Adlice forum

General Category => Malware removal help => Topic started by: Kagezod on April 06, 2023, 12:04:30 AM

Title: Error[5] MySQL
Post by: Kagezod on April 06, 2023, 12:04:30 AM
Error 5 when removing a virus.
Attaching the report.
How to decide?
The program finds a virus, but cannot remove it. Sometimes you can change how the command console opens and closes (which really annoys me)
Title: Re: Error[5] MySQL
Post by: Curson on April 07, 2023, 12:16:48 AM
Hi Kagezod,

Welcome to Adlice.com Forum.

Please download SystemLook (x64) (http://images.malwareremoval.com/jpshortstuff/SystemLook_x64.exe) and save it to your desktop.
Code: [Select]
:dir /s /md5
%SystemRoot%\Fonts\MysqlNote: The log can also be found on your Desktop entitled SystemLook.txt

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 07, 2023, 02:17:27 PM
Here. I don't quite understand why it didn't work. By the way, the log report shows that it is in %SystemRoot%\Fonts\Mysql .
But I find it when I scan C:\Windows\Fonts . (Well, or when I scan the entire system completely)
Title: Re: Error[5] MySQL
Post by: Kagezod on April 07, 2023, 02:49:55 PM
when I scanned with slightly different parameters, this came out

Title: Re: Error[5] MySQL
Post by: Curson on April 07, 2023, 04:37:54 PM
Hi Kagezod,

Sorry, I messed up the parameters.
Let's try with these.
Code: [Select]
:dir
%SystemRoot%\Fonts\Mysql /s /md5Note: The log can also be found on your Desktop entitled SystemLook.txt

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 07, 2023, 05:06:28 PM
There is nothing. It seems that such a file simply does not exist, but it is present on all RogueKiller checks no matter how many times I run it
Title: Re: Error[5] MySQL
Post by: Curson on April 07, 2023, 06:14:32 PM
Hi Kagezod,

This is quite strange

Please download Handle (x64) (https://live.sysinternals.com/handle64.exe) and save it on your desktop.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
"%USERPROFILE%\Desktop\handle64.exe" -a -u -nobanner Fonts\Mysql > "%USERPROFILE%\Desktop\Handle.log"A new file named Handle.log should has been created on your desktop.

Please attach it with your next reply.

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 07, 2023, 07:51:19 PM
It's empty
Title: Re: Error[5] MySQL
Post by: Kagezod on April 07, 2023, 07:58:26 PM
I will also attach a screenshot from what the scanner shows, so that it would not seem that I came up with it myself
Title: Re: Error[5] MySQL
Post by: Curson on April 09, 2023, 08:20:03 PM
Hi Kagezod,

Could you try renaming the "Mysql" folder ?
Does an error occurs ?

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 10, 2023, 07:51:32 PM
This folder doesn't even show up in the fonts folder. I have show hidden folders enabled.Even scanning the entire C drive for a MySQL file does not work.
I found the mysql.vim file on drive D in the Git folder (I installed it from the official site a few months ago)
Title: Re: Error[5] MySQL
Post by: Curson on April 10, 2023, 08:32:34 PM
Hi Kagezod,

Let's try another way.

Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
rmdir %SystemRoot%\Fonts\Mysql > "%USERPROFILE%\Desktop\Remove.log"A new file named Remove.log should has been created on your desktop.

Please attach it with your next reply.

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 10, 2023, 08:46:06 PM
I was denied access
+ rmdir %SystemRoot%\Fonts\Mysql > "%USERPROFILE%\Desktop\Remove.log"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (:) [Out-File], DirectoryNotFoundException
    + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand
Title: Re: Error[5] MySQL
Post by: Curson on April 10, 2023, 09:29:57 PM
Hi Kagezod,

Could you please try with CMD and not Powershell ?

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 10, 2023, 09:52:06 PM
C:\Users\AdminStar>rmdir %SystemRoot%\Fonts\Mysql > "%USERPROFILE%\Desktop\Remove.log"
Access denied.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 10, 2023, 10:12:50 PM
I got access now writes this
%SystemRoot%\Fonts\Mysql > "%USERPROFILE%\Desktop\Remove.log"
The specified file cannot be found.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 10, 2023, 10:16:19 PM
Updated, checked this folder with an antivirus again and the virus is no longer found.
That's just for this, I made myself the owner of the Windows folder. Does it pose any problems or risks?
Title: Re: Error[5] MySQL
Post by: Curson on April 13, 2023, 09:06:22 PM
Hi Kagezod,

Thanks for your feedback.
I suspect there is a bug within RogueKiller. We will try to reproduce it.

Your system is clean. There is no risk anymore.

Regards.
Title: Re: Error[5] MySQL
Post by: Kagezod on April 13, 2023, 09:20:30 PM
There was no removal. It's just that the antivirus stopped finding this virus in this folder. I'm not sure of the exact reasons, maybe the virus just didn't display correctly or I don't know. Submitting a report on the next full scan.
Title: Re: Error[5] MySQL
Post by: Curson on April 24, 2023, 03:49:11 PM
Hi Kagezod,

Sorry for the very late answer.
It was a hard nut to crack. During the removal process, RogueKiller cleared ACL only on files and subdirectories but not the root directory itself.

This will be fixed in RogueKiller next release.
Again, thank you very much for helping us fixing this.

Regards.