I am trying to find out why this process appeared during 2 boot occasions. Autoruns does not show it anywhere. It appeared when I uninstalled google chrome and malwarebytes.
The prefetch file for makecab.exe (makecab is an official microsoft process) showed it was created yesterday, and modified today (it ran once today and yesterday very briefly, no more than 10 seconds at boot.
I've uninstalled the 2 programs before at the same time in the past multiple times, and have never seen this process.
However, usually I delete EVERY file associated with those programs including registry when I did uninstall them.
Is there any reason why makecab.exe would run? I've used process explorer, but the process starts and ends to quickly for me to see what starts it, however it's only twice I've seen it appear, and thats after uninstalling chrome and mbam; both times I did not have process explorer ready.
Should I be worried about this? Or has it a legit reason for running? It doesn't seem to run unless I've uninstalled anything (however it doesn't happen all the time when I do. )
I haven't made any changes to my pc other than downloading malwarebytes which I have down before find without a problem.
Other areas I posted this say its something that cleans up the msi install package.
I've noticed it begins around the same time as the windows module installer (comparing prefetch file to event viewer).
I haven't added any programs, only saw this after uninstalling these programs, but as I said I usually delete the files manually. Ive uploaded the versions of makecab onto virustotal and they're all clean.
I couldn't find anything in the registry other than a value which listed various system processes, however exporting it as a text file shows it hasn't been edited for years.
How can I find out what is starting it? Ive rebooted various times with process explorer and nothing happened, I installed malwarebytes to scan, I did a full scan and found nothing, and installed chrome again. After the scan, I uninstalled the 2, and then while NOT using process explorer, but the normal task manager, I saw it again after I rebooted.
Is there a way I can make process explorer extend the time it shows kills processes? Is it likely the given explanation above is true?
Answer
Windows runs makecab.exe
to reduce the size of the old CBS log file. You can find compressed CBS.cab files under C:\Windows\logs\CBS
. Windows scans for updates at start, so it detects too large logs and compressed them.
So nothing is wrong.
No comments:
Post a Comment