I have no idea what to do with this file.


I just left my computer for maybe 3 hours, now when I got back I see an alert by Comodo. Apparently a file called makecab.exe is trying to "…modify the contents of C:\WINDOWS\TEMP\cab_7304_10.

But since I haven’t done anything myself to trigger this I got suspicious, I blocked it but I keep getting the alert, I clicked in block and remember but the alerts keep coming so I opened up Comodo KillSwitch to kill the process and I see that the signer is “Microsoft Windows” and that the process which is running makecab.exe is TiWorker.exe.

So TiWorker.exe → makecab.exe → conhost.exe

TiWorker.exe - “Windows Modules Installer Worker”
makecab.exe - “Microsoft Cabinet Maker”

Oh and makecab.exe is located in C:\Windows\System32 apparently along with TiWorker.exe. So should I be worried? What are these applications actually trying to do?

I googled makecab.exe and apparently it is used to create .cab files from existing files. But what would cause it to do this now? Basically I’m worried that a malicious file called on makecab to create a cab file of some file that I have. Anyway, I allowed it and it created the files in temp then removed them quickly and the application was never heard from again… I’m f**ked huh?

Hi SanyaIV,

Please submit the detected file at Comodo Antivirus Database | Submit Files for Malware Analysis. So we can check it.

Thanks and Regards,

I don’t think that would yield any result since makecab.exe is just something that is used by other applications in order to make .cab files.
So lets say virus.exe wants to make a .cab file, it then calls upon makecab.exe to create a cab file. if C++ then it would perhaps be “system(“makecab.exe filename destination”);” but since I couldn’t find any unknown applications running I assume it was a legit application that wanted to do a cab file.

TiWorker.exe is the application executable for MS Windows Modules Installer Worker - when Windows runs the installation screen for new installation or update, this executable is involved
Source: http://systemexplorer.net/file-database/file/tiworker-exe .

I see no reason to assume there is a virus on your system. Those are all legit Windows files that are not being started by an unknown program.