Loader v1.6 with hv detect fix released. Reboot PC before using it (this will make sure driver from previous version is not loaded). Specially for this lame malware that ignores "hypervisor set" bit.
VM Legacy paravirt. interface must be set, your VM settings->System->Acceleration.
This loader now patch two dlls in memory -> VBoxDD.dll and VBoxVMM.dll.
Exact location of patch in VBoxVMM.dll is cpumR3CpuIdPlantHypervisorLeaves.
Loader 1.6 support only 5.0.16 VirtualBox, for older versions use loader v1.5.
Download, updated guide, etc
https://github.com/hfiref0x/VBoxHardene ... ter/Binary