Hi,
Just happened to be doing an update, got the Avast message about trusted installer.
It's still doing the update, I ran the checkinst program & got:
Signature of "C:\Windows\Servicing\TrustedInstaller.exe" NOT verified [800B0100]
Is that good or bad?
File was allowed to be submitted.
Regards,
Paul.
Well the short answer is good news - it isn't bad. If you want to be absolutely sure, use the free online virus checkers to check that one file (see elsewhere on this site for a list of the ones you might try.)
If you want to understand why avast! will report it and CONTINUE to report it, here is the long answer...
Basically, all worthwhile antivirus programs have files full of known viruses which you update regularly. This allows them to quickly and easily identify the presence or otherwise of any of those viruses somewhere in your system and, because they are known, avast! can recommend specific action and usually offer a means of cleaning files. Otherwise it offers you the chance simply to delete them or, if you need to be able to study the problem and maybe check whether the problem is real or not, they offer the chance to isolate the file into the chest which means no program can access the file.
IF you get a file which is reported by the method explained, i.e. avast! is identifying that there is a virus on the basis of the up-to-date virus definitions, and you then check that file (using free online AV checkers a list of which you can find suggested elsewhere in these forums) and discover that ONLY avast! is reporting it, you use the report system to send it to the avast! team and they make sure that (a) it is NOT a virus and (b) they adjust their later virus definition files to ensure that it isn't reported again (another reason for keeping your definitions regularly updated).
That would be termed A FALSE POSITIVE. That means that a virus is being reported based on an up-to-date virus definitions file when in fact there is no virus.
The difference with the TrustedInstaller.exe file (apart from the fact that it just SCREAMS of being the type of name a Virus creator would choose
) is that it is not being identified and reported based on the virus definitions file. It has to do with your own settings of avast! and I strongly recommend you NOT to change them now that you, hopefully, understand them. Your avast! settings are enabling what is called
heuristic analysis. This is a GOOD thing and is NOT available in every antivirus program. So what is it and why should you allow avast! to use it? Well, the answer lies in the way in which those virus definition files get updated by avast! so that you can update them on your system. Imagine a brand new virus - one that is not simply a rehashed existing known-about virus which is already in the definitions files of all the major antivirus programs including avast! So it infects some systems. People have problems and the clever guys at the various antivirus program centres work out what it is, how to identify it and immediately every AV program company updates their virus definitions to include it. You update your files and, assuming your system hasn't yet been infected (which it shouldn't have if you didn't disable heuristice analysis), you can't get that virus because avast! with updated definitions will find it before it can do damage.
However, imagine the worst case scenario - a file containing that brand new not-yet-in-the-definitions virus arrives on your system. If you don't have heuristic analysis enabled, avast! will almost certainly not identify it as being harmful (although it is possible that it will, the important thing is that you shouldn't rely on it). So your system gets infected. This is bad. And because it is a new virus, the clever teams may not have come up yet with a simple way to clean your system. Not just bad - nasty! BUT if you had heuristic analysis enabled, avast! would say "Hey! This file contains something which, while not being listed in my definitions, has all the attributes of malware - even a virus - so I had better let my owner know that there MAY be a problem so that he has the choice to (a) make sure my definitions are up to date and (b) check this file out using something else or (c) go and read if someone else on the forums has had the same problem."
The problem is that heuristic analysis MUST identify a small number of system files which don't include any malware but they do things which look like what a new virus might do. The most likely candidates are always going to be files which install system things and change system files in order to do it and there are a bunch of these in Windows systems for the obvious reason that Microsoft try to make Windows systems idiot-proof yet able to be used by idiots like you and me
Some of these, avast! developers can stop avast! identifying within the heuristic part of the engine but sometimes, to do so, they would effectively be disabling the heuristic analysis system to be pointless. Hence TrustedInstaller.exe shows up as potentially having a problem thereby allowing you to do what you have done and maybe to check it out with other AV systems before you proceed.
If you read this far, thanks for your patience - I figured that if you wanted to understand it, it would be worth setting it out in non-technical detail. Hope that explains it so that you understand your avast! and its settings a bit better.
If any avast! experts want to add anything correcting any mistakes I may have made, please please add them below! Thanks!
