TrustedInstaller.exe virus

Tags: IIS, Amazon EC2, Windows Server 2008, Windows Update

Recently I had some trouble with my EC2 Windows 2008 micro instance. The server resources seemed to be so scarce that my websites were latent, or not responding at all.

After some examination of the task manager, I saw that there was a process that was taking upwards of 90% of the CPU at all times, not to mention 120mb+ of ram. On a virtual system with only 600mb of ram, this is a pretty big deal.

Google turned up many results of people complaining about this process in Windows 7 as well as Windows Server 2008.

I found the following forum thread that was discussing the issue, and found a solid remedy towards the end of the thread:

TrustedInstaller.exe is used by the windows service called "Windows Module Installer" Says it has something to do with updating windows, so uninstalling or disabling it could cause some updates to fail. I wouldn't remove or delete the file itself. Simply set the service to start manualy. 

1. Start Menu ->Run
2. type msconfig and select Services section.
3. delect the box next to Windows Module Installer
this will keep it from starting up when loading windows
Now to set it to manual start

1. Right click taskbar and select properties
2. Select Start Menu tab and choose Customise..." button
3. In the list, check "Display administrative tools" and click apply and click ok
4. Now go to Start Menu -> Program Files -> Administrative tools -> Services
5. Look in the list for the service "Windows Module Installer"
6. Double click and look for the dropdown menu, this will be on the "General" tab
7. Select "Manual" from the list
8. Click apply, click ok
9. Now restart

http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/6ee28733-a9f4-4b5a-add4-d4cc4f8bfda0/

Unfortunately the remedy is just to side-step this program. I did verify that if you manually run Windows updates, it will start the service, but not change the service start up type, so a reboot will turn the service back off.

I hope this helps!

Add a Comment