Severity scale:  
  (46/100)

Remove TrustedInstaller (Removal Guide) - updated Jul 2019

removal by Lucia Danes - - | Type: Malware

TrustedInstaller is original Windows process, but is often abused by malware

TrustedInstaller image
TrustedInstaller is a built-in user account that regulates permissions. However, malware can corrupt, damage, or replace the file.

TrustedInstaller is a legitimate Windows process and is a part of Windows Resource Protection (WRP) technology. It runs under Windows Module Installer service, which is responsible for protecting unauthorized changes being made to .exe, .sys, .dll and other important files. For that reason, users cannot delete or modify certain files, even with Administrator's rights.

Nevertheless, TrustedInstaller, or TrustedInstaller.exe, is often abused by cybercriminals due to its functionality. It can be hijacked, replaced, or corrupted by malware, which can render the computer vulnerable to other severe infections and also compromise its operation by slowing down and crashing installed software. Besides, information tracking by recording keystrokes[1] or taking screenshots is likely as well.

In other cases, users are facing an issue with the process, as it prevents them from opening regular files, such as pictures or video clips. While it can also be malware's doing, it can be a simple bug. TrustedInstaller permission to modify files may be acquired by gaining ownership of them – we explain how to do that at the bottom of the article. Nevertheless, if you are having any type of problems with the file (like a high CPU usage), it is crucial to make sure it is not affected by a computer virus.

Summary
Name TrustedInstaller
Type Malware
Executable TrustedInstaller.exe
Damage potential Medium. Especially dangerous if not detected early
Distribution Infected or hacked websites, malicious attachments, spam emails, etc.
Symptoms High CPU usage, slowdown of the OS operation, crashes
Elimination Use security software like Reimage or SpyHunterCombo Cleaner

TrustedInstaller.exe is an inbuilt user account used for all versions of Windows (starting from Windows Vista). Users would not even notice its presence most of the time. However, if malware replaced the mentioned file, it can cause problems. Nevertheless, you might see the following message if you try to edit/delete/install/uninstall specific files or folders on your OS:

You Require Permission from TrustedInstaller

This happens because the built-in user account is in control of all your files and will overwrite your decisions. The primary goal of TrustedInstaller is to control user's ability to interact with the newest Windows updates, system files, and other essential programs. While it might be annoying sometimes, it is a useful feature for people without much computer knowledge, as it will prevent them from damaging system files.

TrustedInstaller virus
TrustedInstaller virus is type of malware that uses legitimate Windows process in order to alter the computer operation and perform malicious deeds

The easiest way to identify if the running process is malicious program is by checking the CPU usage. If TrustedInstaller is using high amounts of your computer resources, it indicates that your system might be at risk. In spite of that, you might notice that your computer is significantly slower, it takes more time for programs to load or they continuously crash. Additionally, you should also check the location of TrustedInstaller, which should be located in C:\Windows\servicing\TrustedInstaller.exe.

Moreover, this dangerous TrustedInstaller malware can collect personally identifiable information, including:

  • names;
  • email addresses;
  • home addresses;
  • credentials[2].

Usually, it happens when the inexperienced computer user submits logins and passwords in the fake pop-up window. Additionally, be aware that TrustedInstaller virus might be able to let inside other dangerous cyber threats via backdoors. Likewise, to fix your computer, you will need to get rid of all of them. This procedure requires specific IT skills, and it might be challenging for a regular user.

Therefore, we suggest you remove TrustedInstaller virus right away if you do not want to suffer from financial losses. You can do that with the help of the instructions below. Be aware that the service is an important part of Windows if you delete or corrupt the original file you might damage the OS and the only way to repair it would be to reinstall it, resulting in personal data loss.

While you can start by checking CPU usage or the location of the file, the best way to make sure you perform Trustedinstaller removal on malware and not on legitimate file, you should install powerful anti-malware software and scan your system. The best environment for that would be Safe Mode[3] – the best place perform troubleshooting in.

After you terminate TrustedInstaller.exe virus, you should also scan your device with Reimage – it will fix Windows registry,[4] services, and other parts that were affected by malware.

TrustedInstaller
One of the problems users face is when Trusterinstaller prevents them from altering files

Malware spreads via infected messages or hacker-controlled sites

According to DieViren.de[5] experts, a vast of malicious programs enter the computer systems via spam emails which contain the malware. They can disguise as the invoices or receipts from popular companies or even governmental authorities. Therefore, many gullible people are tricked to install the virus manually.

It might happen when you open the attachment in the spam email. Note that letter usually urges to open the added files for further information. Unfortunately, but the attachment downloads the malware once the person clicks on it. Likewise, you should never open emails which raise any suspicions.

Also, you can unconsciously download the malicious program from hacker-controlled sites. Typically, the user is redirected to such page by clicking on the malware-laden ad[6]. Since they are designed to look legitimate, it is hard to determine the origins. Therefore, it is one of the most popular ways to infiltrate malware.

We suggest you protect your system by avoiding any illegal downloads, advertising content and suspicious email letters. If you closely monitor your online activity and use a professional antivirus tool, you should be able to prevent malware from entering your system.

Take ownership of files controlled by TrustedInstaller

Warning: please be aware that TrustedInstaller account is there for a reason, and it prevents users and malicious actors from damaging important files that might corrupt the operation of Windows OS. Therefore, before you perform the following actions, make sure you do know what you are doing, as modifying system data might permanently corrupt it.

To gain Trustedinstaller permission, perform the following steps:

  • Right-click on the folder you want to gain permission to and select Properties
  • Select Security tab and click on Advanced TrustedInstaller go to Properties
    Go to Properties and select Advanced at the bottom of the window
  • In Advanced Security Settings, click Change next to the Owner
  • Under Enter the object name to select, type in your username or Administrators and click on Check Names – Windows will fill in the name automatically
  • Click OK TrustedInstaller - select user group
    In Advanced Security Settings window, you will see that the ownership belongs to Trustedinstaller - press Change to alter it
  • Tick the Replace owner on subcontainers and objects box, and then click OK
  • In the Properties window, select Edit
  • Click on Administrators or Users (depending which option you chose previously)
  • At the bottom of the window, make sure you tick Full control under Allow TrustedInstaller - give full control to admin group
    By giving full control to administrator group, you will be able to alter the file(s) in question
  • Click Apply and then OK

After these actions, you should be able to overwrite Trustedinstaller's permission and be able to modify files under its control.

Remove TrustedInstaller virus automatically

We would like to warn you not to try to remove TrustedInstaller virus without any assistance. This malicious program is dangerous and might damage your computer permanently. However, you can use a powerful anti-malware software to eliminate the virus for you.

Download Reimage, SpyHunterCombo Cleaner, or Malwarebytes Malwarebytes and run a full system scan. The security program will identify the malware together with other potentially dangerous computer threats and remove them. Note that this is the safest option you can choose to protect your system.

However, TrustedInstaller removal might require rebooting your computer into Safe Mode. If you are not aware of how to do that, make sure to check the instructions below.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove TrustedInstaller, follow these steps:

Remove TrustedInstaller using Safe Mode with Networking

Firstly, you need to deactivate the malware since it might not allow you to install the security software. For that, reboot you computer to Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove TrustedInstaller

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete TrustedInstaller removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove TrustedInstaller using System Restore

If you are still unable to get the antivirus tool, try the System Restore method:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of TrustedInstaller. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that TrustedInstaller removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from TrustedInstaller and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunterCombo Cleaner or Malwarebytes Malwarebytes

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References

Removal guides in other languages


Your opinion regarding TrustedInstaller