TrustedInstaller - How to remove

TrustedInstaller is very important to the Windows OS. It helps with updates and it stops you from deleting or corrupting important system files. However, sometimes, it denies you access to your files and causes various applications to malfunction. Other times, it is impersonated or hijacked by malware and used to take control of your system.

TrustedInstaller is an important component of Windows:

Basic information	TrustedInstaller is a user account that owns system files to protect them from being accidentally deleted, it is a process that helps install OS updates.
Problems caused by TrustedInstaller	Software bugs may cause user files to become restricted and some software to malfunction, people who want to delete some system files cannot do it.
Symptoms of malware disguised as TrustedInstaller	Fake TrustedInstaller can slow down the computer for seemingly no reason, pop-ups appear asking intrusive permissions, programs randomly close and open.
Solutions	Take ownership over TrustedInstaller to delete important files, delete malware using anti-malware programs (SpyHunter), ignore fake warnings and system pop-ups on malicious sites online.

TrustedInstaller is an important part of Windows

It helps with Windows Update

TrustedInstaller is found in C:Windows/servicing.

TrustedInstaller.exe is a Windows process built into various operating systems, including Windows 10, 8, 7, and Vista. TrustedInstaller is mostly used by the Windows Module Installer service – it’s involved in updating your Windows. It is normal for it to use a lot of system resources when updates are being installed.

You might encounter TrustedInstaller when trying to uninstall or delete certain files on your PC, like the Windows.old folder (that one can be deleted with Disk Cleanup/Storage Sense) and various first-party apps. TrustedInstaller is the owner of some system files and doesn’t allow you to change or remove them, even when you’re the administrator of your PC. This can be frustrating, but it is done to stop users from accidentally deleting important files and breaking their operating system.

It protects system files

If you encounter unexpected errors and pop-ups from TrustedInstaller – for example, this process is preventing you from accessing and deleting your normal files and programs – then either TrustedInstaller was corrupted/broken, or its name is being used by malware.

It is a bad idea to take ownership of certain folders, like System32, away from TrustedInstaller and to Administrator (or worse – a regular PC user). If you do, the system might become unstable and more vulnerable to malicious attacks.

However, if user files were somehow assigned to TrustedInstaller, that is probably a bug that might be solved by retaking ownership of those files.

If TrustedInstaller is broken or bugged, it can be fixed with a Windows repair tool, such as System File Checker or system restore. It is very important to your computer functioning correctly, so if something is wrong with it, don’t delay in fixing the issue.

How to get permission to change the files owned by TrustedInstaller

This is not advised to do unless user files are being restricted by TrustedInstaller. Be careful and make a backup of your system so that you do not lose any data if something goes wrong.

If you want to delete some files and TrustedInstaller is stopping you, you might need to set yourself as the owner of the file. This will allow you to change file permissions. Permissions manage what different users can do with a file: create it, read it, run it, and edit it.

If you don’t have permission to delete the file or folder, TrustedInstaller will stop you with a pop-up:

 

Right-click on the file (or folder) and choose properties (or press Alt+Enter) and open the security tab to see user names and their permissions:

Then press the Advanced button. In the Advanced Security Settings pop-up, Open the Owner tab and press Edit to change owners, then change the owner to yourself:

 

Back to Advanced Security Settings, open the Permissions tab (it should be the first one) and press the Change Permissions button. Then choose your account and press the Edit button.

You should get a pop-up warning about security problems. It’s right, getting user access to important files is not secure because programs, including malicious ones, use these permissions. Getting access to files that only TrustedInstaller has access to could cause a lot of trouble. So, if you’re changing file ownership and permissions, change only the files that you’re sure are not important to the OS.

Next, the Permission Entry pop-up should open with all the permissions. As the owner of the file, you can change them how you like:

 

Finally, in the Properties pop-up of the file, you can have all the permissions. If the file or folder is important, just give the permissions back if you can. Just like we should avoid using administrator accounts for mundane tasks, we should give up ownership of important files to avoid accidents.

Malware could impersonate system processes

Types of malware that could abuse TrustedInstaller

If there’s malware on your computer that calls itself “TrustedInstaller”, an anti-malware tool might be needed to remove it. Or, TrustedInstaller might have been hijacked by a malicious program and used to mess with your operating system. Malware hijacking the TrustedInstaller account, which is more powerful than the administrator in some ways, is a very serious problem.

The TrustedInstaller name might be also used by tech support scams. Scammers know that if you Google the name of that process, you’ll get results saying that it should be trusted.

Scams show made-up errors, fake Windows Defender pop-ups, and then ask you to call a fake tech support center. Scams appear on malicious websites that you reach by clicking on ads and links and that adware viruses show you. Malware gets downloaded to your computer automatically from malicious websites, installed with pirated or fake programs, or downloaded by trojans that are already on your system.

Symptoms of TrustedInstaller being infected or hijacked by malware

So, is your computer infected? Symptoms that indicate malware present on your system could include:

• Being unable to delete and/or create user files and programs, possibly told by a pop-up warning that they’re owned by TrustedInstaller.
• A lot of system resources being used by TrustedInstaller despite no updates being installed at the time.
• Random pop-ups asking you to give permissions to unknown programs.
• Fake system pop-ups – ones that don’t use the right colors, have a slightly different font, maybe have links to third-party websites.
• Programs and files being closed on their own.
• Sending and receiving unexpected email and social media messages, often with links to third-party websites.

If you believe that you have malware pretending to be TrustedInstaller, it’s important to remove it. But only the malicious program – leave the original TrustedInstaller intact (it should be located in C:Windows/servicing), as it’s a very important component of your OS.

How to remove malware pretending to be TrustedInstaller

If there is a suspicious process called TrustedInstaller (you can see processes in Task Manager), right-click it and open its location to find the file. You can open Task Manager by pressing the Ctrl, Shift, and Esc buttons at once. You can also bring it up by clicking the Taskbar and choosing Task Manager in the menu.

To find malicious processes, it is usually recommended to scan your computer with an anti-malware program like SpyHunter. It might be important to first start your computer in Safe Mode. Check this article for more details on killing malicious processes.

Automatic Malware removal tools