-
加我微信
加我QQ
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-00742 ORA-01110 ORA-01555 ORA-01578 ORA-01595 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (103)
- 数据库 (1,749)
- DB2 (22)
- MySQL (76)
- Oracle (1,594)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (24)
- ORA-xxxxx (162)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (15)
- ORACLE 21C (3)
- Oracle 23ai (8)
- Oracle ASM (68)
- Oracle Bug (8)
- Oracle RAC (54)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (584)
- Oracle安装升级 (96)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (84)
- PostgreSQL (30)
- pdu工具 (6)
- PostgreSQL恢复 (9)
- SQL Server (30)
- SQL Server恢复 (11)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (38)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (21)
-
最近发表
- [MY-013183] [InnoDB] Assertion failure故障处理
- Oracle 19c 202504补丁(RUs+OJVM)-19.27
- Oracle Recovery Tools修复ORA-600 6101/kdxlin:psno out of range故障
- pdu完美支持金仓数据库恢复(KingbaseES)
- 虚拟机故障引起ORA-00310 ORA-00334故障处理
- pg创建gbk字符集库
- PostgreSQL运行日志管理
- ora-600 kdsgrp1 错误描述
- GAM、SGAM 或 PFS 页上存在页错误处理
- ORA-600 krhpfh_03-1208
- VMware勒索加密恢复(vmdk勒索恢复)
- ORA-39773: parse of metadata stream failed故障处理
- sql数据库备份失败—失败: 23(数据错误(循环冗余检查)
- vmdk文件被加密恢复(虚拟机文件加密)
- 差点被误操作的ORA-600 kcratr_nab_less_than_odr故障
- win平台19c 打patch遭遇2个小问题汇总
- pg单个数据库目录恢复-pdu恢复单个数据库目录数据
- pg删除数据恢复—pdu恢复pg delete数据
- .[OnlyBuy@cyberfear.com].REVRAC勒索mysql恢复
- 表dml操作权限授权给public,导致只读用户失效
分类目录归档:数据库
sql数据库备份失败—失败: 23(数据错误(循环冗余检查)
有客户sql server数据库备份失败,提示如下
从这个报错看,比较明显是由于底层(文件系统损坏或者扇区访问异常导致),进一步查看系统事件确认是由于扇区异常导致(设备\Device\HarddiskO\DR0有一个不正确的区块)
对于这种情况,当访问到文件所在的损坏扇区位置,就会报io错误,终止访问,文件也无法直接拷贝.通过专业工具对文件进行拷贝恢复确认一些扇区损坏而且被跳过(这部分数据肯定丢失)
由于文件本身跳过了损坏的扇区,需要确认损坏的部分影响哪些对象和哪些类型的损坏,通过DBCC检测出来异常信息如下
消息 8976,级别 16,状态 1,第 1 行 表错误: 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data)。在扫描过程中未发现页 (1:1577857),但该页的父级 (1:87825) 和上一页 (1:1576364) 都引用了它。请检查以前的错误消息。 消息 8978,级别 16,状态 1,第 1 行 表错误: 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data)。页 (1:1577859) 缺少上一页 (1:1577857) 对它的引用。可能是链链接有问题。 消息 8939,级别 16,状态 98,第 1 行 表错误: 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data),页 (1:1577857)。测试(IS_OFF (BUF_IOERR, pBUF->bstat))失败。值为 133129 和 -4。 消息 8928,级别 16,状态 1,第 1 行 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data): 无法处理页 (1:1577857)。有关详细信息,请参阅其他错误消息。 消息 8939,级别 16,状态 98,第 1 行 表错误: 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data),页 (1:385339)。测试(IS_OFF (BUF_IOERR, pBUF->bstat))失败。值为 133129 和 -4。 消息 8928,级别 16,状态 1,第 1 行 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data): 无法处理页 (1:385339)。有关详细信息,请参阅其他错误消息。 消息 8976,级别 16,状态 1,第 1 行 表错误: 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data)。在扫描过程中未发现页 (1:385339),但该页的父级 (1:127857) 和上一页 (1:385338) 都引用了它。请检查以前的错误消息。 消息 8978,级别 16,状态 1,第 1 行 表错误: 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data)。页 (1:1682744) 缺少上一页 (1:385339) 对它的引用。可能是链链接有问题。
然后通过DBCC进行修复,修复成功提示如下
修复: 已为数据库 'myhis' 中的对象 'dbo.h_xxxxx, idx_xxxxx_ckdmx_id' 成功地重新生成了 Nonclustered 索引。
修复: 页 (1:1577857) 已从对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data)释放。
消息 8945,级别 16,状态 1,第 6 行
表错误: 将重新生成对象 ID 1478296326,索引 ID 70。
该错误已修复。
消息 8928,级别 16,状态 1,第 6 行
对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data): 无法处理页 (1:1577857)。有关详细信息,请参阅其他错误消息。
该错误已修复。
消息 8939,级别 16,状态 98,第 6 行
表错误: 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data),页 (1:1577857)。测试(IS_OFF (BUF_IOERR, pBUF->bstat))失败。值为 2057 和 -4。
该错误已修复。
消息 8976,级别 16,状态 1,第 6 行
表错误: 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data)。在扫描过程中未发现页 (1:1577857),但该页的父级 (1:87825) 和上一页 (1:1576364) 都引用了它。请检查以前的错误消息。
该错误已修复。
消息 8978,级别 16,状态 1,第 6 行
表错误: 对象 ID 1478296326,索引 ID 70,分区 ID 72057594244038656,分配单元 ID 72057594277527552 (类型为 In-row data)。页 (1:1577859) 缺少上一页 (1:1577857) 对它的引用。可能是链链接有问题。
该错误已修复。
对象 'h_zysfdmx' 的 365541 页中有 2705291 行。
CHECKDB 在表 'h_xxxxx' (对象 ID 1478296326)中发现 0 个分配错误和 4 个一致性错误。
CHECKDB 在表 'h_xxxxx' (对象 ID 1478296326)中修复了 0 个分配错误和 4 个一致性错误。
修复: 已为数据库 'myhis' 中的对象 'dbo.h_xxx, idx_xxx_ckdmx_id' 成功地重新生成了 Nonclustered 索引。
修复: 页 (1:385339) 已从对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data)释放。
消息 8945,级别 16,状态 1,第 6 行
表错误: 将重新生成对象 ID 2005582183,索引 ID 66。
该错误已修复。
消息 8928,级别 16,状态 1,第 6 行
对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data): 无法处理页 (1:385339)。有关详细信息,请参阅其他错误消息。
该错误已修复。
消息 8939,级别 16,状态 98,第 6 行
表错误: 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data),页 (1:385339)。测试(IS_OFF (BUF_IOERR, pBUF->bstat))失败。值为 2057 和 -4。
该错误已修复。
消息 8976,级别 16,状态 1,第 6 行
表错误: 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data)。在扫描过程中未发现页 (1:385339),但该页的父级 (1:127857) 和上一页 (1:385338) 都引用了它。请检查以前的错误消息。
该错误已修复。
消息 8978,级别 16,状态 1,第 6 行
表错误: 对象 ID 2005582183,索引 ID 66,分区 ID 72057594242859008,分配单元 ID 72057594276347904 (类型为 In-row data)。页 (1:1682744) 缺少上一页 (1:385339) 对它的引用。可能是链链接有问题。
该错误已修复。
对象 'h_sfdmx' 的 1226 页中有 10928 行。
CHECKDB 在表 'h_xxx' (对象 ID 2005582183)中发现 0 个分配错误和 4 个一致性错误。
CHECKDB 在表 'h_xxx' (对象 ID 2005582183)中修复了 0 个分配错误和 4 个一致性错误。
再次使用DBCC检查数据库,一切正常,没有其他报错.然后在恢复过程中ldf文件也有大量扇区异常,对ldf文件进行截断处理
ALTER DATABASE MYHIS SET RECOVERY SIMPLE; DBCC SHRINKFILE (MYHIS_log, 0); ALTER DATABASE MYHIS SET RECOVERY FULL;
vmdk文件被加密恢复(虚拟机文件加密)
有客户的vm虚拟化平台被勒索病毒加密,扩展名为:.{110DCD0A-295C-27A4-914B-5F2CBAAA094E}.tianrui
README.TXT文件内容如下,预留邮箱为:tianrui@mailum.com
I'll try to be brief: 1. It is beneficial for us that your files are decrypted no less than you,
we don't want to harm you, we just want to get a ransom for our work.
2. Its only takes for us at list 20 minutes after payment to completely decrypt you,
to its original state, it's very simple for us!
3.If you contact decryption companies, you are automatically exposed to publicity,also,
these companies do not care about your files at all, they only think about their own benefit!
4.They also contact the police. Again, only you suffer from this treatment!
5. We have developed a scheme for your secure decryption without any problems, unlike the above companies,
who just as definitely come to us to decipher you and simply make a profit from you as intermediaries,
preventing a quick resolution of this issue!
6. In case of refusal to pay, we transfer all your personal data such as (emails, link to panel,
payment documents , certificates , personal information of you staff, SQL,ERP,
financial information for other hacker groups) and they will come to you again for sure!
We will also publicize this attack using social networks and other media,
which will significantly affect your reputation
7. If you contact us no more than 12 hours after the attack, the price is only 50% of the price afterwards!
8. Do not under any circumstances try to decrypt the files yourself; you will simply break them!
YOU MUST UNDERSTAND THAT THIS IS BIG MARKET AND DATA RECOVERY NEED MONEY ONLY !!!
9.IF YOU CHOOSE TO USE DATA RECOVERY COMPANY ASK THEM
FOR DECRYPT TEST FILE FOR YOU IF THEY CANT DO IT DO NOT BELIEVE THEM
10.Do not give data recovery companies acces to your network they make your data cant be decrypted by us -
for make more money from you !!!!! DO NOT TELL THEM YOUR COMPANY NAME BEFORE THEY GIVE YOU TEST FILE !!!!!!
Contacts :
Download the (Session) messenger (https://getsession.org)
You fined me "0585ae8a3c3a688c78cf2e2b2b7df760630377f29c0b36d999862861bdbf93380d"
MAIL:tianrui@mailum.com
通过底层分析,确认vmdk文件可以通过找出来分区信息,确认当时运行的是一个win操作系统
查看对应分区中数据情况
对于类似这种被加密的勒索的虚拟机,我们可以实现比较好的恢复效果,如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com系统安全防护措施建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
9.保存良好的备份习惯,尽量做到每日备份,异地备份。
差点被误操作的ORA-600 kcratr_nab_less_than_odr故障
晚上接到一个客户电话,数据库无法启动,咨询我的Oracle Recovery Tools工具的授权问题,我远程登录客户的环境进行查看故障,发现客户进行了一下操作导致最后open报ORA-01152错误
C:\Users\Administrator>sqlplus sys/sys as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Tue Mar 18 22:43:24 2025
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> startup mount
ORACLE instance started.
Total System Global Area 1603411968 bytes
Fixed Size 2176168 bytes
Variable Size 973081432 bytes
Database Buffers 620756992 bytes
Redo Buffers 7397376 bytes
Database mounted.
SQL> recover database;
Media recovery complete.
SQL> alter database open;
alter database open
*
ERROR at line 1:
ORA-00600: internal error code, arguments: [kcratr_nab_less_than_odr], [1],
[27890], [1589], [1649], [], [], [], [], [], [], []
SQL> recover database;
ORA-00283: 恢复会话因错误而取消
ORA-00264: 不要求恢复
SQL> alter database open;
alter database open
*
ERROR at line 1:
ORA-00600: internal error code, arguments: [kcratr_nab_less_than_odr], [1],
[27890], [1589], [1649], [], [], [], [], [], [], []
SQL> recover database until cancel;
ORA-10879: error signaled in parallel recovery slave
ORA-01547: 警告: RECOVER 成功但 OPEN RESETLOGS 将出现如下错误
ORA-01152: 文件 1 没有从过旧的备份中还原
ORA-01110: 数据文件 1: 'D:\APP\ADMINISTRATOR\ORADATA\orcl\SYSTEM01.DBF'
SQL> alter database open resetlogs;
alter database open resetlogs
*
ERROR at line 1:
ORA-01152: file 1 was not restored from a sufficiently old backup
ORA-01110: data file 1: 'D:\APP\ADMINISTRATOR\ORADATA\orcl\SYSTEM01.DBF'
SQL> RECOVER DATABASE USING BACKUP CONTROLFILE;
ORA-00279: change 17384974762395 generated at 03/18/2025 18:30:34 needed for
thread 1
ORA-00289: suggestion :
D:\APP\ADMINISTRATOR\FLASH_RECOVERY_AREA\orcl\ARCHIVELOG\2025_03_19\O1_MF_1_27
890_%U_.ARC
ORA-00280: change 17384974762395 for thread 1 is in sequence #27890
Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
D\APP\ADMINISTRATOR\ORADATA\orcl\RED001.LOG
ORA-00308: 无法打开归档日志 'D\APP\ADMINISTRATOR\ORADATA\orcl\RED001.LOG'
ORA-27041: 无法打开文件
OSD-04002: 无法打开文件
O/S-Error: (OS 3) 系统找不到指定的路径。
Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
D:\app\Administrator\oradata\orcl\RED001.LOG
ORA-00308: 无法打开归档日志 'D:\app\Administrator\oradata\orcl\RED001.LOG'
ORA-27041: 无法打开文件
OSD-04002: 无法打开文件
O/S-Error: (OS 2) 系统找不到指定的文件。
最初数据库启动报ORA-600 kcratr_nab_less_than_odr错误(这个是一个非常典型的错误,早期写过处理方法:ORA-600 kcratr_nab_less_than_odr故障解决),客户处理故障思路不太清晰,使用了recover database until cancel和alter database open resetlogs等不当操作,导致数据库没有open成功.然后希望使用我的Oracle Recovery Tools小工具进行修复,但是根据我的判断,这个故障还用不上该工具,直接可以open库.对其进行ctl重建并open库
SQL> alter database backup controlfile to trace as 'd:/ctl.txt'; Database altered. SQL> create pfile='d:/pfile.txt' from spfile; File created. SQL> shutdown immediate; ORA-01109: database not open Database dismounted. ORACLE instance shut down. SQL> startup nomount; ORACLE instance started. Total System Global Area 1603411968 bytes Fixed Size 2176168 bytes Variable Size 973081432 bytes Database Buffers 620756992 bytes Redo Buffers 7397376 bytes SQL> @d:/xifenfei/rectl.sql Control file created. SQL> SQL> SQL> recover database; Media recovery complete. SQL> alter database open; Database altered.
在open之后,数据库报ORA-600 4194错误
Wed Mar 19 01:51:12 2025
alter database open
Beginning crash recovery of 1 threads
parallel recovery started with 23 processes
Started redo scan
Completed redo scan
read 793 KB redo, 0 data blocks need recovery
Started redo application at
Thread 1: logseq 27890, block 2, scn 17384974741793
Recovery of Online Redo Log: Thread 1 Group 4 Seq 27890 Reading mem 0
Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\orcl\REDO04.LOG
Completed redo application of 0.00MB
Completed crash recovery at
Thread 1: logseq 27890, block 1589, scn 17384974762395
0 data blocks read, 0 data blocks written, 793 redo k-bytes read
Wed Mar 19 01:51:14 2025
Thread 1 advanced to log sequence 27891 (thread open)
Thread 1 opened at log sequence 27891
Current log# 2 seq# 27891 mem# 0: D:\APP\ADMINISTRATOR\ORADATA\orcl\REDO02.LOG
Successful open of redo thread 1
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Wed Mar 19 01:51:14 2025
SMON: enabling cache recovery
Successfully onlined Undo Tablespace 2.
Dictionary check beginning
Tablespace 'TEMP' #3 found in data dictionary,
but not in the controlfile. Adding to controlfile.
Tablespace 'TEMP1' #11 found in data dictionary,
but not in the controlfile. Adding to controlfile.
Dictionary check complete
Verifying file header compatibility for 11g tablespace encryption..
Verifying 11g file header compatibility for tablespace encryption completed
SMON: enabling tx recovery
*********************************************************************
WARNING: The following temporary tablespaces contain no files.
This condition can occur when a backup controlfile has
been restored. It may be necessary to add files to these
tablespaces. That can be done using the SQL statement:
ALTER TABLESPACE <tablespace_name> ADD TEMPFILE
Alternatively, if these temporary tablespaces are no longer
needed, then they can be dropped.
Empty temporary tablespace: TEMP
Empty temporary tablespace: TEMP1
*********************************************************************
Database Characterset is ZHS16GBK
No Resource Manager plan active
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_smon_4084.trc (incident=158542):
ORA-00600: 内部错误代码, 参数: [4194], [], [], [], [], [], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_158542\orcl_smon_4084_i158542.trc
Wed Mar 19 01:51:26 2025
Trace dumping is performing id=[cdmp_20250319015126]
Wed Mar 19 01:51:31 2025
Sweep [inc][158542]: completed
Sweep [inc2][158542]: completed
Wed Mar 19 01:51:35 2025
Doing block recovery for file 3 block 1415
Resuming block recovery (PMON) for file 3 block 1415
Block recovery from logseq 27891, block 86 to scn 17384974782720
Recovery of Online Redo Log: Thread 1 Group 2 Seq 27891 Reading mem 0
Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\orcl\REDO02.LOG
Block recovery stopped at EOT rba 27891.87.16
Block recovery completed at rba 27891.87.16, scn 4047.3242135803
Doing block recovery for file 3 block 264
Resuming block recovery (PMON) for file 3 block 264
Block recovery from logseq 27891, block 86 to scn 17384974782714
Recovery of Online Redo Log: Thread 1 Group 2 Seq 27891 Reading mem 0
Mem# 0: D:\APP\ADMINISTRATOR\ORADATA\orcl\REDO02.LOG
Block recovery completed at rba 27891.87.16, scn 4047.3242135803
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_smon_4084.trc:
ORA-01595: 释放区 (2) 回退段 (12) 时出错
ORA-00600: 内部错误代码, 参数: [4194], [], [], [], [], [], [], [], [], [], [], []
Wed Mar 19 01:51:36 2025
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_5680.trc (incident=158590):
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_158590\orcl_ora_5680_i158590.trc
数据库open成功,但是后台报ORA-01595/ORA-600 4194错误,这个问题比较常见,直接处理异常undo即可恢复.