Author Topic: Avast 5.0 free MS update mislabel  (Read 3705 times)

0 Members and 1 Guest are viewing this topic.

PhasedPhantasy

  • Guest
Avast 5.0 free MS update mislabel
« on: June 10, 2010, 02:24:25 PM »
I recently tried to DL and install the latest patches from MS on regular patch Tuesday. Avast popped up with rootkit warning for file trustedinstaller.exe. At the time, I was not aware of this file or it's use and deleted it. That action appears to have borked up my system, with at least one windows service unable to start. After reseaching the file in question, it would seem that it is a legitimate pat of the windows OS. Just curious to know how to go about fixing it.

spg SCOTT

  • Guest
Re: Avast 5.0 free MS update mislabel
« Reply #1 on: June 10, 2010, 02:36:15 PM »
Hi PhasedPhantasy, welcome to the forum :)

Unfortunately you are the second person that has reported this here in the past couple of days...

Generally with a rootkit warning with avast! the default warning is to ignore (allowing for further inverstigation), as deletion can have negative consequences, as you have found out...

The other thread: http://forum.avast.com/index.php?topic=60586.msg511188#msg511188

Older topic, in which the problem appears to have been solved: http://forum.avast.com/index.php?topic=42273

It seems that in that thread, another copy of the trustedinstaller was replaced...so you may have to obtain another version.
(It will have to match the OS and (I imagine) service pack level as well.

Scott

De Hollander

  • Guest
Re: Avast 5.0 free MS update mislabel
« Reply #2 on: June 10, 2010, 04:30:04 PM »
Open an elevated cmd prompt and change directory to c:\windows
Look for the most recent copy by excuting the following command :  dir trustedinstaller.exe /s /a
Normaly there should be copy in the \windows\servicing folder, but avast deleted that one  :(

Now you might have a good change to find a most recent copy under C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller...

At least on my machine there where a couple of copy's including the recent one

So what is this winxs folder??
http://blogs.technet.com/b/askcore/archive/2008/09/17/what-is-the-winsxs-directory-in-windows-2008-and-windows-vista-and-why-is-it-so-large.aspx