What is Msiexec.exe

Windows Installer - Windows Installer - Unicode - Microsoft Corporation

File description

Msiexec.exe with description Windows Installer is a process file from company Microsoft Corporation belonging to product Windows Installer - Unicode.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is Msiexec.exe?
Msiexec.exe is the executable for the Windows Installer. This is used by many pieces of software for the installation routine. The following is a screenshot of Windows Defender installer running under Windows XP Service Pack 2:

This process is for Windows Installer and as such does not need to be running for the proper operation of the system. While it can be terminated from the task manager, it should only be done if the installer that you are running hangs. Otherwise, you should cancel the installation the proper way so as not to have a partially installed program on your system. While it does not need to be running for the system to function properly, deleting the executable will cause severe system problems. The screenshot below illustrates how this process should appear in the task manager:

As you can see in the above screenshot, msiexec.exe typically runs as SYSTEM; however, it can also run as the current user. A process with this name that is running as a user other than SYSTEM is not necessarily indicative of a malware infection.

Dangers of msiexec
As this is a common process that runs whenever an installer is started, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files may have the same name but be stored somewhere other than in %SystemRoot%\System32. Other malware may use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as the genuine msiexec.exe:
  • Troj/Oscabot-A (%SystemRoot%)
    • This is a backdoor Trojan that allows an attacker to remotely take control of an infected system via IRC.
  • Troj/Imoni-B (%SystemRoot%)
    • This is a backdoor Trojan that allows an attacker to remotely take control of an infected system.
  • W32/Rado-A (%SystemRoot%)
    • This is a worm that attempts to disable all security software (e.g., anti-virus, firewall, anti-spyware) on the system.
  • VBS/Yosenio-A (%SystemRoot%)
    • This is a polymorphic virus that overwrites all files with the extensions .js, .jse, .css, .wsh, .sct, .htf, .mp3, and .wms.
  • Win32/Oscarbot.B (%SystemRoot%)
    • This worm spreads via AOL Instant Messenger.
There can sometimes be several instances of this process running at any given time. The presence of multiple instances is not necessarily an indicator of a malware infection. If it is running at a time when an installer is not running, however, it is possible that your system is infected with malware.

Common problems
  • This process uses 100% of the CPU
    • If you are performing an installation, wait a few minutes to see if the problem resolves on its own.
    • If the problem continues, terminate msiexec.exe. If you were not running an installation, you may have a malware infection.
  • "msiexec.exe - Ordinal Not Found"
    • Your Windows Installer may be corrupt. Run "msiexec /unregister" and then reinstall Windows Installer.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
010 Installed services
013 RunOnce registry entries S-1-5-XX users
035 Active Setup Installed Components
052 Explorer Browser Helper Objects (BHO)
073 %windir%\Tasks
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
138 Local Machine RunonceEx (+subkeys)

Digital signatures found for this file

64 Microsoft Windows Component Publisher - Microsoft Timestamping Service
41 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
31 Microsoft Windows - Microsoft Time-Stamp Service
9 Microsoft Windows - Microsoft Timestamping Service
6 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
5 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
4 Microsoft Windows Publisher - VeriSign Time Stamping Service
4 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
2 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer
2 Microsoft Windows - VeriSign Time Stamping Services Signer

MD5 security rating in our database

1363 files (Not yet rated and not signed)
2 files (Not yet rated and digitally signed)
1 files (Safe and not signed)
198 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to msiexec.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of msiexec.exe: by 1564 files and users.

Application errors

Fix msiexec.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.

Please add your comments if you have more information about this file or if you know how to solve msiexec.exe application errors.

File safety :

File security rating :

Are you human? How much is 10+11:

Like this page?

Please support this free service by giving us a Google+1

Browse files by letter


More system processes

msiexeca.exe msiffei.sys msihndg.dll
MSIINSPECT.DLL msikbd.sys msikbd2k.sys
msile.exe msilrai.dll msime82.exe
msimg.dll MSIMG32.dll msimgr.exe

Lansweeper computer inventory From the creator of Runscanner:

is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.