My System SpecsSystem Spec
24 Jun 2010   #5

Windows 7 Ultimate
 
 

Tell Avast to ignore that warning, or you won't be able to install any updates at all.

Avast seems to consider the TrustedInstaller (which is actually a hidden user account installed by windows update the first time you use it) as a rootkit since it tempers with critical system components and change the behavior of your windows OS. We can't assume it as a false positive, in fact the TrustedInstaller IS a rootkit, but not in the sense of a malicious one. It should be ignored and placed in the list of trusted software in most anti-virus software.

One of the drawbacks of that kind of detection, you never know if it is the real TrustedInstaller or a malicious one. If you receive the message only when you try to install software and especially updates, it should be safe to ignore the message. Otherwise, make sure that the message is not related to some malicious software that would make itself look as if it was the real TrustedInstaller. You should pay more attention especially when installing third party software that no one knows about, that could temper with critical system files. It could potentially hide malicious software that could compromise your Windows 7 installation.
My System SpecsSystem Spec
24 Jun 2010   #6

Windows 7 Ultimate 32 bit
 
 

Good post, Warhammer.
My System SpecsSystem Spec
24 Jun 2010   #7

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by CarlTR6 View Post
Good post, Warhammer.
Agreed!
My System SpecsSystem Spec
13 Aug 2010   #8

Windows 7 Home Premium 64-bit
 
 

I deleted mine... could someone please upload a copy of trustedinstaller.exe for Windows 7 Home Premium 64-bit?
My System SpecsSystem Spec
13 Aug 2010   #9

Windows 7 Ultimate x64 SP1
 
 

Why did you delete it? It's an important system component.

Run sfc/scannow with an elevated cmd prompt.
My System SpecsSystem Spec
13 Aug 2010   #10

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by RockStar21 View Post
I deleted mine... could someone please upload a copy of trustedinstaller.exe for Windows 7 Home Premium 64-bit?
Welcome to the forum, RockStar. A word of advice - don't mess with Windows system files.
My System SpecsSystem Spec
Reply

 Avast Found Rootkit - TrustedInstaller.exe




Thread Tools



Similar help and support threads for2: Avast Found Rootkit - TrustedInstaller.exe
Thread Forum
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough System Security
Solved avast: winsxs rootkit detected. help? System Security
Avast: Windows XP Accounts for Nearly 75 Percent of Rootkit Infections Security News
Rootkit found -- avast! 5 System Security
Rootkit Found System Security
Avast has found "Win32:Tibs-AFH [Trj]" - any advice? System Security
Avast just found this "Win32:Adloader-AC [Trj]" System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:04 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33