Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Self Extracting Cainet - Does This Sound Okay?

  • Please log in to reply
1 reply to this topic

#1 guymorganharris


  • Members
  • 1 posts
  • Local time:02:27 AM

Posted 15 June 2006 - 03:08 AM

Hello, I've not been here before, so hello to everyone here.
I've just had a message from my Zone Alarm Security Suit warning me that 'Self Extracting Cainet is trying to launch C:\6743737A3940AD3B0855574F1C9596BA\mrtstub.exe, or use another program to gain access to priveleged resources'. Should I allow this or deny it? It appears that the Self Extracting Cabinet was created by Microsoft, but who knows?
The Zone Alarm Report Reads:
[color=#3366FF]Inside the OSFirewall alert
Alert property Alert property value Technical explanation
Program Name Self-Extracting Cabinet A program running on your computer, which attempted an action that was detected by the OSFirewall.
Filename WINDOWS-KB890830-V1.17-DELTA.EXE The filename of the program that ZoneAlarm Security Suite found on your computer.
Program Version 6.1.0022.4 (SRV03_QFE.031113-0918) The version of Self-Extracting Cabinet running on your computer.
Program Size 401312 The size of the program executable file in bytes.
Program MD5 cdb7e59cc5080bef5380f4494a8e21b8 The MD5 hash, or number, that uniquely identifies the executable.
Smart Checksum e0125e53e2ae5a54c46628c066598d79 The SKIMP hash, or number, that uniquely identifies the executable.
Date Modified Jun-12-2006 08:38:58 PM The date when WINDOWS-KB890830-V1.17-DELTA.EXE was most recently modified.
Event Type Process The event involved starting or terminating a thread or process.
Sub Event Type SpawnProcess Self-Extracting Cabinet attempted to spawn a new process.
Process Name C:\6743737A3940AD3B0855574F1C9596BA\mrtstub.exe The name (including path) of the process being spawned.
Any advice would be much appreciated!
Thank you!


BC AdBot (Login to Remove)


#2 Enthusiast


  • Members
  • 5,898 posts
  • Location:Florida, USA
  • Local time:02:27 AM

Posted 15 June 2006 - 07:31 AM

Are you running the Windows Malicious Software Removal Tool?

If so, it may be remnant temp files from that, but just to be sure I suggest you run Adaware and Spybot (after updating the definitions on each) from safe mode and then posting a HJT log on our HJT forum.

If you do not already have these freeware aps installed on your computer, you can get them at the following sites:

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that that I suggest you post a “HijackThis” log for expert assistance with your possible malware infection.

Read the pinned post in our “HijackThis” forum,
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.

A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users