I just left my computer for maybe 3 hours, now when I got back I see an alert by Comodo. Apparently a file called makecab.exe is trying to "…modify the contents of C:\WINDOWS\TEMP\cab_7304_10.
But since I haven’t done anything myself to trigger this I got suspicious, I blocked it but I keep getting the alert, I clicked in block and remember but the alerts keep coming so I opened up Comodo KillSwitch to kill the process and I see that the signer is “Microsoft Windows” and that the process which is running makecab.exe is TiWorker.exe.
So TiWorker.exe → makecab.exe → conhost.exe
TiWorker.exe - “Windows Modules Installer Worker”
makecab.exe - “Microsoft Cabinet Maker”
Oh and makecab.exe is located in C:\Windows\System32 apparently along with TiWorker.exe. So should I be worried? What are these applications actually trying to do?
I googled makecab.exe and apparently it is used to create .cab files from existing files. But what would cause it to do this now? Basically I’m worried that a malicious file called on makecab to create a cab file of some file that I have. Anyway, I allowed it and it created the files in temp then removed them quickly and the application was never heard from again… I’m f**ked huh?