Integrity Error Found evil handle to budding VM Process.
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Integrity Error Found evil handle to budding VM Process.
Hi,
I am getting this error on my Win7 hardware - I have seen this error reported in to other threads with no feedback that the original poster was able to resolve the problem.
I have tried to uninstall and re-install, run as administrator - no luck.
I believe it has to do with permission - However I have not changed any setting, and I still get this error.
The log file is to large to include here - Hence I have had to zip it up.
Would appreciate any help or guidance on this issue
Thanks in advance
Jan
I am getting this error on my Win7 hardware - I have seen this error reported in to other threads with no feedback that the original poster was able to resolve the problem.
I have tried to uninstall and re-install, run as administrator - no luck.
I believe it has to do with permission - However I have not changed any setting, and I still get this error.
The log file is to large to include here - Hence I have had to zip it up.
Would appreciate any help or guidance on this issue
Thanks in advance
Jan
- Attachments
-
- VBoxHardening.zip
- (15.3 KiB) Downloaded 9 times
-
mpack
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Mostly XP
Re: Integrity Error Found evil handle to budding VM Process.
Avast ye maties. Best read the hardening FAQ: FAQ: Diagnosing VirtualBox Hardening Issues.
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Re: Integrity Error Found evil handle to budding VM Process.
Thanks for the pointer - I will study the info and see if I can resolve the issue
-
mpack
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Mostly XP
Re: Integrity Error Found evil handle to budding VM Process.
Well in case you didn't get it, my pirate humor was intended as a clue as to what you should look at first.
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Re: Integrity Error Found evil handle to budding VM Process.
Comparing the permissions of the directories - they at least look to be identical to one of my other laptops that do run VB with no issues -
I did include a log file with my post - Not sure if that would indicate any clues ?
-
mpack
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Mostly XP
Re: Integrity Error Found evil handle to budding VM Process.
Well, I go by the log you provide, and the log shows Avast still there.lost_in_space wrote:if its the reference to Avast - I did switch it off during install - That made no difference.
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Re: Integrity Error Found evil handle to budding VM Process.
Hmmmmm. Strange as I turned it off (disabled it) - Well back to the drawing board again ... Will try and uninstall it ..
Thanks for having a closer look - Appreciate it
Thanks for having a closer look - Appreciate it
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Re: Integrity Error Found evil handle to budding VM Process.
Well I tried a re-install of VB (did the install, run as Administrator) - I did that after I removed Avast - Same issue as before. The log file now does not show Avast at all. No other changes to the laptop - See enclosed zip file containing the log file and a word doc with the screen grab showing the main error message when I try and start VB
- Attachments
-
- VBoxHardening-After removing Avast.zip
- (39.54 KiB) Downloaded 11 times
-
fth0
- Volunteer
- Posts: 5690
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Integrity Error Found evil handle to budding VM Process.
The Windows 7 "System" process usually has one or two handles to the VM process. In your case, there are about 16 additional handles, in which case VirtualBox refuses to run the VM.
From the information in the VBoxHardening.log, I cannot tell if there is an adversary with system rights, or if it is a bug (e.g. race condition) in the VirtualBox Hardening code.
From the information in the VBoxHardening.log, I cannot tell if there is an adversary with system rights, or if it is a bug (e.g. race condition) in the VirtualBox Hardening code.
-
mpack
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Mostly XP
Re: Integrity Error Found evil handle to budding VM Process.
There have been very few reports of this "evil handle" error message, half of those were from the VirtualBox 4.x era, and I can find none that were definitively resolved. Socratis seemed to think it was a permissions issue, but that doesn't smell right to me.
Hence we have to fall back on first principles: believe what the message tells you. VirtualBox has detected more than the usual number of external threads spying on its code. If the problem still exists after Avast is gone and the host rebooted from power down... then it wasn't Avast. It's going to be some other spyware installed on the host, e.g. something like an Internet filter or screen reader. Something that wants to spy on lots of apps and is not native to Windows (if it was native then everyone would have the same problem).
Hence we have to fall back on first principles: believe what the message tells you. VirtualBox has detected more than the usual number of external threads spying on its code. If the problem still exists after Avast is gone and the host rebooted from power down... then it wasn't Avast. It's going to be some other spyware installed on the host, e.g. something like an Internet filter or screen reader. Something that wants to spy on lots of apps and is not native to Windows (if it was native then everyone would have the same problem).
-
fth0
- Volunteer
- Posts: 5690
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Integrity Error Found evil handle to budding VM Process.
Me neither. The older reports led to implementing extended error message details, which show the System process being the owner of the additional handles (in all newer cases I found). If I had the OPs problem myself, I'd use the Process Explorer (Sysinternals) to chase down either the handles or all running processes (or both).mpack wrote:There have been very few reports of this "evil handle" error message, half of those were from the VirtualBox 4.x era, and I can find none that were definitively resolved.
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Re: Integrity Error Found evil handle to budding VM Process.
Thanks for the feedback on this - The : '16 additional handles', and the proposed solution of tracking them down using : ' I'd use the Process Explorer (Sysinternals) to chase down either the handles or all running processes (or both).'
Could you possibly show a few screen grabs regarding how I go about doing this ? I assume the names to look for will be in the log file.
Thanks in advance
Best regards
Could you possibly show a few screen grabs regarding how I go about doing this ? I assume the names to look for will be in the log file.
Thanks in advance
Best regards
-
fth0
- Volunteer
- Posts: 5690
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Integrity Error Found evil handle to budding VM Process.
No (at least I don't think so). We already evaluated the main information from the VBoxHardening.log files, leading to (1) Avast, and (2) to one of the central Windows processes named System. The 'names to look for' are mostly unknown beforehand, so they must be recognized by seeing or googling them.lost_in_space wrote:I assume the names to look for will be in the log file.
Using Windows Task Manager and/or Sysinternals Process Explorer, you can get lists of processes and services running in your Windows OS (typically a few hundred!). Many of them are accompanied by descriptions that could indicate which software they belong to. That can be much information to digest. But you can be lucky and find names like 'Avast' amongst it.
-
lost_in_space
- Posts: 10
- Joined: 28. Apr 2020, 10:21
- Primary OS: MS Windows 7
- VBox Version: OSE other
- Guest OSses: Ubuntu
Re: Integrity Error Found evil handle to budding VM Process.
ahhhh ok ... then I can try two strategies then - Compare with a Win7 system I have that is running VB6 with no issues ... and stopping services on by one and see if VB6 will start.
Thanks !
Thanks !