Malwarebytes Tray Application has encountered a problem and needs to close.

[Chuck1]

I'm also having the exact same problem (same symptoms) on my windows XP SP3 computer.  The malwarebytes program had been running fine until a point when I started up my computer and the error appeared. I believe it has something to do with the Qt5Core.dll file in the malwarebytes program folder.  The error mentioned details about the file version of Qt5Core.dll.  I tried doing a clean reinstall of malwarebytes after runnng the malwarebytes clean program and rebooting before the new install.  I'm getting the same error message when malwarebytes tries to load after rebooting or when I try to run it manually.  I then ran the malwarebytes clean program again and reinstalled a slightly older version of malwarebytes (version 3.3.1.2183 with digital signature date of November 1, 2017) but I get the same error message "Malwarebytes has encountered a problem and needs to close".  Clicking on the details of the error shows the following:

AppName: mbam.exe     AppVer: 3.0.0.1247     ModName: qt5core.dll
ModVer: 5.6.2.0     Offset: 001aa3b6

It turns out that my software firewall (Comodo) also stopped loading properly at startup at the same time that this problem appeared so I'm wondering if it might be some sort of malware or maybe just some sort of system or registry error preventing both programs from loading. 

 

Edited February 17, 2018 by Chuck1

[dcollins]

Can you please perform the following:

1. Press Windows Key + R to bring up the run window
2. Type regedit and click Ok
3. Once Regedit comes up, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
4. On the right side, right click and choose New -> DWORD (32-bit)
5. Name the value DumpType and give it a value of 2
6. Reboot
7. Reproduce the crash
8. This should create a file in %LOCALAPPDATA%\CrashDumps, please zip up this file nad attach it to your reply

[AlexSmith]

@Chuck1 I moved your post to its own topic to draw focus on giving you dedicated support.

 

[dcollins]

@Chuck1 I also went ahead and created a .reg file for you to be able to import. Download the attached zip file and extract the file inside. Then double click the create_dumps.reg file and choose Yes when asked if you want import the contents. After that, reboot your computer.

After rebooting, wait for the crash to happen again and then look in %LOCALAPPDATA%\CrashDumps and you should see the .dmp file

create_dumps.zip

[Chuck1]

I've sent a message with attached error files.  Thanks for your help!

 

 

[dcollins]

Can you see if you have KB4074852 installed, and if so, uninstall it? Some people are reporting issues.

[Chuck1]

I uninstalled that particular Windows update and then rebooted. The error still happens just like before the uninstall.

[dcollins]

Can you grab a new set of mb-check-result logs? Also, can you check for any user.dmp files from Dr Watson?

[Chuck1]

I sent you a mail message with the attached mb-check-results.zip.  Thanks.

[dcollins]

From your logs, it looks like KB4074852 may still be installed. Can you verify it didn't re-install itself please?

[Chuck1]

You were right.  I opened the add/remove programs and the list showed the update was still present.  I think it must have reinstalled because I had windows update set to automatically  install updates.  I now have windows update disabled.  I went back to add/remove programs and uninstalled KB4074852 again after disabling windows update service. For some reason I had to boot into safe mode for the KB4074852 uninstall to work.  I then rebooted into normal mode and checked the add/remove programs list showing windows updates and KB4074852 was no longer listed. I then reinstalled malwarebytes (mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4046.exe) but I'm getting the same error as before where a small  error window pops up and reads:

AppName: mbam.exe     AppVer: 3.0.0.1284     ModName: qt5core.dll
ModVer: 5.6.2.0     Offset: 001aa3b6

[dcollins]

Thanks, can you try this please:

1. Download and extract Procdump.zip from https://malwarebytes.box.com/s/7gdfv6it0xsgu1mzbt3dbbyjcg7kguep
2. In the zip, double click 1 - mbam_crash.bat and a black screen should show up
3. Leave the black screen up, and double click the desktop icon for Malwarebytes to try and launch it
4. Once the program crashes, the black window should disappear and you should have a new .dmp file in the folder from step 1
5. Please upload the dmp file (or use wetransfer.com to generate a link and PM me the link)

[Chuck1]

Devin,

When I double clicked the batch file (1 - mbam_crash.bat) the DOS window opened and says "This file needs to be ran as an administrator.
Please right click the file and choose "Run as administrator. Press any key to continue..."   I then pressed a key and the black DOS window disappeared. 

I've also right clicked the 1 - mbam_crash.bat file but there is no "run as" in the context menu.  I'm already logged in as an administrator anyway.  I also tried leaving the DOS window open (without pressing any key to continue) and launching malwarebytes but no  .dmp file is generated. 

I also opened a command prompt window first and changed directory to the procdump directory and ran the "dir" command to list the executables and batch files. I then tried executing the 1 - mbam_crash.bat but it then says that it is  not recognizing the command as an operable program or batch file.  Any recommendation on what I'm doing wrong?  Thanks again, Devin.

Chuck

[Chuck1]

Devin,

After I reinstalled malwarebytes, I was monitoring running processes using process explorer and could see the mbam service was running and also an updater program appeared for about a half minute. Does this mean the malwarebytes service is actually protecting my PC and doing updates?  Since I still can't run the main program and see a GUI Is there a way to verify this some other way?  Thanks.

Chuck

[Chuck1]

Devin,

I was adding the list of recommended malwarebytes system files to the avast exclusion list and found that the files mwac.sys  and farflt.sys are not present in the C:\Windows\System32\drivers folder.  I did a search for them everywhere on my C drive and they were not found.  Could this be a part of the problem I've been having?

Chuck

[exile360]

That could definitely be the issue if those files don't actually exist, however before going on, please try finding the files by going directly to the folder C:\Windows\System32\drivers in Windows Explorer (rather than the browse dialog for creating exclusions in Avast!) as it is possible that Avast!'s browse dialog just can't see them (I'll explain why if you wish, but it has to do with an issue some programs have with 64 bit versions of Windows).

You can also check to see if those drivers are running and whether they exist by using Autoruns by Microsoft Sysinternals.  Right-click on it once you've downloaded it and select Run as administrator then once it is done scanning, click on the Drivers tab and look for MBAMFarflt and MBAMWebProtection then if found, right-click on each and select Jump to Image... and it should take you to the associated file's location.  If they are highlighted yellow and say File not found: in the Image Path column or they aren't listed at all then you know the drivers aren't present and/or aren't installed properly.

[Chuck1]

Ok, thanks. I did use windows explorer to open and view the c:\windows\system32\drivers folder but I did not see those two files.  I also had the folder view set to see hidden system files.  I'm running the 32 bit version of windows xp so maybe those two files are not supposed to be installed but I would think that some sort of web protection file (like mwac.sys) should be installed but I don't see it using windows explorer.

I downloaded and ran the Autoruns program from your link and went to the drivers tab after it was finished.  I do not see those two files listed at all. I see 3 files listed from publisher Malwarebytes and they are all in white, not yellow.  The three files in white are: mbamchameleon, MBAMProtection, and MBAMSwissArmy.  There are a number of yellow ones (file not found) but they are not part of the malwarebytes program. 

Chuck

[exile360]

OK, so that confirms the other protection drivers aren't installed.  It does indeed sound like that could be the cause of the issue, but I haven't used XP in quite some time so I am not exactly certain what a Malwarebytes installation is supposed to look like on XP so we'll have to wait to hear back from a member of the staff to know for certain but my guess is that missing drivers are at least part of the issue.

In the meantime, if you haven't already, I'd recommend trying to reinstall Malwarebytes in Safe Mode to see if that makes any difference at all.  If it does install successfully, try opening Malwarebytes there and also check to see if those drivers are now installed in System32\drivers.

[dcollins]

Those drivers missing on XP are fine. I haven't stopped looking into this issue, just doing some research still.

[Chuck1]

Thanks for looking into this problem, Devin.  Do you have a solution to executing the procdump batch file that I described earlier?  Chuck

[Chuck1]

I tried reinstalling and running MB3 in safe mode. The normal (not beta) release installed fine and completed installation successfully.  When it tried to load the main GUI or the system tray, still in safe mode, it gave the usual error.  I also get the same error if I try to launch the program manually:

Malwarebytes has encountered a problem and needs to close.  We are sorry for the inconvenience.

Error signature:   AppName: mbam.exe     AppVer: 3.0.0.1284     ModName: qt5core.dll
ModVer: 5.6.2.0     Offset: 001aa3b6

I then tried installing the latest beta in safe mode and the installation got very close to the end and an error appeared indicating it could not add a certain key to the windows registry.  I think the error number was 5.  I then clicked the "retry" button but got the same error. I then clicked the "abort" button and reversed the installation. 

Chuck

[exile360]

Do  you happen to know what registry key/value it listed?  If not, would you mind trying again and making a note of it?

Also, can you check the following location for any files called Setup Log YYYY-MM-DD.txt?: %localappdata%\Temp

If you find any, please zip and attach them to your next reply.  Also note that if you installed the program from a different user account, then the file will be under that user account's local appdata folder rather than your own.

[Chuck1]

My Malwarebytes support specialist Julia recommended a registry permissions utility to fix and reset permissions errors in the windows xp registry.  I did that and it fixed the installation problem to the point where I was able to install the latest beta version while in safe mode. The installation completed successfully with no code 5 error this time.  I then closed the successful installation window (clicked "ok" at the end of the successful installation) and waited for the tray and main program GUI to load.  Instead the usual error window popped up with the usual error details.  The Modver and Offset details are a little different this time but it still involves qt5core.dll

AppName: mbamtray.exe     AppVer: 3.0.0.1395     ModName: qt5core.dll
ModVer: 5.6.3.0     Offset: 001aa816

I then closed the error window and opened the malwarebytes program folder and tried running three of the executables in the folder.  They all gave the same errors which are the same one I've been seeing all along:

AppName: mbamtray.exe     AppVer: 3.0.0.1395     ModName: qt5core.dll
ModVer: 5.6.3.0     Offset: 001aa816

AppName: mbam.exe     AppVer: 3.0.0.1395     ModName: qt5core.dll
ModVer: 5.6.3.0     Offset: 001aa816

AppName: malwarebytes_assistant.exe     AppVer: 3.0.0.1395     ModName: qt5core.dll
ModVer: 5.6.3.0     Offset: 001aa816

 Chuck

Edited March 1, 2018 by Chuck1

[exile360]

OK, so my suspicions regarding permissions weren't too far off.  Thanks for the info

As for this most recent development, unless I am mistaken I believe this one is usually caused by the presence of the KB4074852 Windows Update.  Please check to see if it is still installed or got installed again, and if so, please remove it then try running Malwarebytes again to see if it works.  If you wish, you may try the semi-automated fix for this issue that I posted here.  It's a batch file that checks for the presence of that update and removes it if found.

Performing the last steps in that post of running Malwarebytes Anti-Rootkit might also be a good idea just to verify that it is able to run without issues and ensure there are no threats on the system.

[Chuck1]

Ok. I checked the add/remove programs  list with windows updates also showing and KB4074852 was not in the list.  I uninstalled it a few days ago and disabled automatic windows updates to keep it from downloading/re-installing.  I downloaded and ran your batch file anyway and it also reported that KB4074852 was not present.  I also downloaded Malwarebytes Anti-Rootkit Beta v 1.10.3.1001 from your link and updated its database. I ran a scan for 1 hr 42 min.  It didn't complete because I stopped it after that time and it then showed "no malware found". I'll rerun it and let it run to completion later today.  Here's what the mbar log showed:

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.03.01.04
  rootkit: v2018.02.28.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
(my name) :: (computer name) [administrator]

3/1/2018 5:58:45 AM
mbar-log-2018-03-01 (05-58-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 50505
Time elapsed: 1 hour(s), 42 minute(s), 13 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)