Error in SupR3HardenedWinRespawn

Discussions related to using VirtualBox on Windows hosts.
Post Reply
Mas421
Posts: 2
Joined: 14. Jun 2018, 19:09

Error in SupR3HardenedWinRespawn

Post by Mas421 »

Hello,
I'm french and doesn't speak very well English...
I have a pb to start Virtualbox from yesterday after updates Win10 !
I have the followings msg:

could help me please?
thks very much...
Attachments
Capture d'écran 2018-06-14 15.08.jpg
Capture d'écran 2018-06-14 15.08.jpg (48.05 KiB) Viewed 6836 times
Capture d'écran 2018-06-14 14.51.jpg
Capture d'écran 2018-06-14 14.51.jpg (51.3 KiB) Viewed 6836 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Error in SupR3HardenedWinRespawn

Post by socratis »

Please read really carefully the following FAQ: Diagnosing VirtualBox Hardening Issues for some generic guidelines/ideas. Remember, these are guidelines, not the exact solution, you have to use your judgement...

If you want us to see in more detail what might be causing the problem, attach a ZIPPED VBoxHardening.log. No guarantees...

Moving to "Windows Hosts" from "Using VirtualBox".
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
paulrw1
Posts: 2
Joined: 14. Jun 2018, 20:02

Re: Error in SupR3HardenedWinRespawn

Post by paulrw1 »

I have exactly the same problem.
Failed to open a session for the virtual machine ubuntu17.1.

The virtual machine 'ubuntu17.1' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Paul\VirtualBox VMs\ubuntu17.1\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {85cd948e-a71f-4289-281e-0ca7ad48cd89}


I have uninstalled and reinstalled VirtualBox, run sfc and a full virus scan. All my VMs give the same error. Zipped log attached
Attachments
VBoxHardening.zip
(12.35 KiB) Downloaded 44 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Error in SupR3HardenedWinRespawn

Post by socratis »

paulrw1 wrote:and a full virus scan
You're not supposed to RUN a virus scan, you're supposed to UNINSTALL your 3rd party antivirus which interferes with VirtualBox (hint: Avast).

Please read the instructions/FAQ more carefully in the future.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
paulrw1
Posts: 2
Joined: 14. Jun 2018, 20:02

Re: Error in SupR3HardenedWinRespawn

Post by paulrw1 »

Sorry I thought I was dealing with intelligent people here. I have already uninstalled my anti-virus . Is that simple enough for you Socratis? Please try some basic manners.
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Error in SupR3HardenedWinRespawn

Post by socratis »

paulrw1 wrote:Sorry I thought I was dealing with intelligent people here.
You are. That's one of your problems, but not the most basic one. You have more fundamental problems to worry about, starting with your freaking attitude!

From the log you provided:

Code: Select all

3118.3434: \SystemRoot\System32\drivers\aswHwid.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.338230900Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.435635500Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.696236400Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0xb778
3118.3434:     NT Headers:      0xf0
3118.3434:     Timestamp:       0x5ae36d51
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36d51
3118.3434:     Image Version:   6.0
3118.3434:     SizeOfImage:     0xa000 (40960)
3118.3434:     Resource Dir:    0x8000 LB 0x388
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Avast HWID
3118.3434: \SystemRoot\System32\drivers\aswMonFlt.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.341233900Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.464663000Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.696236400Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0x26d90
3118.3434:     NT Headers:      0xe8
3118.3434:     Timestamp:       0x5ae36cf5
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36cf5
3118.3434:     Image Version:   6.0
3118.3434:     SizeOfImage:     0x2b000 (176128)
3118.3434:     Resource Dir:    0x29000 LB 0x3b0
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0x29060 LB 0x34c, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Avast File System Minifilter for Windows 2003/Vista
3118.3434: \SystemRoot\System32\drivers\aswRdr2.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.334227700Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.167957300Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.696236400Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0x1b300
3118.3434:     NT Headers:      0xe8
3118.3434:     Timestamp:       0x5ae36d26
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36d26
3118.3434:     Image Version:   6.1
3118.3434:     SizeOfImage:     0x1a000 (106496)
3118.3434:     Resource Dir:    0x18000 LB 0x398
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0 built by: WinDDK
3118.3434:     FileDescription: Avast WFP Redirect Driver
3118.3434: \SystemRoot\System32\drivers\aswRvrt.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.343235200Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.494693000Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.697237200Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0x14fd0
3118.3434:     NT Headers:      0xf0
3118.3434:     Timestamp:       0x5ae36cf2
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36cf2
3118.3434:     Image Version:   6.0
3118.3434:     SizeOfImage:     0x14000 (81920)
3118.3434:     Resource Dir:    0x12000 LB 0x388
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0x12060 LB 0x328, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Avast Revert
3118.3434: \SystemRoot\System32\drivers\aswSnx.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.331225600Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:07.349472300Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.697237200Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0xfae88
3118.3434:     NT Headers:      0xe8
3118.3434:     Timestamp:       0x5ae36d12
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36d12
3118.3434:     Image Version:   6.0
3118.3434:     SizeOfImage:     0xf8000 (1015808)
3118.3434:     Resource Dir:    0xf0000 LB 0x378
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0xf0060 LB 0x314, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Avast Virtualization Driver
3118.3434: \SystemRoot\System32\drivers\aswsp.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.346238800Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.530261100Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.697237200Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0x706e8
3118.3434:     NT Headers:      0xe8
3118.3434:     Timestamp:       0x5ae36d18
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36d18
3118.3434:     Image Version:   6.0
3118.3434:     SizeOfImage:     0x72000 (466944)
3118.3434:     Resource Dir:    0x70000 LB 0x370
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0x70060 LB 0x310, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Avast self protection module
3118.3434: \SystemRoot\System32\drivers\aswStm.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.351243800Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.720055900Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.698238300Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0x32498
3118.3434:     NT Headers:      0x110
3118.3434:     Timestamp:       0x5ae37258
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae37258
3118.3434:     Image Version:   10.0
3118.3434:     SizeOfImage:     0x33000 (208896)
3118.3434:     Resource Dir:    0x31000 LB 0x350
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
3118.3434:     [Raw version resource data: 0x31060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Stream Filter
3118.3434: \SystemRoot\System32\drivers\aswVmm.sys:
3118.3434:     CreationTime:    2017-12-15T14:45:08.348241400Z
3118.3434:     LastWriteTime:   2018-05-16T10:57:19.568335800Z
3118.3434:     ChangeTime:      2018-05-16T10:57:33.698238300Z
3118.3434:     FileAttributes:  0x20
3118.3434:     Size:            0x5d270
3118.3434:     NT Headers:      0xe8
3118.3434:     Timestamp:       0x5ae36cf5
3118.3434:     Machine:         0x8664 - amd64
3118.3434:     Timestamp:       0x5ae36cf5
3118.3434:     Image Version:   6.0
3118.3434:     SizeOfImage:     0x5b000 (372736)
3118.3434:     Resource Dir:    0x58000 LB 0x390
3118.3434:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3118.3434:     [Raw version resource data: 0x58060 LB 0x330, codepage 0x0 (reserved 0x0)]
3118.3434:     ProductName:     Avast Antivirus 
3118.3434:     ProductVersion:  18.4.3891.0
3118.3434:     FileVersion:     18.4.3891.0
3118.3434:     FileDescription: Avast VM Monitor
or in summary:
3118.3434:     FileDescription: Avast HWID
3118.3434:     FileDescription: Avast File System Minifilter for Windows 2003/Vista
3118.3434:     FileDescription: Avast WFP Redirect Driver
3118.3434:     FileDescription: Avast Revert
3118.3434:     FileDescription: Avast Virtualization Driver
3118.3434:     FileDescription: Avast self protection module
3118.3434:     FileDescription: Stream Filter
3118.3434:     FileDescription: Avast VM Monitor
So, your Avast is alive and kicking, and anything but uninstalled.

Now, since this is your first/second post, and you came out swinging, and I don't really appreciate it, take a week off cooling time and try to adjust your attitude when you come begging for help next time, all right?

Oh, and BTW, your banning is not a personal one, you'd have gotten one if you were to talk to any of the users in this forum like that. We're volunteering here to help others out, not to hear insults.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Mas421
Posts: 2
Joined: 14. Jun 2018, 19:09

Re: Error in SupR3HardenedWinRespawn

Post by Mas421 »

Hy,
I try to understand...
i have uninstalled AVAST, unactiveted Defender and install an old version of VirtualBox-5.1.12-112440-Win wich was fonctionning...

following the Zipped VBoxHardening.log
thks
Attachments
VBoxHardening.zip
(5.63 KiB) Downloaded 22 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Error in SupR3HardenedWinRespawn

Post by socratis »

@Mas421
If you want to understand, read really carefully the following FAQ: Diagnosing VirtualBox Hardening Issues for some generic guidelines/ideas. Remember, these are guidelines, not the exact solution, you have to use your judgement...

I'd start with Malware Bytes:
1d48.948: supR3HardenedWinFindAdversaries: 0x80
1d48.948: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
...
1d48.948:     ProductName:     Malwarebytes SwissArmy
...
1d48.948: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 954 ms, the end);
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
BitUser
Posts: 2
Joined: 26. Jun 2018, 17:18

Re: Error in SupR3HardenedWinRespawn

Post by BitUser »

Hi there,

I've been seeing the same error (log file attached) on my virtualbox hosted on Windows 10 with Ubuntu 16.04 as guest. I would be very grateful to anyone that could share a light.

Thanks.
Attachments
VBoxHardening.zip
(13.07 KiB) Downloaded 7 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Error in SupR3HardenedWinRespawn

Post by socratis »

47c.2738: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume2\Program Files (x86)
    \Trusteer\Rapport\bin\x64\rooksbas_x64.dll)
Take a look at Virtualbox problem with Trusteer Rapport.

Please report the version you have installed!!!
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
geoffh
Posts: 9
Joined: 9. Apr 2014, 09:52

Re: Error in SupR3HardenedWinRespawn

Post by geoffh »

Hello,

I have exactly the same error code (rc = -104) as the original poster, after updating to VBox 6 on Windows 10
I think the previous version of VBox was 5.1.26 and the VM always started Ok with both AVG and Rapport present, installed and running (but probably about a year ago)
I've read the hardening guide, and also the post on using Vbox with Rapport, so have tried separately disabling AVG and Rapport to no avail:
The VM will not start and always issues the same error dialog box

Please find attached the following (within the zips):
VBox5126GoodStart.log - the VBox log when starting with version 5.1.26
VBoxHardeningRapportAVGRunning.log - the hardening log with both Rapport and AVG running when attempting to start the VM with VBox 6
VBoxHardeningRapportStopped.log - the hardening log with Rapport stopped when attempting to start the VM with VBox 6
Wanted to add, but seems like there is a limit of 3 files:
VBoxHardeningAVGOff.log - the hardening log with AVG stopped when attempting to start the VM with VBox 6

I would appreciate any suggestions as to where to look next
Thanks for reading and any help
Geoff
Attachments
VBoxHardeningRapportStopped.zip
the hardening log with Rapport stopped when attempting to start the VM with VBox 6
(9.99 KiB) Downloaded 9 times
VBoxHardeningRapportAVGRunning.zip
the hardening log with both Rapport and AVG running when attempting to start the VM with VBox 6
(10.01 KiB) Downloaded 6 times
VBox5126GoodStart.zip
the VBox log when starting with version 5.1.26
(32.16 KiB) Downloaded 5 times
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Error in SupR3HardenedWinRespawn

Post by socratis »

As it's clearly mentioned in the FAQ: Diagnosing VirtualBox Hardening Issues, stopping the antivirus may not be enough. You need to uninstall/purge/nuke them into oblivion!

From your "VBoxHardeningRapportStopped.log":
478.2a3c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files
	(x86)\AVG\Antivirus\x64\aswhooka.dll' (C:\Program Files
	(x86)\AVG\Antivirus\x64\aswhooka.dll): rcNt=0xc0000190
You don't need a 3rd party antivirus with recent Win versions, they have a perfectly capable built-in one...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
geoffh
Posts: 9
Joined: 9. Apr 2014, 09:52

Re: Error in SupR3HardenedWinRespawn

Post by geoffh »

Thanks for the update about not needing a 3rd party AV program with Windows 10 - I've now removed AVG (and done a bit of reading about Windows 10 security)

However, I still can't get past 'Error -104 in supR3HardenedWinReSpawn' and the VM will not launch whatever I seem to do
Here's what I've done:
1) completely remove AVG
2) turn of Trusteer Rapport
3) run
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
sfc /scannow

After doing all that, I still get the supR3HardenedWinReSpawn error
I've looked through the hardening log, but not sure what I should be looking for as a clue as to what is causing the fail
The only thing that jumps out is :
9ac.8e0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
- and the wintab32.dll does not seem to be present

Attached is the hardening log in the Zip as VBoxHardeningNo3rdPartyAVRapportOff.log
Any suggestions as to where to go next appreciated
Thanks for reading and any help
Geoff
Attachments
VBoxHardeningNo3rdPartyAVRapportOff.zip
Hardening log with 3rd party AV removed and Rapport off
(9.7 KiB) Downloaded 9 times
geoffh
Posts: 9
Joined: 9. Apr 2014, 09:52

Re: Error in SupR3HardenedWinRespawn

Post by geoffh »

Did a bit more reading and decided to completely remove Trusteer Rapport
VM NOW STARTS Ok
(and I also have MalwareBytes installed)

I'll contact IBM about Trusteer Rapport

Thanks
Geoff
andyp73
Volunteer
Posts: 1631
Joined: 25. May 2010, 23:48
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Assorted Linux, Windows Server 2012, DOS, Windows 10, BIOS/UEFI emulation

Re: Error in SupR3HardenedWinRespawn

Post by andyp73 »

geoffh wrote:I'll contact IBM about Trusteer Rapport
They have been aware of the issue for some time and the thread about it that Socratis linked to contains the most recent information that was obtained from their technical support.

Maybe having more people banging on their door about it will make them release a proper fix!

-Andy.
My crystal ball is currently broken. If you want assistance you are going to have to give me all of the necessary information.
Please don't ask me to do your homework for you, I have more than enough of my own things to do.
Post Reply