Go Back   Tech Support Forum > Security Center > General Computer Security

User Tag List

ComboFix reports

This is a discussion on ComboFix reports within the General Computer Security forums, part of the Tech Support Forum category. Hello, I hope it is the good place to ask SUBs a question about ComboFix tool. I found lots of


Reply
 
Thread Tools Search this Thread
Old 12-04-2019, 02:09 PM   #1
Registered Member
 
Goldbird's Avatar
 
Join Date: Dec 2019
Posts: 5
OS:



Hello,

I hope it is the good place to ask SUBs a question about ComboFix tool.
I found lots of reports showing Firefox extensions and plugins but I cannot obtain the same result now in virtual machine running with W7-32 nor 64.

I can display Firefox start page, but no extensions or plugins, that appear in other rapports, like FRST tool.

Do you know the Reason why ?

Thanks for help.
Goldbird is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 12-04-2019, 02:14 PM   #2
Team Manager
Microsoft Support
 
Corday's Avatar
 
Join Date: Mar 2010
Location: Midlands of South Carolina
Posts: 25,354
OS: Windows10. In the past CP/M, DOS, Windows 95, 2000, 98SE, ME, Vista & Windows 7

My System


Need further explanation of what you want.
__________________

The stability of an OS is in direct proportion to the stability of the user.
Corday is offline   Reply With Quote
Old 12-04-2019, 02:22 PM   #3
Registered Member
 
Goldbird's Avatar
 
Join Date: Dec 2019
Posts: 5
OS:



Hello,

I ran Combofix in a VM and the report does't display FF components, extensions or plugins, though these elements are displayed in other reports, like FRST.

But, when I look older CF reports, I find ff components.

You might try in VM, with plugins, like Flash Player or extensions, you cannot anymore display them on CF reports.

Why ?
Goldbird is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 12-04-2019, 02:25 PM   #4
Registered Member
 
Goldbird's Avatar
 
Join Date: Dec 2019
Posts: 5
OS:



More information

ComboFix : https://www.cjoint.com/doc/19_11/IKB...c_ComboFix.txt

ZHPdiag lines for the same system
---\\ FIREFOX, Plugins,Démarrage,Recherche,Extensions (21) - 2s
M0 - MFSP: prefs.js [test - kbtucxsv.default] Google =>.Google Inc.
P2 - EXT FILE: (.Facebook Container.) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\kbtucxsv.default\extensions\@contain-facebook.xpi =>.Facebook Container
P2 - EXT FILE: (.Enhancer for YouTube™.) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\kbtucxsv.default\extensions\[email protected] =>.Enhancer for YouTube™
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.webcompat.com.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.webcompat.com
P2 - EXT FILE: (.webcompat.com.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.webcompat.com
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_32_0_0_293.dll =>.Adobe

A CF report with FF components
https://forum.malekal.com/viewtopic.php?t=22846#p190773
FF - ProfilePath - c:\users\PIERRE\AppData\Roaming\Mozilla\Firefox\Profiles\jphl97p9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll
FF - component: c:\users\PIERRE\AppData\Roaming\Mozilla\Firefox\Profiles\jphl97p9.default\extensions\[email protected]\components\coolirisstub.dll

But I cannot display ff components in my own reports !
Why ?
Goldbird is offline   Reply With Quote
Old 12-05-2019, 02:23 AM   #5
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 507
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



As far as I'm aware, Combofix was never designed to be run on a Virtual Machine.

I believe also that it is no longer being supported, so I think you are unlikely to get any assistance from its author.
__________________
Gary R is offline   Reply With Quote
Old 12-05-2019, 12:52 PM   #6
Registered Member
 
Goldbird's Avatar
 
Join Date: Dec 2019
Posts: 5
OS:



Hello Gary,

Thanks for you answer.
But Firefox components is the only missing element in Combofix reports and I do not see why there would be a problem in VM.
I run FRST, and other security Tools in a vm without any restriction.

Regards.
Goldbird is offline   Reply With Quote
Old 12-05-2019, 04:35 PM   #7
Moderator
Security Team
 
Gary R's Avatar
 
Join Date: Jul 2008
Posts: 507
OS: W8.1 x64, Mint Cinnamon 19.2 x64, MX Linux x64



I'm afraid I can't answer why Combofix is giving you unreliable results when run in VM, I can only say that I doubt very much that it was ever designed to be used in that way.

Off hand I can't think of any tool that was.

Now it may be that some of them perform well when used on an OS hosted on a VM, but personally I would need confirmation from a tool's author that the scan results would be reliable when run this way, before I made any decisions based on those scan results.
__________________
Gary R is offline   Reply With Quote
Old 12-05-2019, 06:27 PM   #8
Registered Member
 
Goldbird's Avatar
 
Join Date: Dec 2019
Posts: 5
OS:



Hello Gary,

I understand, and you already told me that before.
But I run many Tools on VM wihout any restriction, and ComboFix run perfectly well on VM except for Firefox components.

Regards
Goldbird is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:11 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts