-
加我微信
加我QQ
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-00742 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 ORACLE恢复 Oracle 恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (102)
- 数据库 (1,700)
- DB2 (22)
- MySQL (74)
- Oracle (1,561)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (24)
- ORA-xxxxx (159)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (15)
- ORACLE 21C (3)
- Oracle 23ai (8)
- Oracle ASM (68)
- Oracle Bug (8)
- Oracle RAC (53)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (571)
- Oracle安装升级 (94)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (81)
- PostgreSQL (18)
- PostgreSQL恢复 (6)
- SQL Server (27)
- SQL Server恢复 (8)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- Oracle 19c 202501补丁(RUs+OJVM)
- 避免 19c 数据库性能问题需要考虑的事项 (Doc ID 3050476.1)
- Bug 21915719 Database hang or may fail to OPEN in 12c IBM AIX or HPUX Itanium – ORA-742, DEADLOCK or ORA-600 [kcrfrgv_nextlwn_scn] ORA-600 [krr_process_read_error_2]
- ORA-600 ktuPopDictI_1恢复
- impdp导入数据丢失sys授权问题分析
- impdp 创建index提示ORA-00942: table or view does not exist
- 数据泵导出 (expdp) 和导入 (impdp)工具性能降低分析参考
- 19c非归档数据库断电导致ORA-00742故障恢复
- Oracle 19c – 手动升级到 Non-CDB Oracle Database 19c 的完整核对清单
- sqlite数据库简单操作
- Oracle 暂定和恢复功能
- .pzpq扩展名勒索恢复
- Oracle read only用户—23ai新特性:只读用户
- 迁移awr快照数据到自定义表空间
- .hmallox加密mariadb/mysql数据库恢复
- 2025年首个故障恢复—ORA-600 kcbzib_kcrsds_1
- 第一例Oracle 21c恢复咨询
- ORA-15411: Failure groups in disk group DATA have different number of disks.
- 断电引起的ORA-08102: 未找到索引关键字, 对象号 39故障处理
- ORA-00227: corrupt block detected in control file
分类目录归档:Oracle
.wstop扩展名勒索数据库恢复
操作系统文件被加密成.[[gmtaP2R5]].[[dataserver@airmail.cc]].wstop扩展名,类似
运行的oracle数据库文件,从名称上看没有被加上明显的后缀名
通过winhex打开文件分析,虽然文件名称没有改变,但是文件依旧被破坏
通过专业工具检测具体破坏情况,每个文件破坏三段,破坏24个block左右
因为损坏block较少,这种情况,可以通过我开发的Oracle数据文件勒索加密工具进行处理,然后open数据库
类似勒索病毒预防建议:
1. 教育和培训:提高用户的网络安全意识非常重要。通过定期的网络安全培训和教育,向用户传达有关勒索病毒及其传播方式的知识,让他们能够警惕潜在的威胁,并学会如何正确应对可疑的电子邮件、链接和附件。
2. 更新和维护:及时更新操作系统、应用程序和安全软件,以修补已知的漏洞,并确保系统能够及时获取最新的安全补丁。此外,定期进行系统维护和检查,确保系统的安全配置和设置。
3. 备份数据:定期备份重要的数据和文件,并将备份存储在安全的离线或云存储中。确保备份是完整的、可靠的,并且能够及时恢复,以便在发生勒索病毒感染或其他数据丢失事件时能够快速恢复数据。
4. 网络安全工具:使用可信赖的网络安全工具,包括防病毒软件、防火墙、入侵检测系统等,以提高系统的安全性和防护能力。定期对系统进行全面的安全扫描和检测,及时发现并清除潜在的威胁。
5. 访问控制:实施严格的访问控制措施,限制用户对系统和文件的访问权限,避免使用管理员权限进行日常操作,以减少恶意软件感染的风险。此外,定期审查和更新访问控制策略,确保系统安全性得到有效维护。
6. 应急响应计划:制定和实施应急响应计划,明确团队成员的责任和任务,建立应对勒索病毒和其他安全事件的应急响应流程,以最大程度地减少损失并快速恢复业务正常运营。
如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com
Oracle Recovery Tools工具一键解决ORA-00376 ORA-01110故障(文件offline)
客户在win上面迁移数据文件,由于原库非归档,结果导致有两个文件scn不一致,无法打开库,结果他们选择offline文件,然后打开数据库
Wed Dec 04 14:06:04 2024 alter database open Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_6056.trc: ORA-01113: 文件 10 需要介质恢复 ORA-01110: 数据文件 10: 'C:\PROGRAM FILES\ORACLE\XFF1.DBF' ORA-1113 signalled during: alter database open... Wed Dec 04 14:08:18 2024 alter database datafile 'c:\program files\oracle\XFF1.dbf' offline drop Completed: alter database datafile 'c:\program files\oracle\XFF1.dbf' offline drop Wed Dec 04 14:08:31 2024 alter database open Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_6056.trc: ORA-01113: 文件 26 需要介质恢复 ORA-01110: 数据文件 26: 'C:\PROGRAM FILES\ORACLE\XFF2.DBF' ORA-1113 signalled during: alter database open... Wed Dec 04 14:08:31 2024 Checker run found 1 new persistent data failures Wed Dec 04 14:08:51 2024 alter database datafile 'c:\program files\oracle\XFF2.dbf' offline drop Completed: alter database datafile 'c:\program files\oracle\XFF2.dbf' offline drop alter database open Wed Dec 04 14:08:57 2024 Thread 1 opened at log sequence 136210 Current log# 1 seq# 136210 mem# 0: D:\APP\ADMINISTRATOR\ORADATA\ORCL\REDO01.LOG Successful open of redo thread 1 MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set Wed Dec 04 14:08:57 2024 SMON: enabling cache recovery Successfully onlined Undo Tablespace 2. Verifying file header compatibility for 11g tablespace encryption.. Verifying 11g file header compatibility for tablespace encryption completed SMON: enabling tx recovery Database Characterset is AL32UTF8 No Resource Manager plan active replication_dependency_tracking turned off (no async multimaster replication found) Starting background process QMNC Wed Dec 04 14:08:59 2024 QMNC started with pid=20, OS id=4264 Completed: alter database open
后面自行尝试recover 数据文件没有成功
Wed Dec 04 14:42:50 2024 ALTER DATABASE RECOVER datafile 26 Media Recovery Start Serial Media Recovery started ORA-279 signalled during: ALTER DATABASE RECOVER datafile 26 ... ALTER DATABASE RECOVER CONTINUE DEFAULT Media Recovery Log D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2024_12_04\O1_MF_1_135983_%U_.ARC Errors with log D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2024_12_04\O1_MF_1_135983_%U_.ARC ORA-308 signalled during: ALTER DATABASE RECOVER CONTINUE DEFAULT ... ALTER DATABASE RECOVER CANCEL Media Recovery Canceled Completed: ALTER DATABASE RECOVER CANCEL
由于这两个文件处于offline状态导致客户很多操作报ORA-00376 ORA-01110之类错
ORA-00376: file 10 cannot be read at this time ORA-01110: data file 10: 'C:\PROGRAM FILES\ORACLE\XFF1.DBF'
对于这类故障使用Oracle Recovery Tools工具,一键恢复
然后直接recover 数据文件成功
对于这类缺少归档数据文件offline的故障Oracle Recovery Tools可以快速傻瓜式恢复
软件下载:OraRecovery下载
使用说明:使用说明
OGG-02771 Input trail file format RELEASE 19.1 is different from previous trail file form at RELEASE 11.2.
源端数据库从11.2.0.4升级到19c版本(目标端本身就是19.1版本ogg),对应的ogg也从11.2升级到了19.1版本,ogg的trail文件传输到目标端之后,replicat进程直接ABENDED
GGSCI (xifenfei) 3> info replicat HISCA01,detail
REPLICAT HISCA01 Last Started 2024-12-06 17:18 Status ABENDED
Checkpoint Lag 00:00:00 (updated 13:35:38 ago)
Log Read Checkpoint File /data/ogg/dirdat/his/re000148
2024-12-06 01:12:04.078756 RBA 51446
查看view report查看报错详细
***********************************************************************
** Run Time Messages **
***********************************************************************
2024-12-06 17:50:55 INFO OGG-02243 Opened trail file /data/ogg/dirdat/his/re000148 at 2024-12-06 17:50:55.559447.
2024-12-06 17:50:55 INFO OGG-02232 Switching to next trail file /data/ogg/dirdat/his/re000000149
at 2024-12-06 17:50:55.559447 due to EOF. with current RBA 51,446.
Source Context :
SourceModule : [er.replicat.processloop]
SourceID : [er/replicat/processloop.cpp]
SourceMethod : [processReplicatLoop]
SourceLine : [1111]
ThreadBacktrace : [12] elements
: [/data/ogg/libgglog.so(CMessageContext::AddThreadContext())]
: [/data/ogg/libgglog.so(CMessageFactory::CreateMessage(CSourceContext*, unsigned int, ...))]
: [/data/ogg/libgglog.so(_MSG_Int32_String(CSourceContext*, int, int, char const*, CMessageFactory::MessageDisposition))]
: [/data/ogg/replicat()]
: [/data/ogg/replicat(ggs::er::ReplicatContext::run())]
: [/data/ogg/replicat()]
: [/data/ogg/replicat(ggs::gglib::MultiThreading::MainThread::ExecMain())]
: [/data/ogg/replicat(ggs::gglib::MultiThreading::Thread::RunThread(ggs::gglib::MultiThreading::Thread::ThreadArgs*))]
: [/data/ogg/replicat(ggs::gglib::MultiThreading::MainThread::Run(int, char**))]
: [/data/ogg/replicat(main)]
: [/lib64/libc.so.6(__libc_start_main)]
: [/data/ogg/replicat()]
2024-12-06 17:50:55 ERROR OGG-02171 Error reading LCR from data source. Status 524, data source type TrailDataSource.
Source Context :
SourceModule : [er.replicat.ReplicatContext]
SourceID : [er/replicat/ReplicatContext.cpp]
SourceMethod : [onTrailFormatChange]
SourceLine : [564]
ThreadBacktrace : [17] elements
: [/data/ogg/libgglog.so(CMessageContext::AddThreadContext())]
: [/data/ogg/libgglog.so(CMessageFactory::CreateMessage(CSourceContext*, unsigned int, ...))]
: [/data/ogg/libgglog.so(_MSG_String_String_String(CSourceContext*, int, char const*, char const*,
char const*, CMessageFactory::MessageDisposition))]
: [/data/ogg/replicat(ggs::er::ReplicatContext::onTrailFormatChange(char const*, unsigned short, unsigned short) const)]
: [/data/ogg/replicat(ggs::gglib::ggtrail::TrailDataSource::updateTrailCompat(ggs::gglib::ggtrail::TrailFile const&))]
: [/data/ogg/replicat(ggs::er::ReplicatTrailDataSource::updateTrailCompat(ggs::gglib::ggtrail::TrailFile const&))]
: [/data/ogg/replicat(ggs::gglib::ggtrail::TrailDataSource::
readNextTrailRecord(ggs::gglib::gglcr::CommonLCR**, long*, int&, int&, bool, bool))]
: [/data/ogg/replicat(ggs::er::ReplicatTrailDataSource::readLCR(ggs::gglib::gglcr::CommonLCR**, long&, bool&))]
: [/data/ogg/replicat(ggs::er::ReplicatContext::processReplicatLoop())]
: [/data/ogg/replicat(ggs::er::ReplicatContext::run())]
: [/data/ogg/replicat()]
: [/data/ogg/replicat(ggs::gglib::MultiThreading::MainThread::ExecMain())]
: [/data/ogg/replicat(ggs::gglib::MultiThreading::Thread::RunThread(ggs::gglib::MultiThreading::Thread::ThreadArgs*))]
: [/data/ogg/replicat(ggs::gglib::MultiThreading::MainThread::Run(int, char**))]
: [/data/ogg/replicat(main)]
: [/lib64/libc.so.6(__libc_start_main)]
: [/data/ogg/replicat()]
2024-12-06 17:50:55 ERROR OGG-02771 Input trail file /data/ogg/dirdat/his/re000000149 format RELEASE 19.1
is different from previous trail file form at RELEASE 11.2.
trail文件情况
[oracle@xifenfei his]$ ls -ltr total 2167648 -rw-r----- 1 oracle oinstall 157604039 Nov 14 11:44 re000144 -rw-r----- 1 oracle oinstall 499999979 Nov 21 16:48 re000145 -rw-r----- 1 oracle oinstall 499999866 Dec 2 10:06 re000146 -rw-r----- 1 oracle oinstall 266123675 Dec 6 03:36 re000147 -rw-r----- 1 oracle oinstall 51446 Dec 6 04:15 re000148 -rw-r----- 1 oracle oinstall 1211 Dec 6 04:15 re000000149 -rw-r----- 1 oracle oinstall 43711175 Dec 6 17:50 re000000150
大概的意思就是解析完成了148文件,但是在解析149文件时发现trail的版本从11.2变成了19.1,从而导致进程abend.
解决这个问题,需要人工重新指定解析149文件即可
GGSCI (xifenfei) 5> Alter replicat HISCA01 EXTSEQNO 149, EXTRBA 0
2024-12-06 17:53:01 INFO OGG-06594 Replicat HISCA01 has been altered.
Even the start up position might be updated, duplicate suppression remains active in next startup.
To override duplicate suppression, start HISCA01 with NOFILTERDUPTRANSACTIONS option.
REPLICAT altered.
GGSCI (xifenfei) 6> start HISCA01
Sending START request to MANAGER ...
REPLICAT HISCA01 starting
GGSCI (xifenfei) 8> stats HISCA01
Sending STATS request to REPLICAT HISCA01 ...
Start of Statistics at 2024-12-06 17:53:20.
Replicating from U_XFF_A.T_XFF to U_XFF_B.T_XFF:
*** Total statistics since 2024-12-06 17:53:12 ***
Total inserts 431.00
Total updates 0.00
Total deletes 307.00
Total upserts 0.00
Total discards 0.00
Total operations 738.00
*** Daily statistics since 2024-12-06 17:53:12 ***
Total inserts 431.00
Total updates 0.00
Total deletes 307.00
Total upserts 0.00
Total discards 0.00
Total operations 738.00
*** Hourly statistics since 2024-12-06 17:53:12 ***
Total inserts 431.00
Total updates 0.00
Total deletes 307.00
Total upserts 0.00
Total discards 0.00
Total operations 738.00
*** Latest statistics since 2024-12-06 17:53:12 ***
Total inserts 431.00
Total updates 0.00
Total deletes 307.00
Total upserts 0.00
Total discards 0.00
Total operations 738.00
End of Statistics.