Question

首先，我无法删除BeyondTrust PowerBroker / Symantec Anti-virus。最近的更新已向VirtualBox中添加了注入功能，其中VirtualBox将其视为入侵，因此VM无法启动。现在，VirtualBox本身可以正常启动，但是启动虚拟机会显示以下消息：

（rc = -5640）请尝试重新安装VirtualBox。

其中：supR3HardenedWinReSpawn什么：1 VERR_SUP_VP_THREAD_NOT_ALONE（-5640）-进程验证失败：进程具有多个线程。

这是Hardening.log：

2e84.1340: Log file opened: 5.2.14r123301 g_hStartupLog=0000000000000170 g_uNtVerCombined=0xa0383900
2e84.1340: \SystemRoot\System32\ntdll.dll:
2e84.1340:     CreationTime:    2017-10-16T14:10:15.589015400Z
2e84.1340:     LastWriteTime:   2017-09-07T06:03:35.589628500Z
2e84.1340:     ChangeTime:      2018-03-22T16:54:40.122678600Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0x1cccb0
2e84.1340:     NT Headers:      0xd8
2e84.1340:     Timestamp:       0x59b0d03e
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x59b0d03e
2e84.1340:     Image Version:   10.0
2e84.1340:     SizeOfImage:     0x1d2000 (1908736)
2e84.1340:     Resource Dir:    0x169000 LB 0x67a50
2e84.1340:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e84.1340:     [Raw version resource data: 0x1690f0 LB 0x398, codepage 0x0 (reserved 0x0)]
2e84.1340:     ProductName:     Microsoft® Windows® Operating System
2e84.1340:     ProductVersion:  10.0.14393.1715
2e84.1340:     FileVersion:     10.0.14393.1715 (rs1_release_inmarket.170906-1810)
2e84.1340:     FileDescription: NT Layer DLL
2e84.1340: \SystemRoot\System32\kernel32.dll:
2e84.1340:     CreationTime:    2017-08-05T12:04:26.342899300Z
2e84.1340:     LastWriteTime:   2017-04-28T00:49:43.332433600Z
2e84.1340:     ChangeTime:      2018-03-22T16:54:38.891444600Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0xab208
2e84.1340:     NT Headers:      0xf0
2e84.1340:     Timestamp:       0x59028368
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x59028368
2e84.1340:     Image Version:   10.0
2e84.1340:     SizeOfImage:     0xac000 (704512)
2e84.1340:     Resource Dir:    0xaa000 LB 0x530
2e84.1340:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e84.1340:     [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)]
2e84.1340:     ProductName:     Microsoft® Windows® Operating System
2e84.1340:     ProductVersion:  10.0.14393.1198
2e84.1340:     FileVersion:     10.0.14393.1198 (rs1_release_sec.170427-1353)
2e84.1340:     FileDescription: Windows NT BASE API Client DLL
2e84.1340: \SystemRoot\System32\KernelBase.dll:
2e84.1340:     CreationTime:    2018-03-22T16:27:49.530367800Z
2e84.1340:     LastWriteTime:   2018-03-02T09:07:30.254111800Z
2e84.1340:     ChangeTime:      2018-03-23T12:02:59.582556100Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0x21c780
2e84.1340:     NT Headers:      0xf8
2e84.1340:     Timestamp:       0x5a9906f8
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x5a9906f8
2e84.1340:     Image Version:   10.0
2e84.1340:     SizeOfImage:     0x21d000 (2215936)
2e84.1340:     Resource Dir:    0x201000 LB 0x550
2e84.1340:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e84.1340:     [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)]
2e84.1340:     ProductName:     Microsoft® Windows® Operating System
2e84.1340:     ProductVersion:  10.0.14393.2125
2e84.1340:     FileVersion:     10.0.14393.2125 (rs1_release.180301-2139)
2e84.1340:     FileDescription: Windows NT BASE API Client DLL
2e84.1340: \SystemRoot\System32\apisetschema.dll:
2e84.1340:     CreationTime:    2018-03-22T16:21:43.172673700Z
2e84.1340:     LastWriteTime:   2018-03-02T09:07:28.044323200Z
2e84.1340:     ChangeTime:      2018-03-23T12:02:57.396184500Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0x18960
2e84.1340:     NT Headers:      0xc8
2e84.1340:     Timestamp:       0x5a990a54
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x5a990a54
2e84.1340:     Image Version:   10.0
2e84.1340:     SizeOfImage:     0x19000 (102400)
2e84.1340:     Resource Dir:    0x18000 LB 0x400
2e84.1340:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e84.1340:     [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
2e84.1340:     ProductName:     Microsoft® Windows® Operating System
2e84.1340:     ProductVersion:  10.0.14393.2125
2e84.1340:     FileVersion:     10.0.14393.2125 (rs1_release.180301-2139)
2e84.1340:     FileDescription: ApiSet Schema DLL
2e84.1340: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2e84.1340: supR3HardenedWinFindAdversaries: 0x12000
2e84.1340: \SystemRoot\System32\drivers\dgmaster.sys:
2e84.1340:     CreationTime:    2018-05-23T15:36:37.521261200Z
2e84.1340:     LastWriteTime:   2018-05-02T22:14:14.000000000Z
2e84.1340:     ChangeTime:      2018-05-23T15:36:37.646276400Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0x2643c8
2e84.1340:     NT Headers:      0x108
2e84.1340:     Timestamp:       0x5aea3ef6
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x5aea3ef6
2e84.1340:     Image Version:   6.3
2e84.1340:     SizeOfImage:     0x33f000 (3403776)
2e84.1340:     Resource Dir:    0x2ff000 LB 0x35f68
2e84.1340:     [Version info resource found at 0x270! (ID/Name: 0x1; SubID/SubName: 0x409)]
2e84.1340:     [Raw version resource data: 0x334c30 LB 0x338, codepage 0x0 (reserved 0x0)]
2e84.1340:     ProductName:     Digital Guardian
2e84.1340:     ProductVersion:  7.4
2e84.1340:     FileVersion:     7.4.1.0186
2e84.1340:     FileDescription: Digital Guardian Agent Master
2e84.1340: supR3HardenedWinFindAdversaries: Found newer version: 0x12000 -> 0x14000
2e84.1340: \SystemRoot\System32\drivers\privman.sys:
2e84.1340:     CreationTime:    2018-07-06T11:53:05.369267500Z
2e84.1340:     LastWriteTime:   2018-05-16T17:23:54.000000000Z
2e84.1340:     ChangeTime:      2018-07-07T02:57:42.758964100Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0x115e8
2e84.1340:     NT Headers:      0xf8
2e84.1340:     Timestamp:       0x5afc5ee2
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x5afc5ee2
2e84.1340:     Image Version:   6.1
2e84.1340:     SizeOfImage:     0x11000 (69632)
2e84.1340:     Resource Dir:    0xc000 LB 0x32a8
2e84.1340:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x0)]
2e84.1340:     [Raw version resource data: 0xc0a0 LB 0x33c, codepage 0x0 (reserved 0x0)]
2e84.1340:     ProductName:     PowerBroker for Windows
2e84.1340:     ProductVersion:  7.5.0.0
2e84.1340:     FileVersion:     7.5.0.0
2e84.1340:     FileDescription: PowerBroker for Windows
2e84.1340: \SystemRoot\System32\privman64.dll:
2e84.1340:     CreationTime:    2018-05-16T17:59:28.000000000Z
2e84.1340:     LastWriteTime:   2018-05-16T17:59:28.000000000Z
2e84.1340:     ChangeTime:      2018-07-07T02:57:42.788041900Z
2e84.1340:     FileAttributes:  0x20
2e84.1340:     Size:            0x3a178
2e84.1340:     NT Headers:      0xf8
2e84.1340:     Timestamp:       0x5afc5e64
2e84.1340:     Machine:         0x8664 - amd64
2e84.1340:     Timestamp:       0x5afc5e64
2e84.1340:     Image Version:   0.0
2e84.1340:     SizeOfImage:     0x3c000 (245760)
2e84.1340:     Resource Dir:    0x3a000 LB 0x578
2e84.1340:     [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x0)]
2e84.1340:     [Raw version resource data: 0x3a0a0 LB 0x37c, codepage 0x4e4 (reserved 0x0)]
2e84.1340:     ProductName:     PowerBroker for Windows
2e84.1340:     ProductVersion:  7.5.0.0
2e84.1340:     FileVersion:     7.5.0.0
2e84.1340:     FileDescription: BeyondTrust PowerBroker for Windows DLL
2e84.1340: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2e84.1340: Calling main()
2e84.1340: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2e84.1340: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
2e84.1340: SUPR3HardenedMain: Respawn #1
2e84.1340: System32:  \Device\HarddiskVolume4\Windows\System32
2e84.1340: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
2e84.1340: KnownDllPath: C:\WINDOWS\System32
2e84.1340: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2e84.1340: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3338.3344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [lacks WinVerifyTrust]
3338.3344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3338.3344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdad240000 'C:\WINDOWS\system32\SHCore.dll'
3338.3344: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
hMod=00007ffdb0790000 'C:\WINDOWS\System32\ntdll.dll'
3338.3344: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
3338.3344: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3338.3344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdb0790000 'C:\WINDOWS\System32\ntdll.dll'
2e84.1340: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 79688 ms, the end);

现在我已经尝试了很多东西。

重新安装VirtualBox
此解决方法https://forums.virtualbox.org/viewtopic.php?f=6&t=82277#p404341
尝试了较旧的版本。

基本上，我需要一种在不知道防病毒软件的情况下启动VB VM的方法（并且不向防病毒程序添加异常，因为它无法访问）。有人有建议吗？

由于注入了防病毒.dll，VirtualBox VM无法启动

0 个答案: