Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

why does this hybrid analysis "detects" two viruses in the installer?

  • 6 majibu
  • 3 wana tatizo hili
  • 4 views
  • Last reply by andnik

more options

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100

says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)"

I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results.

https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

The hybrid analysis here https://www.hybrid-analysis.com/sample/19749847da2a7145770c71910a90e870724d39b2bdb4efbb7bedd917f7a05926?environmentId=100 says that the installer contains "The analysis extracted a file that was identified as malicious details 1/10 Antivirus vendors marked dropped file "plugin-container.exe" as malicious (classified as "Trojan.Heur" with 10% detection rate) 1/10 Antivirus vendors marked dropped file "System.dll" as malicious (classified as "Adware.Domage.Neobar.BF" with 10% detection rate)" I really don't trust the results of that site but I am wondering why it says that. Other languages installers and they have different results. https://www.hybrid-analysis.com/sample/0fc2c18c0242e09c2cd3cbe0eb3bc7d5009ebfb4efbe5a8e2ea2edba14c90a36?environmentId=120 https://www.hybrid-analysis.com/sample/1c4bbdd279263c6ca7501930149a58341b4cac933ebcc329756810a4090f7235?environmentId=120 https://www.hybrid-analysis.com/sample/930bb9bd06c6eb6416ef458f0286d1e2a49a0a61c66355e565c098b2f381b587?environmentId=120 https://www.hybrid-analysis.com/sample/7a7823bfedbebde7eaf9ffbbb4ce5b97475184134e1cca70a48ef131d1516871?environmentId=120 https://www.hybrid-analysis.com/sample/c96c212db817a4df881ea55513d3045c2e9de9ae4fccc2ec6f3b37cd058d2612?environmentId=120 https://www.hybrid-analysis.com/sample/6fa4e30da6778137cf1f44cc6e644e5cb960624ddd5ac5a183b7ac40f33c4511?environmentId=120 https://www.hybrid-analysis.com/sample/e0c83d4a2266b43db51e67572d803159665e7d0f3908ed6c97c04b8efac82b94?environmentId=120 https://www.hybrid-analysis.com/sample/8b5e6ea5324a34fecd29b72c6dbe9b3e4038ae51edf4f6436704d363c0d39c0e?environmentId=120

Modified by andnik

All Replies (6)

more options

Did you get the full installer from Download Firefox For All languages And Systems {web link}

more options

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview

It has one "Heur[istic]" detection and 36 clean.

System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here:

https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview

It has 1 "Adware" detection and 36 clean.

I'm not worried enough to look into it further.

more options

FredMcD είπε

Did you get the full installer from Download Firefox For All languages And Systems {web link}

Yes, I actually put the link in the upload file section.

more options

jscher2000 είπε

I don't think plugin-container.exe is malicious. When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/ed1b108e69144bd82e5d80b642300fe4bef14d15ebf82ac6464bd471ea2c2d99/hash/overview It has one "Heur[istic]" detection and 36 clean. System.dll is associated with "maintenanceservice_installer.exe". When I cross-check its sha256 hash over here: https://metadefender.opswat.com/results#!/file/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb/hash/overview It has 1 "Adware" detection and 36 clean. I'm not worried enough to look into it further.

I know, and I really wonder why they say that about firefox which is free and safe.

more options

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

more options

WestEnd είπε

Is Hybrid analysis a Mozilla program? If the installer is from the Mozilla site I would be wary of other tester software saying something that isn't there as well giving you a false positive and it by itself could be the culprit as well.

Hybrid analysis is a site similar to virustotal.com Yes the installer is from the Mozilla site