Jump to content


Photo

TrustedInstaller.exe

what exactly is it

  • This topic is locked This topic is locked
9 replies to this topic

#1 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 19 February 2012 - 04:18 AM

well its running on my computer and i was curious why its been running for i dont nkow how long now iv noticed it for last bout 12 minutes since i started the malwarebytes full scan but im just curious why its running

i know it runs when i install windows updates

and mse updates but i just cant figure out why it was running when i was running ascan with mbam or what it was doing exactly any idea?? its listed in the event viewer as the windows update modual service started but gives no reason as to the cause or reason it even started


EDIT: just a slight edit it just stopped running so i checked the event viewer again and their acouple more listings to do with it it says

The start type of the Windows Modules Installer service was changed from demand start to auto start.

the next entry says

The start type of the Windows Modules Installer service was changed from auto start to demand start.


this just normal stuff

again i apologize for bugging but im still not used to windows 7 and unless i ask i wont know


and i checked the windows update centre it wasnt looking for windows updates


and i checked the file location of trustedinstaller.exe by right clicking on it in the task manager and clicking open file location it took me too computer > (C:) > windows > servicing



and i updated MSE after the process stopped and when trustedinstaller.exe came up again i did the same thing and was taken to the exactly same file location so im assuming im probly just being paranoid oh i was playing world of warcraft before i noticed this thing running



i also noticed under the security section of event viewer at the same time as this trustedinstaller.exe was running that their is a security logon or something set not sure what it means but here sthe info


An account was successfully logged on.

Subject:
Security ID: SYSTEM
Account Name: JAY-PCL$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2a4
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.


and at the same time this one


Special privileges assigned to new logon.

Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege

#2 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 19 February 2012 - 04:37 AM

http://www.google.co...KHrYg8XcFG8VXlQ
Read this link from Windows 7 Forum - It is required,do not remove it -
TrustedInstaller.exe -it is process of Windows Modules Installer service
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#3 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 19 February 2012 - 04:48 AM

thank u fo your answer and ikow what the .exe is suposed to do but im curious why it was running mind now that its a half hour later i did notice another process running called sppsvc.exe could that be what it was prepping for?

#4 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 19 February 2012 - 04:51 AM

The sppsvc.exe is a Microsoft Software Protection Platform Service.

This file is part of Microsoft® Windows® Operating System. Sppsvc.exe is developed by Microsoft Corporation.
It’s a system and hidden file.
Sppsvc.exe is usually located in the %SYSTEM% folder and its usual size is 2,996,736 bytes.

EDIT -
Read the thread at Windows7 Forum for details on TrustedInstaller.exe
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#5 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 19 February 2012 - 04:53 AM

so its all just normal everyday computer stuff thats running and im just being paranoid

thank you for your help and answering my questions the reason i brought this up is because i had opened an email( in the webbrowser) in hotmail that had to do with a game i play it turned out to be a phish and i know it couldnt download anything to my computer because i do run noscript and what not and i didnt get a pop up asking me to download anything nor was their an attachment to the email BUT as i said i then noticed the trustedinstaller running so i was just curious anyway thank you

#6 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 19 February 2012 - 04:22 PM

You are welcome, and I am glad if I helped. :)
Can you please try to put some punctuation in these posts in the future -

thank you for your help and answering my questions the reason i brought this up is because i had opened an email( in the webbrowser) in hotmail that had to do with a game i play it turned out to be a phish and i know it couldnt download anything to my computer because i do run noscript and what not and i didnt get a pop up asking me to download anything nor was their an attachment to the email BUT as i said i then noticed the trustedinstaller running so i was just curious anyway thank you

You may note that there is not 1 capital letter at the start of a sentence, or a break in the whole paragraph -
This makes it a bit hard to understand at times. At least put a dash (-) and a break between items / sentences.

Please note, that I am not being Personally critical of your style, just trying to make your items easier to understand -

I have been picked up enough times for this, and I am just passing on what was said to me at those times -
My items / responses, are nowhere near perfect and I only wanted to tell you why I wrote this extra at the end -

Thank You -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#7 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 19 February 2012 - 08:51 PM

i dont take it personally at all. I do try at times but i have a few problems that make it a bit difficult. i also was posting this on my cell phone and it doesnt make it easy at times.

I have been trying to put spaces between points of information though.

Iam also aware of how unpleasent a wall of text can be and apologize.

I shall try in the future from now on to use proper grammer and spelling (even though my spelling isnt the greatest)
as well as punctuation.

At some point i'll get around to explaining some of my issues in detail most likely in the honory members section)



anyway i hope this was easier on the eyes.


/fivealive

#8 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 19 February 2012 - 11:09 PM

Please note, that I am not being Personally critical of your style

Thanks for not thinking I was being personal and I do know the problems of using a Cell to post from.
I did it a few times and my poor fingers were worked off by the time I finished.

This is why I added >> "I have been picked up enough times for this," << mainly for posts to my malware schooling -

Regards -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#9 fivealive

fivealive

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 960 posts
  • Gender:Male
  • Location:canada

Posted 20 February 2012 - 12:05 AM

its all good. and one should always look for way to improve, if someones going to give advice towards thats then take it.

#10 alphakraker

alphakraker

    New Member

  • Unused Accounts
  • Pip
  • 1 posts

Posted 10 October 2013 - 02:43 PM

Laughing at myself now.  I just noticed my system bogging down and saw the same process running.  Killed it immediately....who the hell names a process "TrustedInstaller"???  It just sounds like John Gacy in a clown suit...."don't mind me,  I'm just a clown process...nothing going on here" Cheers all :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users