VM won't launch: Found evil handle to budding VM

[cbezault]

Hi all,

After a reboot I can no longer launch any VMs. It seems to be an issue due to some security features in Virtualbox. I've looked through the hardening troubleshooting HowTo and nothing there seemed to shed light on why this is actually happening. Any help would be greatly appreciated, the logs are attached.

The error is as follows:
Failed to open a session for the virtual machine USNY-W7PC309-RHEL65.

The virtual machine 'USNY-W7PC309-RHEL65' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Curtis.Bezault\VirtualBox VMs\USNY-W7PC309-RHEL65\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

[mpack]

FAQ: Diagnosing VirtualBox Hardening Issues.

[cbezault]

Hi mpack,

That's the HowTo I went through already when trying to diagnose my issue.

Since I didn't mention it before here is my system info:

Host: Windows 7
Guest: RHEL 6.5
Virtualbox: v5.1.24-117012

I already tried running the scannow command as is suggested if the error code is 0x1, didn't seem to help.

Thanks

[mpack]

I already tried running the scannow command as is suggested if the error code is 0x1, didn't seem to help.

That was only one suggestion. The FAQ has several other things to try.

[cbezault]

If you're referring to restarting the host, turning off any anti-virus and reinstalling as an administrator I've already followed all those steps.

[mpack]

I'm referring to uninstalling the antivirus, then rebooting the host from a power off. Then running "sfc / scannow", then providing a new log with these new conditions if you still have a problem. And ps. I don't need everything in the logs folder this time, just the hardening log is enough.

[cbezault]

Okay, I had already done all those steps but I did them again. I also upgraded my version of Virtual Box to version 5.1.28-117968 and followed all the steps again.

Here's the log.

[mpack]

From the latest log.

1338.2ff4: ProductName: Trend Micro Eyes
1338.2ff4: ProductVersion: 7.0
1338.2ff4: FileVersion: 7.0.0.1126
1338.2ff4: SpecialBuild: 1126
1338.2ff4: PrivateBuild: Build 1126 - 3/31/2017
1338.2ff4: FileDescription: TrendMicro Common Module
...
1338.2ff4: ProductName: Trend Micro AEGIS
1338.2ff4: ProductVersion: 2.976
1338.2ff4: FileVersion: 2.976.0.1207
1338.2ff4: SpecialBuild: 1207
1338.2ff4: PrivateBuild: Build 1207 - 6/23/2017
1338.2ff4: FileDescription: TrendMicro Activity Monitor Module

And many others. Your antivirus is still there.

[cbezault]

Ok, thanks for the heads up on that. I thought I uninstalled the software but it looks like it gets reinstalled every time I login (thanks IT).
Didn't even notice that it was reinstalled until you pointed that out, thanks.

I'll see if I can get rid of it permanently. I'll mark the thread as resolved if it fixes the issue.

Thanks again

[mpack]

You can tell your IT people that you aren't suggesting doing away with AV, but you do need to test whether disabling it completely allows VirtualBox to run.