Integrity Error Found evil handle to budding VM Process.

[lost_in_space]

Hi,
I am getting this error on my Win7 hardware - I have seen this error reported in to other threads with no feedback that the original poster was able to resolve the problem.

I have tried to uninstall and re-install, run as administrator - no luck.

I believe it has to do with permission - However I have not changed any setting, and I still get this error.

The log file is to large to include here - Hence I have had to zip it up.

Would appreciate any help or guidance on this issue

Thanks in advance
Jan

[mpack]

Avast ye maties. Best read the hardening FAQ: FAQ: Diagnosing VirtualBox Hardening Issues.

[lost_in_space]

Thanks for the pointer - I will study the info and see if I can resolve the issue

[mpack]

Well in case you didn't get it, my pirate humor was intended as a clue as to what you should look at first.

[lost_in_space]

.... if its the reference to Avast - I did switch it off during install - That made no difference. What is frustrating is that I have installed VB on several other laptops - with no issue.

Comparing the permissions of the directories - they at least look to be identical to one of my other laptops that do run VB with no issues -

I did include a log file with my post - Not sure if that would indicate any clues ?

[mpack]

if its the reference to Avast - I did switch it off during install - That made no difference.

Well, I go by the log you provide, and the log shows Avast still there.

[lost_in_space]

Hmmmmm. Strange as I turned it off (disabled it) - Well back to the drawing board again ... Will try and uninstall it ..

Thanks for having a closer look - Appreciate it

[lost_in_space]

Well I tried a re-install of VB (did the install, run as Administrator) - I did that after I removed Avast - Same issue as before. The log file now does not show Avast at all. No other changes to the laptop - See enclosed zip file containing the log file and a word doc with the screen grab showing the main error message when I try and start VB

[fth0]

The Windows 7 "System" process usually has one or two handles to the VM process. In your case, there are about 16 additional handles, in which case VirtualBox refuses to run the VM.

From the information in the VBoxHardening.log, I cannot tell if there is an adversary with system rights, or if it is a bug (e.g. race condition) in the VirtualBox Hardening code.

[mpack]

There have been very few reports of this "evil handle" error message, half of those were from the VirtualBox 4.x era, and I can find none that were definitively resolved. Socratis seemed to think it was a permissions issue, but that doesn't smell right to me.

Hence we have to fall back on first principles: believe what the message tells you. VirtualBox has detected more than the usual number of external threads spying on its code. If the problem still exists after Avast is gone and the host rebooted from power down... then it wasn't Avast. It's going to be some other spyware installed on the host, e.g. something like an Internet filter or screen reader. Something that wants to spy on lots of apps and is not native to Windows (if it was native then everyone would have the same problem).

[fth0]

There have been very few reports of this "evil handle" error message, half of those were from the VirtualBox 4.x era, and I can find none that were definitively resolved.

Me neither. The older reports led to implementing extended error message details, which show the System process being the owner of the additional handles (in all newer cases I found). If I had the OPs problem myself, I'd use the Process Explorer (Sysinternals) to chase down either the handles or all running processes (or both).

[lost_in_space]

Thanks for the feedback on this - The : '16 additional handles', and the proposed solution of tracking them down using : ' I'd use the Process Explorer (Sysinternals) to chase down either the handles or all running processes (or both).'

Could you possibly show a few screen grabs regarding how I go about doing this ? I assume the names to look for will be in the log file.

Thanks in advance

Best regards

[fth0]

I assume the names to look for will be in the log file.

No (at least I don't think so). We already evaluated the main information from the VBoxHardening.log files, leading to (1) Avast, and (2) to one of the central Windows processes named System. The 'names to look for' are mostly unknown beforehand, so they must be recognized by seeing or googling them.

Using Windows Task Manager and/or Sysinternals Process Explorer, you can get lists of processes and services running in your Windows OS (typically a few hundred!). Many of them are accompanied by descriptions that could indicate which software they belong to. That can be much information to digest. But you can be lucky and find names like 'Avast' amongst it.

[lost_in_space]

ahhhh ok ... then I can try two strategies then - Compare with a Win7 system I have that is running VB6 with no issues ... and stopping services on by one and see if VB6 will start.

Thanks !