(rc=-5640)

mkbatra · Post by **mkbatra** » 26. Nov 2018, 07:28

Dear All,
I have windows 10 64 bit m/c (i5-8400 2.80 GHz 2.81 GHz) and installed Oracle VirtualBox-5.2.22 Oracle Virtual m/c. when I create virtual Linux Ubunto 64 bit its created successfully but issue comes when I start this I am getting following error
(rc=-5640)
please start reinstalling VirtualBox
where supR3HardenedWinRespwan what:1
VER_SUP_VP_THREAD_NOT_ALONE(-5640)- Process verification failure: the process has more than one thread. (MesssageBox).

I used
ubuntu-18.04.1-desktop-amd64.iso
ubuntu-16.04.4-desktop-amd64.iso

I also tried VirtualBox-5.2.23-126581-Win.exe

all with same error as shown above, have reinstalled 4-5 times same issue. Also installed latest visual studio distribution components.

when I installed virtual box first time it worked but may be I chosen (enable EFI (special OSes only when creating Mac OS virtual m/c caused this error, not sure 100% this is the issue)

virtual box 5.2.22 was working on my old m/c i3.... windows 10

Thanks
Manoj kumar

Post by **andyp73** » 26. Nov 2018, 08:44

mkbatra wrote:VER_SUP_VP_THREAD_NOT_ALONE(-5640)- Process verification failure: the process has more than one thread.

This is a hardening issue. It means a task that isn't properly signed is trying to inject itself into the VirtualBox process. Read Tutorial: Diagnosing VirtualBox Hardening Issues for guidance on what to look for and how to resolve it.

-Andy.

mkbatra · Post by **mkbatra** » 29. Nov 2018, 09:09

Thanks u a lot for reply,
I am getting

2d48.2320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe25a60000 'C:\WINDOWS\System32\MMDevApi.dll'
2f7c.3fc0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2622 ms, the end);
in hardening logs

How to resolve this.

Thanks
manoj

Post by **socratis** » 29. Nov 2018, 09:16

Andy already gave you the link to read and act. Did you? Please do: Tutorial: Diagnosing VirtualBox Hardening Issues

adinapiza · Post by **adinapiza** » 28. Feb 2019, 12:49

Hi,

I am experiencing the same issue using Virtual Box 5.2.26r128414 (Qt5.6.2)

I was able to run VirtualBox for months and was able to create CentOS VM Instances until today.

Below is and excerp from the log file:

Code: Select all

3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968900000 'C:\Windows\System32\msacm32.drv'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968900000 'C:\Windows\System32\msacm32.drv'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968900000 'C:\Windows\System32\msacm32.drv'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968900000 'C:\Windows\System32\msacm32.drv'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968900000 'C:\Windows\System32\msacm32.drv'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968900000 'C:\Windows\System32\msacm32.drv'
3dbc.424c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3dbc.424c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3dbc.424c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)
3dbc.424c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3dbc.424c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3dbc.424c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3dbc.424c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3dbc.424c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3dbc.424c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedDllNotificationCallback: load   00007ff968250000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968250000 'C:\Windows\System32\midimap.dll'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968250000 'C:\Windows\System32\midimap.dll'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968250000 'C:\Windows\System32\midimap.dll'
3dbc.424c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\midimap.dll [lacks WinVerifyTrust]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3dbc.424c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff968250000 'C:\Windows\System32\midimap.dll'
3dbc.6a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust]
3dbc.6a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3dbc.6a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff988ee0000 'C:\Windows\System32\MMDevApi.dll'
3d70.2b60: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2243 ms, the end);

Same with mkabtra, I seems that MMDevApi.dll is causing the issue for me.
I also followed the instructions by mpack on Diagnosing VirtualBox Hardening Issues

In that post, he noted this:

NOTE Recent (5.2.x ?) versions of VirtualBox may be producing errors with increased frequency for a new class of hardening problems (though perhaps it is user behaviour which has changed). This is signified by an error message "Thread not alone" being shown to the user, and "More than one thread in process" being recorded in the log. This message implies that a foreign program has successfully injected itself into the VirtualBox executable space and is now running, this success indicates that the associated DLLs presumably must have been correctly signed. Even so VirtualBox cannot allow this because a foreign program could conceivably be faking results to get past VirtualBox's hardening checks. The usual culprits behind this error are certain kinds of "web safe" internet browser filters or remote desktop applications. Those applications must be uninstalled, or VirtualBox must be added as an exception to their activities.

Between the time I was running virtual box correctly and the issue, there were no Windows updates, anti-virus updates or updates on the browser security. (Since I am running on a machine which is not connected to a network)

Thank you

virtualbox.org

(rc=-5640)

(rc=-5640)

Re: (rc=-5640)

Re: (rc=-5640)

Re: (rc=-5640)

Re: (rc=-5640)