5.0.9600.16384 (winblue_rtm.130821-1623) 3.68%
5.0.9600.16384 (winblue_rtm.130821-1623) 0.25%
5.0.9431.0 (winmain_bluemp.130615-1214) 0.20%
5.0.9431.0 (winmain_bluemp.130615-1214) 0.04%
5.0.9200.16384 (win8_rtm.120725-1247) 2.25%
5.0.9200.16384 (win8_rtm.120725-1247) 13.41%
5.0.8400.0 (winmain_win8rc.120518-1423) 0.08%
5.0.8400.0 (winmain_win8rc.120518-1423) 0.08%
5.0.8250.0 (winmain_win8beta.120217-1520) 0.04%
5.0.8102.0 (winmain_win8m3.110823-1455) 0.08%
5.0.7600.16385 (win7_rtm.090713-1255) 5.03%
5.0.7600.16385 (win7_rtm.090713-1255) 35.73%
5.0.7600.16385 (win7_rtm.090713-1255) 17.42%
5.0.7600.16385 (win7_rtm.090713-1255) 3.27%
5.0.7600.16385 (win7_rtm.090713-1255) 0.04%
5.0.7264.0 (win7_rtm.090622-1900) 0.04%
4.5.6002.18005 (lh_sp2rtm.090410-1830) 0.65%
4.5.6002.18005 (lh_sp2rtm.090410-1830) 0.12%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 4.62%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.12%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.08%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.12%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
4.5.6001.22159 (vistasp1_ldr.080415-1732) 0.04%
3.1.4001.5512 8.01%
3.1.4001.5512 0.12%
3.1.4001.5512 0.33%
3.1.4001.5512 0.08%
3.1.4001.5512 0.08%
3.1.4001.5512 0.04%
3.1.4001.5512 0.20%
3.1.4001.5512 0.04%
3.1.4001.5512 0.33%
3.1.4001.5512 0.08%
3.1.4001.5512 0.04%
3.1.4001.5512 0.20%
3.1.4001.5512 0.04%
3.1.4001.5512 0.04%
3.1.4001.5512 0.12%
3.1.4001.5512 0.04%
3.1.4001.5512 0.04%
3.1.4001.5512 0.04%
3.1.4001.5512 0.04%
3.1.4001.5512 0.04%
3.1.4001.5512 0.04%
3.1.4001.3311 0.04%
3.1.4001.3244 0.04%
View more



Windows Installer - Unicode by Microsoft

Remove msiexec.exe
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 6 antivirus scanners has detected malware in various versions of msiexec.exe.


There are 56 versions of msiexec.exe in the wild, the latest version being 5.0.9600.16384 (winblue_rtm.130821-1623). It is started as a Windows Service called 'Instalator Windows' with the name 'msiserver' and described as “Adds, modifies, and removes applications provided as a Windows Installer or APPX package (*.msi, *.msp, *.appx). If this service is disabled, any services that explicitly depend on it will fail to start.”. . A job within the Windows Task Scheduler is added to execute this process of a specific schedule during installation of the program. It is integrated as a plugin to Internet Explorer as a Browser Helper Object, often without any obvious user interface, and will load for each instance of IE. The average file size is about 89.38 KB. The programs Fallout 3, Dead Space™ and Unify Enterprise have been observed as installing specific variations of msiexec.exe. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 10.94 MB with the maximum memory reaching around 17.16 MB. Addionally, typically read and write I/O disk operations is about 4.28 MB per minute for reads and 3.91 MB per minute for writes.

What is msiexec.exe?

Microsoft Windows Installer is an installation and configuration service provided with Windows. The installer service enables customers to provide better corporate deployment and provides a standard format for component management. The installer also enables the advertisement of applications and features according to the operating system.


File name:msiexec.exe
Publisher:Microsoft Corporation
Product name:Windows Installer - Unicode
Description:Windows® installer
Typical file path:C:\Windows\System32\msiexec.exe
Original name:msiexec.exe.mui
Windows Service
Service name:msiserver
Display name:Instalator Windows
Description:“Adds, modifies, and removes applications provided as a Windows Installer or APPX package (*.msi, *.msp, *.appx). If this service is disabled, any services that explicitly depend on it will fail to start.”

ResourcesPrograms installed in

(Note, the programs listed below are for all versions of Windows Installer - Unicode.)
Autodesk, Inc.
1% remove
Autodesk® Inventor® 3D mechanical design software includes CAD productivity and design communication tools that can help you reduce errors, communicate more effectively, and deliver more innovative pr...
Bethesda Softworks
9% remove
Fallout 3 is an action role-playing open world video game developed by Bethesda Game Studios. It is the third major installment in the Fallout series.
Club Sentry Software
6% remove
8% remove
D-ViewCam software is included with all mydlink-enabled cameras and allows you to view and manage up to 32 cameras on a single screen using your computer. Plus, with D-ViewCam, you can automatically r...
4% remove
D-ViewCam is a software add-in for Windows Home Server that provides instant access to your live camera feeds and all the surveillance video already saved to your server. Compatible with the D-Link Ne...
Electronic Arts
12% remove
Dead Space is a video game distributed through EA's Origin digital distribution and digital rights management content delivery system.
1% remove
4% remove
7% remove
IC ComPas GmbH & Co KG
1% remove
Infotel Sistemi
1% remove
6% remove
Mars Ap.
7% remove
Micro-Star International Co., Ltd.
5% remove
NTR Global
5% remove
NTR Global
2% remove
Fast, secure and affordable, the NTR Cloud offers managed service providers (MSPs), IT managers and other IT professionals a scalable suite of features and capabilities that adapt to their business ne...
Phonologics, Inc.
7% remove
Right Hemisphere
4% remove
What was formerly known as Right Hemisphere’s Deep Exploration CAD is now SAP Visual Enterprise Author.
Right Hemisphere
5% remove
Right Hemisphere’s Deep Exploration CAD is now SAP Visual Enterprise Author.
9% remove


(Note, the behaviors below are for all versions of msiexec.exe, select a unique version for details.)
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'MSIServer' (Windows Installer)
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\WINXP\system32\msiexec.exe'
  • Firewall exception for 'C:\WINDOWS.0\system32\msiexec.exe'
  • Firewall exception for 'C:\WINDOWS\system32\msiexec.exe'
Scheduled tasks
  • The job '{50696451-B3AA-4784-981E-F04E2AA3B1B9}' runs on registration in the path '\{50696451-B3AA-4784-981E-F04E2AA3B1B9}'
  • The task '{D318DBBF-4502-4870-A65D-9A9A1C96DB0A}' runs on registration in the path '\{D318DBBF-4502-4870-A65D-9A9A1C96DB0A}'
  • Entry path '\{5A701793-8CE3-4E27-8C20-821C0BC4326D}'
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
  • BHO CLSID: {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0}

MalwareMalware detections

Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
Antivirus engineEngine versionDetectionFile version
AVG 2014.0.3629 Suspicion: unknown virus 4.5.6001.22159 (vistasp1_ldr.080415-1732)
Bkav Security W32.SedbotLAC.Trojan 4.5.6001.22159 (vistasp1_ldr.080415-1732)
Norman 7.03.02 Suspicious_Gen2.VHJNO 4.5.6001.22159 (vistasp1_ldr.080415-1732)
Symantec 20131.1.0.101 WS.Reputation.1 4.5.6001.22159 (vistasp1_ldr.080415-1732)
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0718 4.5.6001.22159 (vistasp1_ldr.080415-1732)
VIPRE Antivirus 25750 Backdoor.IRCBot 4.5.6001.22159 (vistasp1_ldr.080415-1732)

VersionsAll file variations of msiexec.exe

MD5SHA-1File size
50dab9e7e976bd7ff5f25b83440606aa 30f5643f3b223607af20d9859ec565855b7fe551 61 KB
e1d499c501dc2e1f8b451f1a43bfabed 32b219753cfe2cee13a5c6cdfa4398a571462305 54.5 KB
b72599b83ea7b7b21da56598bfd62d35 995655fdd779ccc7eb2465d028b90d11abfe3303 61 KB
51940a206e2c138588316a88901c775c 5c42ed24352800f1aa791b4d4f97992b7f5573c8 54.5 KB
07eab0a1dcf20b91a30eb6822d63483c bbd9e24249889f74aec9132593dc3c6fa8dcb71e 61.5 KB
e38d9838439d0bbc22ef3f1e9f058f8e bb187101d52c8d3e1e578836da4fed28ec868883 121.5 KB
3f46310bdc7a7e720bb6649890817b04 ad51a61359d9452c56f1301b8e83afb58ad5d959 121.5 KB
deba3197d88fd75ca3b58f8b20f27c2c 1c917cbe485a81bec6f458d3b045216577fe8cce 61 KB
84996dc545774c3703de5c97ddae2a24 dc6722de1cf044ce6cbeec52ca9b004d3ef6f8f7 60.5 KB
54096d30e4d4f7bfd877d374193aef60 1113b3627d57ceb49411a2361daf206ee5808da2 60 KB
a8492e3929e7b981da541286709c8479 bbfaccd7a8d252ecdd071d210ef7306dca1a0017 71.5 KB
a190da6546501cb4146bbcc0b6a3f48b 443aac22d57edd4ef893e2a245b356cba5b2c2dd 125 KB
eee470f2a771fc0b543bdeef74fceca0 bd9bbb448dec04b1aaa8ae530e9814fdbce0a3d5 71.5 KB
228577912c977e2cbe04920f6172c39e 9f79bbdd4c9e32ec46295914489dca271925ad7a 124.5 KB
52783374338bbd7e095f65c05a8e767b ce2da479f7e252bab7c43e742237defc61783205 91 KB
40eda4e38f8060b04893cb4abccaf51d 3e53fcc8feb7bbdc8092bba70517e16c1ae7b31c 71.5 KB
c559672f31abe6ba7277dd73c4502238 92e3ecbbaf611b9a967f802732c25e27d462f5ab 71.5 KB
ac545df9370a3e1bf538e403abe51cc0 565bb6914d6b9c7f5fe7e462d400e678f93e8313 122.5 KB
7f7bc88c8fb6b52989e0e93084b5e678 8c089d561b19eb14954f56040539c89baed6ebbc 93.5 KB
1e9ef2d0167c77d834c0aa9636292ac7 2a8c9abd05e973fe8f42bb8d43f330f303eec76c 115.5 KB
5a2371b7fb6d34c303c26a89728348a5 cb7eed581999216df7369d0bba6bf088995ed92b 114 KB
c9f58a8a94ffd069e0d9452e4fc02224 9bf9c5416e5a093736a14e3c6eff2d758c974ce2 114 KB
0e513332648f96a1f6b5aa69121a3bb1 6a47b15de653315096e9ab0638beb64ac7834843 114 KB
05ea43e2274379385d5de7faa188b126 06f83323c95ae5f5fca72cdecd7f3126360394b2 111 KB
bddfb9f628ded5aa19f4442f5e729166 d961904238c16a4723fd02f2da3ee6614d17b78f 111 KB
4f32dbf13fbebcfa0987520c4ef56908 67e605136a5c8e34c26c390872f86c4974426e1e 98 KB
15d3acad6c72e7bb830d7c29952c0da5 7289994555a83c0ab4091eb9c4e6a26229068851 119 KB
5879d691e842574a20fe63817cb76df9 2007d2c57e7b68b550db764f3cb4f43bb0274460 77 KB
4700ce2316e624678cfd2bcb72ebb6fa ec1aca8659c40ab0c597fe23d5f1f874537b1b44 77 KB
0411f7ee63ae48d2918ab4f2c79ab6c4 b2734d96326b54808159f0c0df4f2d395351a782 77 KB
190bf179a295f600c3c58ab55df75841 ab74886073b0880390cb3f6d1a617c45ec70497a 77 KB
8b53ca4a623145b90867175702026ebd 3a6e7fa146279ba7b0f9f097e12f20ca9a4e3fa3 97.5 KB
86d33904fd08597c571a4a2ec2cb9d79 ce7ced7fc9c265dd697380aad4867f3b37945fcc 102 KB
858653e3e1183b2f4ce924fda8a256ef 8f5fc320a688206e6c309888e36f482f07efad6a 77 KB
918d5763442282e0f8464a86f05f90f0 bee6b60333d2f5b66d2ffd34dc18717c3b14b0eb 77 KB
35e4bb9997323a138df04cf11f5a9884 edd41ce322b121b8df410471ef2eec47a1b02809 77 KB
972a36f7a5138699c9c78bcac43dcc73 13819809effefa8a292afa8473f6238c79c6e1e4 77 KB
b66b0778bf7e1dd979bd47ecdf36f204 49867061ea148a0bd916796e9120975115d53607 77 KB
1391ccd447c936427d050c09672114a6 c1bd1df536135b86270d06c04ed19013be9c7eca 77 KB
0a2b72ce47a477a6290a0c12845aec15 cccd76d923cff13c0f59ef7e13fc333c1d3f78cd 97.5 KB
56f6d3d28ec98146f7ac6b35c2a416bc bd9543a374fa30a39ee18970218d8a061175cf8c 77 KB
275a5afe52c7440946b89215913446f5 4451ccacb6f7fc641e509f50d2e444768e1efe9d 77 KB
0055742f61ec4924110f7b097ed5787c 1e478ba91b78db8ad3e3b470f793d9066fc0704a 77 KB
4379eb00cfcc4d40394f690a5444d162 b5b90277d269de48a29ce4fa9c666d9037cc0cc1 99 KB
e85e74d219c624724a4cf0e63d66a77b e4de77fb79d7539def8988c214e0f3b2781994df 77 KB
672b0d084f419401166411773053119c 551c461fcc25514e47818ab4e28805d4daa75818 77 KB
32d759da59689392b3b22f586b4b4995 a4d6284b39c48a1e194621ddb434b4d74708c73e 94.5 KB
294d062d834ed634ea46073a4ca7af39 7120d44f62c3423810bd38b4a86d3e90151f59d6 77 KB
0ee6dd376bb38fece68b3e52b9ca51c7 95b7450102a510501375ef40aac1cf6ab4fd4d9f 77 KB
dcaf8fd8a223cd6a7b4958ae5995fd89 653475851c165300b984f40c53c27c6d91f04b5a 77 KB
97474784b079ad522da049b0c196e8b9 8e4187430b1bc4b62c3e0153afd2a8c4872139e9 161.5 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 51.75%
Windows 7 Ultimate 28.75%
Windows 7 Professional 11.25%
Windows 7 Home Basic 2.50%
Windows 8 Pro 2.25%
Windows 7 Enterprise 1.00%
Windows 7 Starter 0.75%
Windows 8 0.50%
Windows 8 Enterprise Evaluation 0.25%
Windows Se7en Titan 0.25%
Windows 8 Pro with Media Center 0.25%
Windows 8 Enterprise 0.25%
Windows Seven Black Edition 0.25%

Distribution by countryDistribution by country

United States installs about 39.80% of Windows Installer - Unicode.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 19.39%
Hewlett-Packard 16.54%
ASUS 16.35%
Acer 12.93%
Toshiba 11.03%
Sony 6.08%
Lenovo 4.18%
Samsung 2.28%
Intel 2.28%
MSI 1.14%
Alienware 0.95%
Medion 0.76%
Gateway 0.76%
Sahara 0.38%
NEC 0.38%
Compaq 0.38%
American Megatrends 0.38%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE