Severity scale:  

Remove TrustedInstaller (Removal Guide) - updated Sep 2020

removal by Lucia Danes - - | Type: Malware

TrustedInstaller is original Windows process, but is often abused by malware

TrustedInstaller imageTrustedInstaller is a built-in user account that regulates permissions. However, malware can corrupt, damage, or replace the file.

TrustedInstaller is a legitimate Windows process and is a part of Windows Resource Protection (WRP) technology. It runs under Windows Module Installer service, which is responsible for protecting unauthorized changes being made to .exe, .sys, .dll and other important files. For that reason, users cannot delete or modify certain files, even with Administrator's rights.

Nevertheless, TrustedInstaller, or TrustedInstaller.exe, is often abused by cybercriminals due to its functionality. It can be hijacked, replaced, or corrupted by malware, which can render the computer vulnerable to other severe infections and also compromise its operation by slowing down and crashing installed software. Besides, information tracking by recording keystrokes[1] or taking screenshots is likely as well.

Questions about TrustedInstaller

In other cases, users are facing an issue with the process, as it prevents them from opening regular files, such as pictures or video clips. While it can also be malware's doing, it can be a simple bug. TrustedInstaller permission to modify files may be acquired by gaining ownership of them – we explain how to do that at the bottom of the article. Nevertheless, if you are having any type of problems with the file (like a high CPU usage), it is crucial to make sure it is not affected by a computer virus.

Name TrustedInstaller
Type Malware
Executable TrustedInstaller.exe
Damage potential Medium. Especially dangerous if not detected early
Distribution Infected or hacked websites, malicious attachments, spam emails, etc.
Symptoms High CPU usage, slowdown of the OS operation, crashes
Elimination Use security software like SpyHunter 5Combo Cleaner or Malwarebytes
System fix Malware may sometimes damage Windows system files and the registry database, which can result in stability and other issues. To fix virus damage after malware removal, scan it with Reimage Reimage Cleaner Intego

TrustedInstaller.exe is an inbuilt user account used for all versions of Windows (starting from Windows Vista). Users would not even notice its presence most of the time. However, if malware replaced the mentioned file, it can cause problems. Nevertheless, you might see the following message if you try to edit/delete/install/uninstall specific files or folders on your OS:

You Require Permission from TrustedInstaller

This happens because the built-in user account is in control of all your files and will overwrite your decisions. The primary goal of TrustedInstaller is to control user's ability to interact with the newest Windows updates, system files, and other essential programs. While it might be annoying sometimes, it is a useful feature for people without much computer knowledge, as it will prevent them from damaging system files.

TrustedInstaller virusTrustedInstaller virus is type of malware that uses legitimate Windows process in order to alter the computer operation and perform malicious deeds

The easiest way to identify if the running process is malicious program is by checking the CPU usage. If TrustedInstaller is using high amounts of your computer resources, it indicates that your system might be at risk. In spite of that, you might notice that your computer is significantly slower, it takes more time for programs to load or they continuously crash. Additionally, you should also check the location of TrustedInstaller, which should be located in C:\Windows\servicing\TrustedInstaller.exe.

Moreover, this dangerous TrustedInstaller malware can collect personally identifiable information, including:

  • names;
  • email addresses;
  • home addresses;
  • credentials[2].

Usually, it happens when the inexperienced computer user submits logins and passwords in the fake pop-up window. Additionally, be aware that TrustedInstaller virus might be able to let inside other dangerous cyber threats via backdoors. Likewise, to fix your computer, you will need to get rid of all of them. This procedure requires specific IT skills, and it might be challenging for a regular user.

Therefore, we suggest you remove TrustedInstaller virus right away if you do not want to suffer from financial losses. You can do that with the help of the instructions below. Be aware that the service is an important part of Windows if you delete or corrupt the original file you might damage the OS and the only way to repair it would be to reinstall it, resulting in personal data loss.

While you can start by checking CPU usage or the location of the file, the best way to make sure you perform Trustedinstaller removal on malware and not on legitimate file, you should install powerful anti-malware software and scan your system. The best environment for that would be Safe Mode[3] – the best place perform troubleshooting in.

After you terminate TrustedInstaller.exe virus, you should also scan your device with Reimage Reimage Cleaner Intego – it will fix Windows registry,[4] services, and other parts that were affected by malware.

TrustedInstallerOne of the problems users face is when Trusterinstaller prevents them from altering files

Malware spreads via infected messages or hacker-controlled sites

According to[5] experts, a vast of malicious programs enter the computer systems via spam emails which contain the malware. They can disguise as the invoices or receipts from popular companies or even governmental authorities. Therefore, many gullible people are tricked to install the virus manually.

It might happen when you open the attachment in the spam email. Note that letter usually urges to open the added files for further information. Unfortunately, but the attachment downloads the malware once the person clicks on it. Likewise, you should never open emails which raise any suspicions.

Also, you can unconsciously download the malicious program from hacker-controlled sites. Typically, the user is redirected to such page by clicking on the malware-laden ad[6]. Since they are designed to look legitimate, it is hard to determine the origins. Therefore, it is one of the most popular ways to infiltrate malware.

We suggest you protect your system by avoiding any illegal downloads, advertising content and suspicious email letters. If you closely monitor your online activity and use a professional antivirus tool, you should be able to prevent malware from entering your system.

Take ownership of files controlled by TrustedInstaller

Warning: please be aware that TrustedInstaller account is there for a reason, and it prevents users and malicious actors from damaging important files that might corrupt the operation of Windows OS. Therefore, before you perform the following actions, make sure you do know what you are doing, as modifying system data might permanently corrupt it.

To gain Trustedinstaller permission, perform the following steps:

  • Right-click on the folder you want to gain permission to and select Properties
  • Select Security tab and click on Advanced TrustedInstaller go to PropertiesGo to Properties and select Advanced at the bottom of the window
  • In Advanced Security Settings, click Change next to the Owner
  • Under Enter the object name to select, type in your username or Administrators and click on Check Names – Windows will fill in the name automatically
  • Click OK TrustedInstaller - select user groupIn Advanced Security Settings window, you will see that the ownership belongs to Trustedinstaller - press Change to alter it
  • Tick the Replace owner on subcontainers and objects box, and then click OK
  • In the Properties window, select Edit
  • Click on Administrators or Users (depending which option you chose previously)
  • At the bottom of the window, make sure you tick Full control under Allow TrustedInstaller - give full control to admin groupBy giving full control to administrator group, you will be able to alter the file(s) in question
  • Click Apply and then OK

After these actions, you should be able to overwrite Trustedinstaller's permission and be able to modify files under its control.

Remove TrustedInstaller virus automatically

We would like to warn you not to try to remove TrustedInstaller virus without any assistance. This malicious program is dangerous and might damage your computer permanently. However, you can use a powerful anti-malware software to eliminate the virus for you.

Download SpyHunter 5Combo Cleaner or Malwarebytes and run a full system scan. The security program will identify the malware together with other potentially dangerous computer threats and remove them. Note that this is the safest option you can choose to protect your system.

However, TrustedInstaller removal might require rebooting your computer into Safe Mode. If you are not aware of how to do that, make sure to check the instructions below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove TrustedInstaller, follow these steps:

Remove TrustedInstaller using Safe Mode with Networking

Firstly, you need to deactivate the malware since it might not allow you to install the security software. For that, reboot you computer to Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove TrustedInstaller

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete TrustedInstaller removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove TrustedInstaller using System Restore

If you are still unable to get the antivirus tool, try the System Restore method:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of TrustedInstaller. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that TrustedInstaller removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from TrustedInstaller and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

Removal guides in other languages

Your opinion regarding TrustedInstaller