Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter #1
Hello,

I hope it is the good place to ask SUBs a question about ComboFix tool.
I found lots of reports showing Firefox extensions and plugins but I cannot obtain the same result now in virtual machine running with W7-32 nor 64.

I can display Firefox start page, but no extensions or plugins, that appear in other rapports, like FRST tool.

Do you know the Reason why ?

Thanks for help.
 

·
Team Manager, Microsoft Support
Joined
·
26,502 Posts
Need further explanation of what you want.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #3
Hello,

I ran Combofix in a VM and the report does't display FF components, extensions or plugins, though these elements are displayed in other reports, like FRST.

But, when I look older CF reports, I find ff components.

You might try in VM, with plugins, like Flash Player or extensions, you cannot anymore display them on CF reports.

Why ?
 

·
Registered
Joined
·
5 Posts
Discussion Starter #4 (Edited)
More information

ComboFix : https://www.cjoint.com/doc/19_11/IKBvcORM38c_ComboFix.txt

ZHPdiag lines for the same system
---\\ FIREFOX, Plugins,Démarrage,Recherche,Extensions (21) - 2s
M0 - MFSP: prefs.js [test - kbtucxsv.default] Google =>.Google Inc.
P2 - EXT FILE: (.Facebook Container.) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\kbtucxsv.default\extensions\@contain-facebook.xpi =>.Facebook Container
P2 - EXT FILE: (.Enhancer for YouTube™.) -- C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\kbtucxsv.default\extensions\[email protected] =>.Enhancer for YouTube™
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.Mozilla Corporation
P2 - EXT FILE: (.webcompat.com.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.webcompat.com
P2 - EXT FILE: (.webcompat.com.) -- C:\Program Files\Mozilla Firefox\browser\features\[email protected] =>.webcompat.com
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_32_0_0_293.dll =>.Adobe

A CF report with FF components
https://forum.malekal.com/viewtopic.php?t=22846#p190773
FF - ProfilePath - c:\users\PIERRE\AppData\Roaming\Mozilla\Firefox\Profiles\jphl97p9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll
FF - component: c:\users\PIERRE\AppData\Roaming\Mozilla\Firefox\Profiles\jphl97p9.default\extensions\[email protected]\components\coolirisstub.dll

But I cannot display ff components in my own reports !
Why ?
 

·
Moderator , Security Team
Joined
·
795 Posts
As far as I'm aware, Combofix was never designed to be run on a Virtual Machine.

I believe also that it is no longer being supported, so I think you are unlikely to get any assistance from its author.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #6
Hello Gary,

Thanks for you answer.
But Firefox components is the only missing element in Combofix reports and I do not see why there would be a problem in VM.
I run FRST, and other security Tools in a vm without any restriction.

Regards.
 

·
Moderator , Security Team
Joined
·
795 Posts
I'm afraid I can't answer why Combofix is giving you unreliable results when run in VM, I can only say that I doubt very much that it was ever designed to be used in that way.

Off hand I can't think of any tool that was.

Now it may be that some of them perform well when used on an OS hosted on a VM, but personally I would need confirmation from a tool's author that the scan results would be reliable when run this way, before I made any decisions based on those scan results.
 

·
Registered
Joined
·
5 Posts
Discussion Starter #8
Hello Gary,

I understand, and you already told me that before.
But I run many Tools on VM wihout any restriction, and ComboFix run perfectly well on VM except for Firefox components.

Regards
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top