Windows 4.3.20 specifically for errors due to security

[loader]

VirtualBox 4.3.20
Does not work since 4.3.14 on all our computers with CryptoPro cryptografic software installed (Windows XP, Windows 7, Windows 8.1).
cadespluginucsp.exe v3.9.8209 (test build) --> The virtual machine has terminated unexpectedly during startup with exit code 1073741819 (0xc0000005) [E_FAIL 0x80004005]
cadespluginucsp.exe v3.6.6785 (official build) --> BSOD (CProCtrl.sys)

If I temporary disable CProCtrl non-pnp device with reg file

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CProCtrl]
"Start"=dword:00000004

it works just fine after reboot.

Turning it on again

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CProCtrl]
"Start"=dword:00000001

and BSOD (or E_FAIL) returns after reboot.

[mongorian]

@jelabarre: You are suffering from the KB3004394 problem. Read the bold black text in the first post of this topic.

No I am ***NOT*** suffering from that problem, because KB3004394 has already been ****REMOVED**** from my system. If you had bothered reading MY message, I explicity stated such. I have checked MULTIPLE TIMES that the fixpack has been removed. Now, unless MS has decided to conceal/renumber that KB, and actually place it under another number, then it is NOT on my system.

I have even tried running Virtualbox in "elevated" mode, and have tried downloading and importing an OVF file (learn_puppet_centos-6.5), and it continues to fail with the same error. So it's not even a problem with how I configured my VMs, since that test shows it fails even with a pre-made VM.

@jelabarre59 - The following is a quote from a post a few pages back by Jacob Klein regarding a Microsoft rollup patch that included the problem patch. Is it possible that you have this "rollup" package installed (KB3013769). I have not investigated the validity of this, but here is the quote for reference...

For clarity...
We don't yet know if the fault of the problem is with Microsoft's patch(es), or with Oracle's hardened security implementation found in VirtualBox 4.3.14+. My bet is that this is on Oracle to fix.

The patch resulting in the problematic behavior:
KB3004394 - December 2014 update for Windows Root Certificate Program in Windows
http://support.microsoft.com/kb/3004394

Also, from what I was reading, the following rollup looks to include that Root Certificate KB, so installing it will likely result in the same problematic behavior:
KB3013769 - December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
http://support.microsoft.com/kb/3013769

I personally did not have any problem starting my VMs on Windows 8.1 x64 after installing both patches. So, the issue might actually involve some other component as well.

Regards,
Jacob

[VirtualBox Windows User]

Getting an error when I try to open any VM. Have read elsewhere that it might be patched themes that are causing the error but I don't know why that would have anything to do with this.

• Host: Windows 7 Professional x64
• Guests installed: Windows XP x86 SP3 (nLited version), Linux Mint 16 x64, Windows 95, Windows 98 SE
• Guest additions installed? Only on XP VM

Log and screenshots attached. Also included is a screenshot demonstrating that I have already copied the original uxtheme.dll into VirtualBox's program folder as recommended earlier in this thread, by Petr Vones:

The log says you very likely use modified unsigned vesion of uxtheme.dll to get useable UI in Windows 7. VirtualBox no longer allows this, you are no longer owner of your system, you must use signed DLLs only Try to copy original unmodified Microsoft uxtheme.dll (presuming you have its backup) into the virtualbox directory where virtualbox.exe resides. This should satisfy the malware check and VirtualBox UI will look ugly but it should not affect other applications look as you probably wanted. If it does not work you have to revert back to the original uxtheme.dll in windows system directory but you will lose the Windows UI customization at all, for all applications.

Here, as you can see by going to this picture link (remove the spaces; I am too new on the forum to post the screenshot inline), I have copied uxtheme.dll into the program folder and still the error appears. The visual style is made to resemble Windows XP even though I am on Windows 7.

Code: Select all

oi57 . tinypic . com / izrzgn . jpg

I have been able to reproduce the error on all four VMs, as indicated in the attached screenshots and the logs. Perhaps someone can enlighten me as to why something completely unrelated like visual themes would have anything to do with the functioning of a completely separate VM? Short of reverting to an older build (or going back to Aero, ugh) what can I do to get my VMs working again? Is there an upcoming version of VirtualBox where the visual themes problem is fixed?

[mpack]

Here, as you can see by going to this picture link (remove the spaces; I am too new on the forum to post the screenshot inline), I have copied uxtheme.dll into the program folder and still the error appears.

You copied the original, unhacked version of uxtheme.dll into the VirtualBox folder, right? Because if VirtualBox sees the hacked version it won't care what folder it loaded from.

The point is to put an unhacked uxtheme into the VirtualBox programs folder so that Windows finds that version of the DLL first when VBox loads (because the OS looks for DLLs on the search path, starting with the program folder).

[Jacob Klein]

So, as a workaround to VirtualBox's tightened security, we are now recommending to trick it into thinking we're using a dll version that we're not really using?!? Wow. If I were malware trying to subvert operations, I would use this tactic.

[mpack]

(1) It's a workaround, nobody said it was a permanent solution.

(2) I don't see that I used the word "recommend" at any point, I simply explained how a solution proposed by another user earlier in the thread is supposed to work.

(3) There is no pretending involved: the first DLL found will be the one loaded and used. That must be the unhacked DLL for this workaround to work.

(4) Just in case you were only pretending to be an ignorant moron: I do not work for Oracle, so even if I did recommend a particular solution, that would not make it official.

(5) if you are unhappy with the free support you get from volunteers around here, then I suggest you switch to VMWare or buy a support contract.

[root]

1) Host OS and version
Host: Win7 PRO SP1
Guest: All
Host Anti-virus: Symantec Endpoint Protection 12.1.5
Host Firewall: Windows default
2) VBoxStartup.log (zipped)

Running Vbox 4.3.21 r97294. All Guest VMs fail to start. Any assistance is appreciated.

[SolardiaX]

Windows 7 SP1 (64bit)
Virtualbox 4.3.20 r96997
Kaspersky Internet Security 14.0.0
16G memory, Lenovo T430

KB3004394 has already been removed, system rebooted and reintalled virtualbox, still has same error:

Code: Select all

The virtual machine 'Linux x64' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005).  More details may be available in 'D:\VMSystem\Linux 64\Logs\VBoxStartup.log'.
Result Code:E_FAIL (0x80004005)
Component:Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

[mpack]

KB3004394 has already been removed, system rebooted and reintalled virtualbox, still has same error:

c64.1cc0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]

An uncertified Kernel32.dll makes it pretty certain that you have not repaired the damage done by the update. Google for "KB3004394 site:forums.virtualbox.org".

[f3flight]

Hi all! I would like to share how I solved this problem on my machine.

I had the same issue on my Windows 8.1 x32. At some point VirtualBox couldn't start any VMs anymore.
I checked the log and there were a lot of lines with lacks WinVerifyTrust
I have removed KB3004394 according to what is suggested here, but it did not help. And since KB3004394 is said to only affect Windows 7, it shouldn't have been the case with my system.

I have resolved the error by uninstalling BitDefender! The problem took place only after I decied to install an antivirus. So now I have it removed and VirtualBox works again.

So keep in mind that if you have all these lacks WinVerifyTrust in log about system dlls like kernel32 etc, it may be caused by an AV.

I guess topic manager should add BitDefender Antivirus Free Edition to the list of "not working with" in the first post here.

[mpack]

I had the same issue on my Windows 8.1 x32. At some point VirtualBox couldn't start any VMs anymore.
I checked the log and there were a lot of lines with lacks WinVerifyTrust
I have removed KB3004394 according to what is suggested here, but it did not help.

Any DLL which doesn't have proper certification can generate a "lacks WinVerifyTrust" error. The definitive KB3004394 symptom is that core Operating System DLLs (such as Kernel32) are lacking a valid certificate - which obviously can't be correct in a working system, and can't be caused by AV.

[f3flight]

Any DLL which doesn't have proper certification can generate a "lacks WinVerifyTrust" error. The definitive KB3004394 symptom is that core Operating System DLLs (such as Kernel32) are lacking a valid certificate - which obviously can't be correct in a working system, and can't be caused by AV.

Since AV may interfere with program execution (block file reads and so on), it may affect the behavior of certain function calls. So you may be wrong. I have reinstalled KB3004394 on my system and it does not break VirtualBox in my case (Windows 8.1 x32). So at least in my case, KB3004394 is not causing the issue but BitDefender is(was). I can try reinstalling BitDefender just to make sure. I am pretty sure I will get the same problem and same errors about kernel32.dll and many others, even though it has nothing to do with KB3004394. I will try reinstalling BitDefender and let you know.

[f3flight]

Confirmed incompatibility with BitDefender.
Install BitDefender, reboot - VM won't start. Log attached.
Remove BitDefender, reboot - VM start ok.

This means that "lacks WinVerifyTrust" for many core dlls in log MAY be caused by an AV, and to test this one needs to uninstall the AV and see if problem has gone.

[pal1000]

I experience an issue related to security as well.
System:
Dell Vostro 2521-9566
Windows 8.1 Pro x64
Security software:
-Windows Defender 4.6.305.0;
-Malwarebytes Anti-Malware 2.0.4.1028.
Tests indicate that Malwarebytes doesn't cause any problems.
The interesting part is that, the issue can temporarily be prevented by following this steps:
1. Check if Fast startup is enabled, if it's not, it must be enabled;
2. Turn off Windows Defender;
3. Shut down computer;
4. Start Virtualbox and any virtual machine preferred (it will boot successfully this time);
5. While virtual machine is running turn Windows Defender back on.
Virtualbox will work until fast startup system image is flushed which happens in any of these scenarios:
-fast startup is disabled;
-system is restarted (power command 'Restart' is designed this way);
-most applications with built-in Auto-shutdown on complete task functionality implemented. This functionality is often incompatible with fast startup;
-system crash (BSOD).
When issue occurs VirtualBox.exe process cannot be terminated normally and as such it has to be task-killed manually or automatically on log off / shutdown /restart.

This seams to be no longer reproducible.
I am using the latest test build 4.3.21-97294
Other things that changed:
-Installed all December patch Tuesday updates including that taboo one, it did no damage on my system;
-regularly updated Malwarebytes and Windows Defender definitions;
-Did a system file check and discovered that I am affected by a common system file corruption affecting Windows 8.1 PCs and fixed it.
http://answers.microsoft.com/en-us/wind ... b829d495c9
http://www.sysnative.com/forums/windows ... 8-1-a.html
https://www.google.com/search?q=CNBJ2530.DPB

[MikeDiack]

Some good news from me about the newest test build: Virtual Box 4.3.21-97294
Running this on my home Windows 7 x64 SP1 host system and Windows 8.1 x86 host system, virtual machines start fine.
Both of the Windows systems have ALL Windows patches installed, including the suspect root certificate one.
I'm running Comodo Internet Security 8.0.0.4344 (latest build).

This all seems good. Looking back at my posts and others, it sounds like Symantec Endpoint Protection seems to be the one AV that is causing the biggest compatibility problems with VBox at the moment. Unfortunately I cannot currently access my systems that are running SEP, to check compatibility of SEP with this VBox build.

Maybe others can try this and report back here ?

Mike