Page 1 of 1

4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 10. Dec 2014, 15:21
by sunboy
Hello

none on my VMs can't be started anymore after I applied newest MS patch

after that i can read in VMstart.log:

Vbox: 4.3.20r96997
Code: Select all   Expand viewCollapse view
209c.2320: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
209c.2320: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
209c.2320: Error (rc=0):

209c.2320: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Windows\System32\crypt32.dll
209c.2320: Error (rc=0):

209c.2320: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\crypt32.dll' (C:\Windows\system32\crypt32.dll): rcNt=0xc0000190
209c.2320: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\crypt32.dll'
209c.2320: Fatal error:
209c.2320: Error loading 'crypt32.dll': 1790 [C:\Windows\system32\crypt32.dll]

a48.21fc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 344 ms, the end);
1c20.1240: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 952 ms, the end);


Code: Select all   Expand viewCollapse view
 C:\Windows\system32
30.10.2014  03:04         1.480.192 crypt32.dll
SHA256:    ea3528028bf82a5d025c25633a5ddd6b71aaa0c1333aa9532a2ca711a8fe89e8


i am using Windows 7 pro 64bit and Trendmicro Office scan

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 10. Dec 2014, 16:11
by sunboy
I uninstall KB3004394 (which had installed the new root root certificates with crypt32.dll Version 6.1.7601.18648)

Now Virtual Machines can be started again, but the entire system seems to be very slow/like under heavy load.

See
"December 2014 update for Windows Root Certificate ..."
https://support.microsoft.com/kb/3004394

There seems to be a general problem with kb3004394...?

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 10. Dec 2014, 21:24
by ptmcg
I had updated to 4.3.20 after the KB install, trying to get things working. So after uninstalling the KB, I also un/reinstalled VB 4.3.20 - now VMs are all running again.

Not detecting any sluggishness tho.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 10. Dec 2014, 22:17
by bird
Just to repeat current analysis of the problem ( https://www.virtualbox.org/ticket/13677#comment:6 ):

From what I can tell, the KB3004394 update does not install a catalog file on 64-bit windows 7. It does on Windows 8.1 (C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB3004394~31bf3856ad364e35~amd64~~6.3.1.0.cat), so VBox works fine there.

The result of the missing .cat file is that VBox (nor SysInternal's SigCheck.exe for that matter) is not able to verify the authenticity of c:\windows\system32\crypt32.dll and wintrust.dll. If we cannot find any valid signature for the files, we have to assume that they have been tampered with and are forced to abort application loading. These two dlls are important for validating other components, so there is absolutely no way we can ignore this.

Until Microsoft (hopefully) fixes the KB3004394 update on Windows 7, the only solution is to revert/uninstall it.

--bird

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 07:15
by david.90
Good Evening,

I also encountered this issue after Windows Update ran and installed the KB update.
I am in the midst of un-installing the KB update now.

Thank you all for your input.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 10:12
by Poema
THANKS,

I've had the same problem and this forum saved my live (work)

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 12:16
by socratis
For your own information, I tried to update an almost up-to-date Windows machine and it seems that Microsoft has pulled KB3004394 from its updates (yesterday there were 11 updates, today 10; guess who's missing ;) ). It appears that there have been major issues with it, not just VirtualBox. For example. see Botched KB 3004394 triggers error messages, but no response from Microsoft.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 14:50
by johnroberts
I can confirm the same issue on Windows 7 Pro/32 bit. The usual Microsoft FUBAR :? .

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 16:51
by sunboy
KB3004394 is back again for download.

To fix the problem just rerun Windows Update and reboot.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 17:49
by wharrell
This is the exact problem I was experiencing after applying Microsoft patches. I removed KB3004294 and re-installed 4.3.20 just to be safe. It resolved my issue.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 18:10
by socratis
sunboy wrote:KB3004394 is back again for download.

No it is not. Microsoft pulled it. Just checked and it's not available in the Windows Update.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 11. Dec 2014, 21:13
by GranoblasticMan
I wonder if someone should tell Microsoft about this "new" software QA idea called "regression testing"...

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 12. Dec 2014, 13:01
by michaln
There is now http://support.microsoft.com/kb/3024777 which ought to fix the affected systems.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 24. May 2019, 17:35
by Wiccio
sunboy wrote:I uninstall KB3004394 (which had installed the new root root certificates with crypt32.dll Version 6.1.7601.18648)

Now Virtual Machines can be started again, but the entire system seems to be very slow/like under heavy load.

How did you uninstall the update if the VM doesn't start? Perhaps you mean that you have uninstalled it from the local PC that hosts the VM? In that case, I don't have this KB3004394 on my PC.

Finally, fortunately, I solved by launching an sfc / scannow in the local PC that hosts the VM, which found problems on the VirtualBox's dlls and which I therefore repaired using the code dism /Online /Cleanup-Image /RestoreHealth.

Re: 4.3.20 rejecting crypt32.dll after Windows patchday

PostPosted: 24. May 2019, 20:08
by socratis
Wiccio wrote:How did you uninstall the update if the VM doesn't start?

I highly doubt that you're going to receive an answer from a 2014 thread, that's why I'm going to lock this thread and send it with its other zombie buddies back to oblivion. 4.3.20 is way too old to have a diagnosis after so many years...