Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: PhasedPhantasy on June 10, 2010, 02:24:25 PM
-
I recently tried to DL and install the latest patches from MS on regular patch Tuesday. Avast popped up with rootkit warning for file trustedinstaller.exe. At the time, I was not aware of this file or it's use and deleted it. That action appears to have borked up my system, with at least one windows service unable to start. After reseaching the file in question, it would seem that it is a legitimate pat of the windows OS. Just curious to know how to go about fixing it.
-
Hi PhasedPhantasy, welcome to the forum :)
Unfortunately you are the second person that has reported this here in the past couple of days...
Generally with a rootkit warning with avast! the default warning is to ignore (allowing for further inverstigation), as deletion can have negative consequences, as you have found out...
The other thread: http://forum.avast.com/index.php?topic=60586.msg511188#msg511188
Older topic, in which the problem appears to have been solved: http://forum.avast.com/index.php?topic=42273
It seems that in that thread, another copy of the trustedinstaller was replaced...so you may have to obtain another version.
(It will have to match the OS and (I imagine) service pack level as well.
Scott
-
Open an elevated cmd prompt and change directory to c:\windows
Look for the most recent copy by excuting the following command : dir trustedinstaller.exe /s /a
Normaly there should be copy in the \windows\servicing folder, but avast deleted that one :(
Now you might have a good change to find a most recent copy under C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller...
At least on my machine there where a couple of copy's including the recent one
So what is this winxs folder??
http://blogs.technet.com/b/askcore/archive/2008/09/17/what-is-the-winsxs-directory-in-windows-2008-and-windows-vista-and-why-is-it-so-large.aspx