Database SOS – 第38页 – Professional Database Recovery Support@+8617813235971

硬件故障导致ORA-600 2662错误处理

前几天恢复了一个40多T的CASE:ORA-00600: internal error code, arguments: [16513], [1403] 恢复,又一个近30T的库由于硬件故障,通过其他人一系列恢复之后,无法正常open,让我们提供技术支持:
故障最初原因是由于存储异常

Fri Feb 19 09:03:49 2021
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_ora_3460.trc:
ORA-01114: 将块写入文件 849 时出现 IO 错误 (块 # 3871748)
ORA-27070: 异步读取/写入失败
OSD-04016: 异步 I/O 请求排队时出错。
O/S-Error: (OS 1167) 设备没有连接。
ORA-01114: 将块写入文件 849 时出现 IO 错误 (块 # 3871748)
ORA-27070: 异步读取/写入失败
OSD-04016: 异步 I/O 请求排队时出错。
O/S-Error: (OS 1167) 设备没有连接。

通过其他人一系列处理后,数据库报ORA-600 2662错误

Sat Feb 20 08:19:35 2021
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Sat Feb 20 08:19:35 2021
SMON: enabling cache recovery
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_ora_5304.trc(incident=1960181):
ORA-00600:internal error code,arguments:[2662],[4],[2185364344], [4],[2185453722],[893388032],[],[],[],[],[],[]
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_ora_5304.trc:
ORA-00600:internal error code,arguments:[2662],[4],[2185364344], [4],[2185453722],[893388032],[],[],[],[],[],[]
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_ora_5304.trc:
ORA-00600:internal error code,arguments:[2662],[4],[2185364344], [4],[2185453722],[893388032],[],[],[],[],[],[]
Error 600 happened during db open, shutting down database
USER (ospid: 5304): terminating the instance due to error 600
Instance terminated by USER, pid = 5304
ORA-1092 signalled during: ALTER DATABASE OPEN...
opiodr aborting process unknown ospid (5304) as a result of ORA-1092
Sat Feb 20 08:19:42 2021
ORA-1092 : opitsk aborting process

通过对scn处理,数据库顺利绕过该错误,然后报ORA-600 4194错误

Doing block recovery for file 213 block 4688
No block recovery was needed
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_smon_7048.trc(incident=1984136):
ORA-00600: internal error code, arguments: [4194], [38.4.1381252], [0], [], [],[],[],[],[],[],[],[]
Sat Feb 20 10:50:45 2021
Doing block recovery for file 213 block 4688
No block recovery was needed
Fatal internal error happened while SMON was doing active transaction recovery.
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_smon_7048.trc:
ORA-00600: internal error code, arguments: [4194], [38.4.1381252], [0], [], [],[],[],[],[],[],[],[]
SMON (ospid: 7048): terminating the instance due to error 474
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_ora_6652.trc(incident=1984185):
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [4194], [], [], [], [], [], [], [], [], [], [], []
Sat Feb 20 10:50:52 2021
Instance terminated by SMON, pid = 7048

通过对异常事务进行处理,屏蔽smon进程进行回滚,数据库open成功,但是报ORA-600 4137错误

Sat Feb 20 10:53:46 2021
Sweep [inc][1992133]: completed
Stopping background process MMNL
Sat Feb 20 10:53:47 2021
Trace dumping is performing id=[cdmp_20210220105347]
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_smon_6576.trc(incident=1992134):
ORA-00600: internal error code, arguments: [4137], [23.13.3094188], [0], [0], [], [], [], [], [], [], [], []
ORACLE Instance xifenfei (pid = 14) - Error 600 encountered while recovering transaction (23, 13).
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_smon_6576.trc:
ORA-00600: internal error code, arguments: [4137], [23.13.3094188], [0], [0], [], [], [], [], [], [], [], []
Sat Feb 20 10:53:47 2021
Sweep [inc2][1992133]: completed
Sat Feb 20 10:53:47 2021
Sweep [inc][1992134]: completed
Stopping background process MMON
Trace dumping is performing id=[cdmp_20210220105348]
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_smon_6576.trc(incident=1992135):
ORA-00600: internal error code, arguments: [4137], [38.4.1381252], [0], [0], [], [], [], [], [], [], [], []
Starting background process MMON
Starting background process MMNL
Sat Feb 20 10:53:48 2021
MMON started with pid=16, OS id=6448 
ALTER SYSTEM enable restricted session;
Sat Feb 20 10:53:48 2021
MMNL started with pid=36, OS id=6840 
ORACLE Instance xifenfei (pid = 14) - Error 600 encountered while recovering transaction (38, 4).
Errors in file d:\app\administrator\diag\rdbms\xifenfei\xifenfei\trace\xifenfei_smon_6576.trc:
ORA-00600: internal error code, arguments: [4137], [38.4.1381252], [0], [0], [], [], [], [], [], [], [], []
Sat Feb 20 10:53:49 2021
Sweep [inc][1992135]: completed
Trace dumping is performing id=[cdmp_20210220105349]
replication_dependency_tracking turned off (no async multimaster replication found)
Completed: alter database open

对异常回滚段进行处理,数据库后端启动正常,不再报明显ORA-错误.通过hcheck.sql检查字典正常

HCheck Version 07MAY18 on 20-FEB-2021 11:35:11
----------------------------------------------
Catalog Version 11.2.0.1.0 (1102000100)
db_name: JYJG

                                   Catalog       Fixed
Procedure Name                     Version    Vs Release    Timestamp
Result
------------------------------ ... ---------- -- ---------- --------------
------
.- LobNotInObj                 ... 1102000100 <=  *All Rel* 02/20 11:35:11 PASS
.- MissingOIDOnObjCol          ... 1102000100 <=  *All Rel* 02/20 11:35:11 PASS
.- SourceNotInObj              ... 1102000100 <=  *All Rel* 02/20 11:35:11 PASS
.- IndIndparMismatch           ... 1102000100 <= 1102000100 02/20 11:35:12 PASS
.- InvCorrAudit                ... 1102000100 <= 1102000100 02/20 11:35:12 PASS
.- OversizedFiles              ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- PoorDefaultStorage          ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- PoorStorage                 ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- PartSubPartMismatch         ... 1102000100 <= 1102000100 02/20 11:35:12 PASS
.- TabPartCountMismatch        ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- OrphanedTabComPart          ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- MissingSum$                 ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- MissingDir$                 ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- DuplicateDataobj            ... 1102000100 <=  *All Rel* 02/20 11:35:12 PASS
.- ObjSynMissing               ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- ObjSeqMissing               ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedUndo                ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedIndex               ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedIndexPartition      ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedIndexSubPartition   ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedTable               ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedTablePartition      ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedTableSubPartition   ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- MissingPartCol              ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedSeg$                ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- OrphanedIndPartObj#         ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- DuplicateBlockUse           ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- FetUet                      ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- Uet0Check                   ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- ExtentlessSeg               ... 1102000100 <= 1102000100 02/20 11:35:13 PASS
.- SeglessUET                  ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadInd$                     ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadTab$                     ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadIcolDepCnt               ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- ObjIndDobj                  ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- TrgAfterUpgrade             ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- ObjType0                    ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadOwner                    ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- StmtAuditOnCommit           ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadPublicObjects            ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadSegFreelist              ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- BadDepends                  ... 1102000100 <=  *All Rel* 02/20 11:35:13 PASS
.- CheckDual                   ... 1102000100 <=  *All Rel* 02/20 11:35:14 PASS
.- ObjectNames                 ... 1102000100 <=  *All Rel* 02/20 11:35:14 PASS
.- BadCboHiLo                  ... 1102000100 <=  *All Rel* 02/20 11:35:14 PASS
.- ChkIotTs                    ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- NoSegmentIndex              ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- BadNextObject               ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- DroppedROTS                 ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- FilBlkZero                  ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- DbmsSchemaCopy              ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- OrphanedObjError            ... 1102000100 >  1102000000 02/20 11:35:15 PASS
.- ObjNotLob                   ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- MaxControlfSeq              ... 1102000100 <=  *All Rel* 02/20 11:35:15 PASS
.- SegNotInDeferredStg         ... 1102000100 >  1102000000 02/20 11:35:18 PASS
.- SystemNotRfile1             ... 1102000100 >   902000000 02/20 11:35:18 PASS
.- DictOwnNonDefaultSYSTEM     ... 1102000100 <=  *All Rel* 02/20 11:35:19 PASS
.- OrphanTrigger               ... 1102000100 <=  *All Rel* 02/20 11:35:19 PASS
.- ObjNotTrigger               ... 1102000100 <=  *All Rel* 02/20 11:35:19 PASS
---------------------------------------
20-FEB-2021 11:35:19  Elapsed: 8 secs
---------------------------------------
Found 0 potential problem(s) and 0 warning(s)

PL/SQL procedure successfully completed.

Statement processed.

虽然字典正常,但是由于数据库屏蔽了一致性,建议客户在条件允许的情况下,进行逻辑迁移,排除风险隐患.

ORA-00600: internal error code, arguments: [16513], [1403] 恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：ORA-00600: internal error code, arguments: [16513], [1403] 恢复

接到客户请求,存储异常断电之后,一个40多T的经分数据库无法正常启动,通过各方一系列操作之后,数据库依旧无法open,报错信息为:ORA-00600: internal error code, arguments: [16513], [1403], [28]

Sun Feb 14 00:20:09 BEIST 2021
SMON: enabling cache recovery
Sun Feb 14 00:20:09 BEIST 2021
ORA-01555 caused by SQL statement below (SQL ID: 4krwuz0ctqxdt, SCN: 0x0f27.13cd4fc3):
Sun Feb 14 00:20:09 BEIST 2021
select ctime, mtime, stime from obj$ where obj# = :1
Sun Feb 14 00:20:09 BEIST 2021
Errors in file /oracle10g/db/admin/xifenfei/udump/xifenfei1_ora_177254.trc:
ORA-00600: internal error code, arguments: [16513], [1403], [28], [], [], [], [], []
Sun Feb 14 00:20:10 BEIST 2021
Errors in file /oracle10g/db/admin/xifenfei/udump/xifenfei1_ora_177254.trc:
ORA-00704: bootstrap process failure
ORA-00704: bootstrap process failure
ORA-00600: internal error code, arguments: [16513], [1403], [28], [], [], [], [], []
Error 704 happened during db open, shutting down database
USER: terminating instance due to error 704
Instance terminated by USER, pid = 177254
ORA-1092 signalled during: ALTER DATABASE OPEN...

通过对启动过程进行跟踪

=====================
PARSING IN CURSOR #5 len=52 dep=1 uid=0 oct=3 lid=0 tim=194171381576991 hv=429618617 ad='afcee60'
select ctime, mtime, stime from obj$ where obj# = :1
END OF STMT
PARSE #5:c=0,e=257,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,tim=194171381576990
BINDS #5:
kkscoacd
 Bind#0
  oacdty=02 mxl=22(22) mxlc=00 mal=00 scl=00 pre=00
  oacflg=08 fl2=0001 frm=00 csi=00 siz=24 off=0
  kxsbbbfp=1104b8ed0  bln=22  avl=02  flg=05
  value=28
EXEC #5:c=0,e=422,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,tim=194171381577472
WAIT #5: nam='db file sequential read' ela= 274 file#=1 block#=110 blocks=1 obj#=36 tim=194171381577809
WAIT #5: nam='db file sequential read' ela= 257 file#=1 block#=78943 blocks=1 obj#=36 tim=194171381578123
WAIT #5: nam='db file sequential read' ela= 253 file#=1 block#=111 blocks=1 obj#=36 tim=194171381578416
WAIT #5: nam='db file sequential read' ela= 226 file#=1 block#=62 blocks=1 obj#=18 tim=194171381578692
=====================
PARSING IN CURSOR #6 len=142 dep=2 uid=0 oct=3 lid=0 tim=194171381579134 hv=361892850 ad='df87eb0'
select /*+ rule */ name,file#,block#,status$,user#,undosqn,xactsqn,scnbas,scnwrp,
DECODE(inst#,0,NULL,inst#),ts#,spare1 from undo$ where us#=:1
END OF STMT
PARSE #6:c=0,e=368,p=0,cr=0,cu=0,mis=1,r=0,dep=2,og=3,tim=194171381579133
BINDS #6:
kkscoacd
 Bind#0
  oacdty=02 mxl=22(22) mxlc=00 mal=00 scl=00 pre=00
  oacflg=08 fl2=0001 frm=00 csi=00 siz=24 off=0
  kxsbbbfp=1105af9a8  bln=22  avl=02  flg=05
  value=92
EXEC #6:c=0,e=531,p=0,cr=0,cu=0,mis=1,r=0,dep=2,og=3,tim=194171381579736
WAIT #6: nam='db file sequential read' ela= 232 file#=1 block#=102 blocks=1 obj#=34 tim=194171381580011
WAIT #6: nam='db file sequential read' ela= 251 file#=1 block#=54 blocks=1 obj#=15 tim=194171381580307
FETCH #6:c=0,e=615,p=2,cr=2,cu=0,mis=0,r=1,dep=2,og=3,tim=194171381580369
STAT #6 id=1 cnt=1 pid=0 pos=1 obj=15 op='TABLE ACCESS BY INDEX ROWID UNDO$ (cr=2 pr=2 pw=0 time=584 us)'
STAT #6 id=2 cnt=1 pid=1 pos=1 obj=34 op='INDEX UNIQUE SCAN I_UNDO1 (cr=1 pr=1 pw=0 time=282 us)'
WAIT #5: nam='db file sequential read' ela= 260 file#=4290 block#=365090 blocks=1 obj#=0 tim=194171381580721
FETCH #5:c=10000,e=3327,p=7,cr=7,cu=0,mis=0,r=0,dep=1,og=4,tim=194171381580817
*** 2021-02-14 02:32:40.430
ksedmp: internal or fatal error
ORA-00600: internal error code, arguments: [16513], [1403], [28], [], [], [], [], []
Current SQL statement for this session:
alter database open
----- Call Stack Trace -----
calling              call     entry                argument values in hex      
location             type     point                (? means dubious value)     
-------------------- -------- -------------------- ----------------------------
ksedst+001c          bl       ksedst1              70000090FC00AE4 ? 000000000 ?
ksedmp+0290          bl       ksedst               104C1CA58 ?
ksfdmp+02d8          bl       03F4BD0C             
kgeriv+0108          bl       _ptrgl               
kgesiv+0080          bl       kgeriv               7000008F6DB5890 ? 00000000C ?
                                                   7000008F6DB5890 ? 0FFFFFDC3 ?
                                                   0FFFFFFBF ?
ksesic2+0060         bl       kgesiv               5FFFEC580 ? 500000000 ?
                                                   FFFFFFFFFFEC590 ? 0F5FAF808 ?
                                                   7000008F5FAF7E8 ?
kqdpts+0158          bl       ksesic2              408100004081 ? 000000000 ?
                                                   00000057B ? 000000000 ?
                                                   00000001C ?
                                                   A006150571B05EF0 ?
                                                   1100CF0A8 ? 000000001 ?
kqrlfc+0274          bl       kqdpts               000000000 ?
kqlbplc+00b4         bl       03F4E6A8             
kqlblfc+0230         bl       kqlbplc              00000009D ?
adbdrv+1a9c          bl       03F4B66C             
opiexe+2db4          bl       adbdrv               
opiosq0+1ac8         bl       opiexe               1103B418C ? 000000000 ?
                                                   FFFFFFFFFFF9008 ?
kpooprx+016c         bl       opiosq0              300F1E1D4 ? 000000000 ?
                                                   000000000 ? A4FFFFFFFF9798 ?
                                                   000000000 ?
kpoal8+03cc          bl       kpooprx              FFFFFFFFFFFB814 ?
                                                   FFFFFFFFFFFB5C0 ?
                                                   1300000013 ? 100000001 ?
                                                   000000000 ? A40000000000A4 ?
                                                   000000000 ? 1103B4378 ?
opiodr+0b2c          bl       _ptrgl               
ttcpip+1020          bl       _ptrgl               
opitsk+117c          bl       01FBD04C             
opiino+09d0          bl       opitsk               1EFFFFD7E0 ? 000000000 ?
opiodr+0b2c          bl       _ptrgl               
opidrv+04a4          bl       opiodr               3C102B1398 ? 404C6FF30 ?
                                                   FFFFFFFFFFFF7A0 ? 0102B1390 ?
sou2o+0090           bl       opidrv               3C02705B3C ? 440663000 ?
                                                   FFFFFFFFFFFF7A0 ?
opimai_real+01bc     bl       01FB9BF4             
main+0098            bl       opimai_real          000000000 ? 000000000 ?
__start+0098         bl       main                 000000000 ? 000000000 ?
 
--------------------- Binary Stack Dump ---------------------

报错比较明显,数据库在查询obj$取obj#=28的数据的时候无法正常获取到该数据,从而报错ORA-600 16513错误.通过对相关block进行分析,发现有事务异常

BBED>  p ktbbh.ktbbhitl[1]
struct ktbbhitl[1], 24 bytes                @44
   struct ktbitxid, 8 bytes                 @44
      ub2 kxidusn                           @44       0x5c00
      ub2 kxidslt                           @46       0x0a00
      ub4 kxidsqn                           @48       0x48b4fc01
   struct ktbituba, 8 bytes                 @52
      ub4 kubadba                           @52       0x22928531
      ub2 kubaseq                           @56       0xe383
      ub1 kubarec                           @58       0x01
   ub2 ktbitflg                             @60       0x0120 (NONE)
   union _ktbitun, 2 bytes                  @62
      b2 _ktbitfsc                          @62       0
      ub2 _ktbitwrp                         @62       0x0000
   ub4 ktbitbas                             @64       0x95c2ff13

通过一些技巧处理规避掉该事务,然后启动库报熟悉的ORA-01555错误

相对比较简单参考(在数据库open过程中常遇到ORA-01555汇总),数据库顺利open成功,完成春节后第一个大库的恢复

.IQ0003后缀名勒索恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.IQ0003后缀名勒索恢复

接到客户请求,数据库文件被加密成扩展名为:.IQ0003

对应的HOW_TO_RECOVERY_FILES.txt文件内容为:

It's your IDENTIFER:
2EF9BE910E1AEBFF7FBD25107D5A10AAE4339771AD674E1A1F0046028B621009
FAA9B630BA4BB061874575AC0E0D42E2FCE86925E163A4005F43175D667E3846
47841028CC302707874E00127D3BC85E9FCE8AD523CD6B68CF3DCFB3FF6875EB
732842733231AA908EC047A68F658D14D4C3DE2C7C4E78846335367544DCC10F
FD770BD8F1D29868067FE46DB43480CCEABCE012D9F1D4C1904AC8C86779DF4D
E28E2EB268835AD5845FAE6EA1C679838E2FAC8F705FFDCBA891147F997F171B
6760E46E68CFBE9E511416CCBBBA46B57A20AEE1BEE1B15DF03178BD7B0A40B8
3D12424209E78ED267CAF1C6C594C8B5EF95FC239C532FEE75A4E430C642AB50
B942EA04068A2FDF6D6B67BB5C5697B0B5678449D1FB7A2464E0F2C307577E97
E1D21799C64BF9762187930BE2D10F4408DD4258255313E880724FC07A173EFE
E17E75E542AA1BB83C9500DE6829EC00BF90578A2D781740D1C173BCF0BF656F
51260E94D2398FE5ADD316C52D82F63A0B7FA00F9812911E32C412AC788D4AE1
9DBEE9EA9B398C0307F4C3326E07712162DCC0EF7EA7CCEB77246F718721EE89
837F4E36BB987094507E3FF5E7C1ABECBA764BDAE1B4BCF337B09413CABE5621
875E72CF70A1B70F48185A121E75E44B29CF0E211E76BC3CE41E9097200B2D97
E62ABF49B37832003D78DC3DD482DE62FDA4EEBA445AF323846C530A29FEC09D
7E63543CF2ED96AD0A076AB578C6450B2EFF5D4663B9F9C546B40605ED801218
CBB2B3B641120216F2E94EE6A4B04E115341897323E160316A9BE35FF6B75D4A
9487EF923E0575DB34A85241888FB507A25BA1FE26ACEB81579796F8B5BEE818
C3D3548EACF82D80B002ACFA5C7B0B08042B5DDDE764473628057D97EC3584A3
DFC33147A973EC7FD81051F0AA741E2C79BDC7EC28B0774A00A4E74A3F1AFB76
B6DFDDB6B956896094267F52BC661806159757A0485157A5E61D9AF45532CED9
21D99EA1DBB27C15DE8547E7A9E06A7B2708251740246DA07BD9E33F513F2165
D935C7B7597B347C41CDBCF6275E2365639C10BB9A0C84F178B258B8BCC33F86
C46A5E431267C27141BA27A53BBBB57000B230D35CE1889E3E790A8072BE8E93
9F721DFBD6D26C000B

HELLO

All YOU FILES ENCRYPTED

If you need recover your files:
1)send message with your personal IDENTIFER to helpyouhelpyou@cock.li and add 1 infected files from your server!
2)speak only by ENGLISH!
3)doesn't use free decryption tools, you can damage your files!

ONLY helpyouhelpyou@cock.li can HELP YOU!
helpyouhelpyou@cock.li
helpyouhelpyou@cock.li
helpyouhelpyou@cock.li

通过对数据块检查分析确认绝大部分block都是好的

通过底层技术处理,实现绝大部分数据恢复

如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持，请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

.Globeimposter-Alpha666qqz加密恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.Globeimposter-Alpha666qqz加密恢复

接到一个文件系统被勒索病毒加密的sql server数据库恢复请求

通过分析该文件

其中大部分block都是好的,通过sql server底层处理实现绝大部分数据恢复

如果此类的数据库文件(oracle,mysql,sql server)等被加密,需要专业恢复技术支持，请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

Assistant: Download Reference for Oracle Database/GI PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases-202101

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：Assistant: Download Reference for Oracle Database/GI PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases-202101

由于11.2.0.4和12.1.0.1及其以下版本已经停止patch更新（过了oracle服务周期）,这里提供12.1.0.2及其以后版本的patch信息

19.0.0.0
Description	OJVM Update	OJVM + DB Update	OJVM + GI Update
JAN2021 (19.10.0.0.210119)	32067171	32126828	32126842
OCT2020 (19.9.0.0.201020)	31668882	31720396	31720429
JUL2020 (19.8.0.0.200714)	31219897	31326362	31326369
APR2020 (19.7.0.0.200414)	30805684	30783543	30783556
JAN2020 (19.6.0.0.200114)	30484981	30463595	30463609
OCT2019 (19.5.0.0.191015)	30128191	30133124	30133178
JUL2019 (19.4.0.0.190716)	29774421	29699079	29699097
APR2019 (19.3.0.0.190416)	29548437	29621253	29621299

19.0.0.0
Release	DB Revision 1	DB Revision 2	GI Revision 1	GI Revision 2
JAN2021	32072711 (19.9.1.0.0)	32066676 (19.8.2.0.0)	32127230 (19.9.1.0.0)	32127175 (19.8.2.0.0)
OCT2020	31666885 (19.8.1.0.0)	31667176 (19.7.2.0.0)	31719890 (19.8.1.0.0)	31719845 (19.7.2.0.0)
JUL2020	31204483 (19.7.1.0.0)	31212138 (19.6.2.0.0)	31326441 (19.7.1.0.0)	31326451 (19.6.2.0.0)
APR2020	30797938 (19.6.1.0.0)	30830913 (19.5.2.0.0)	30923276 (19.6.1.0.0)	30923448 (19.5.2.0.0)
JAN2020	30446054 (19.5.1.0.0)	30446228 (19.4.2.0.0)	30464035 (19.5.1.0.0)	30463911 (19.4.2.0.0)
OCT2019	30080447 (19.4.1.0.0)	30087906 (19.3.2.0.0)	30134717 (19.4.1.0.0)	30135696 (19.3.2.0.0)

18.0.0.0
Description	OJVM Update	OJVM + DB Update	OJVM + GI Update
JAN2021 (18.13.0.0.210119)	32119939	32126855	32126862
OCT2020 (18.12.0.0.201020)	31668892	31720435	31720457
JUL2020 (18.11.0.0.200714)	31219909	31326374	31326376
APR2020 (18.10.0.0.200414)	30805598	30783603	30783607
JAN2020 (18.9.0.0.200114)	30501926	30463620	30463635
OCT2019 (18.8.0.0.191015)	30133603	30133203	30133246
JUL2091 (18.7.0.0.190716)	29774410	29699112	29699160
APR2019 (18.6.0.0.190416)	29249584	29249695	29251992
JAN2019 (18.5.0.0.190115)	28790647	28980087	28980105
OCT2018 (18.4.0.0.181016)	28502229	28689117	28689122
JUL2018 (18.3.0.0.180717)	27923415	28317326	28317346
APR2018 (18.2.0.0.180417)	27636900	27726465	27726470

18.0.0.0
Release	DB Revision 1	DB Revision 2	GI Revision 1	GI Revision 2
JAN2021	32072459 (18.12.1.0.0)	32066686 (18.11.2.0.0)	32127237 (18.12.1.0.0)	32127180 (18.11.2.0.0)
OCT2020	31666917 (18.11.1.0.0)	31667173 (18.10.2.0.0)	31719758 (18.11.1.0.0)	31719777 (18.10.2.0.0)
JUL2020	31211410 (18.10.1.0.0)	31212186 (18.9.2.0.0)	31326437 (18.10.1.0.0)	31326455 (18.9.2.0.0)
APR2020	30798089 (18.9.1.0.0)	30830887 (18.8.2.0.0)	30923313 (18.9.1.0.0)	30923359 (18.8.2.0.0)
JAN2020	30445895 (18.8.1.0.0)	30446239(18.7.2.0.0)	30463999 (18.8.1.0.0)	30463931 (18.7.2.0.0)
OCT2019	30080518 (18.7.1.0.0)	30087881(18.6.2.0.0)	30135098 (18.7.1.0.0)	30134851 (18.6.2.0.0)
JUL2019	29708235 (18.6.1.0.0)	29708437(18.5.2.0.0)	29708736 (18.6.1.0.0)	29708805 (18.5.2.0.0)
APR2019	29230887 (18.5.1.0.0)	29230809(18.4.2.0.0)	29231062 (18.5.1.0.0)	29230841 (18.4.2.0.0)
JAN2019	28822587 (18.4.1.0.0)	28790643(18.3.2.0.0)	28833172 (18.4.1.0.0)	28833251 (18.3.1.0.0)
OCT2018	28507480 (18.3.1.0.0)	28601267(18.2.2.0.0)	28660077 (18.3.1.0.0)	28702032 (18.2.2.0.0)
JUL2018	28346593 (18.2.1.0.0)		28276290 (18.2.1.0.0)

12.2.0.1
Description	OJVM Update	OJVM Windows Bundle Patch	Combo OJVM + DB Update	Combo OJVM + GI Update
JAN2021 (12.2.0.1.210119)	32119931	32142294	32126871	32226491
OCT2020 (12.2.0.1.201020)	31668898	31740064	31720473	31720486
JUL2020 (12.2.0.1.200714)	31219919	31465105	31326379	31326390
APR2020 (12.2.0.1.200414)	30805580	31035002	30783641	30783652
JAN2020 (12.2.0.1.200114)	30502018	30525838	30463660	30463673
OCT2019 (12.2.0.1.191015)	30133625	30268021	30133374	30133386
JUL2019 (12.2.0.1.190716)	29774415	29837425	29699168	29699173
APR2019 (12.2.0.1.190416)	29249637	29281550	29252035	29252072
JAN2019 (12.2.0.1.190115)	28790651	28994068	28980102	28980109
NOV2018 (12.2.0.1.181130)	NA	28412314	NA	NA
OCT2018 (12.2.0.1.181016)	28440725	28412312	28689128	28689130
JUL2018 (12.2.0.1.180717)	27923353	28135129	28317292	28317269
APR2018 (12.2.0.1.180417)	27475613	27650410	27726453	27726454
JAN2018 (12.2.0.1.180116)	27001739	27162975	27010695	27010711
OCT2017 (12.2.0.1.171017)	26635944	26792369	26636004	26636246
AUG2017 (12.2.0.1.170814)	N/A	26565082	26550033	26550314
JUL2017 (12.2.0.1.170718)	25811364	26182467	26146314	26146318

12.2.0.1
Description	Database Update	GI Update	Windows Bundle Patch
JAN2021 (12.2.0.1.210119)	32228578	32226491	31987852
OCT2020 (12.2.0.1.201020)	31741641	31750094	31654782
JUL2020 (12.2.0.1.200714)	31312468	31305382	31210848
APR2020 (12.2.0.1.200414)	30886680	30920127	30861472
JAN2020 (12.2.0.1.200114)	30593149	30501932	30446296
OCT2019 (12.2.0.1.191015)	30138470	30116802	30150416
JUL2019 (12.2.0.1.190716)	29757449	29708720	29832062
APR2019 (12.2.0.1.190416)	29314339	29301687	29394003
JAN2019 (12.2.0.1.190115)	28822515	28828733	28810696
NOV2018 (12.2.0.1.181130)	NA	NA	28810550 (64bit)
OCT2018 (12.2.0.1.181016)	28662603	28714316	28574555
JUL2018 (12.2.0.1.180717)	28163133	NA	27937914
APR2018 (12.2.0.1.180417)	27674384	27468969	27426753
JAN2018 (12.2.0.1.180116)	27105253	27100009	27162931
NOV2017 (12.2.0.1.171121)	NA	27010638	NA
OCT2017 (12.2.0.1.171017)	26710464	26737266	26758841
AUG2017 (12.2.0.1.170814)	26609817	26610291	26204214
JUL2017 (12.2.0.1.170718)	26123830	26133434	26204212

12.1.0.2
Description	OJVM PSU (Linux/Unix)	OJVM BP (Windows)	Combo OJVM + DB PSU	Combo OJVM + GI PSU	Combo OJVM + DB Proactive BP	Generic JDBC
JAN2021 (12.1.0.2.210119)	32119956	32142066	32126886	32126899	32126908	Included in OJVM PSU
OCT2020 (12.1.0.2.201020)	31668915	31740134	31720729	31720761	31720769	Included in OJVM PSU
JUL2020 (12.1.0.2.200714)	31219939	31465095	31326396	31326400	31326402	Included in OJVM PSU
APR2020 (12.1.0.2.200414)	30805558	31037459	30783658	30783882	30783885	Included in OJVM PSU
JAN2020 (12.1.0.2.200114)	30502041	30671054	30463684	30463691	30463708	Included in OJVM PSU
OCT2019 (12.1.0.2.191015)	30128197	30268189	30133412	30133443	30133464	Included in OJVM PSU
JUL2019 (12.1.0.2.190716)	29774383	29837393	29699220	29699244	29699255	Included in OJVM PSU
APR2019 (12.1.0.2.190416)	29251241	29447962	29252146	29252164	29252171	Included in OJVM PSU
JAN2019 (12.1.0.2.190115)	28790654	28994063	28980115	28980120	28980123	Included in OJVM PSU
NOV2018 (12.1.0.2.181130)	NA	28412301	NA	NA	NA	Included in OJVM PSU
OCT2018 (12.1.0.2.181016)	28440711	28412299	28689146	28689148	28689151	Included in OJVM PSU
JUL2018 (12.1.0.2.180717)	27923320	28135126	28317232	28317214	28317206	Included in OJVM PSU
APR2018 (12.1.0.2.180417)	27475603	27650403	27726471	27726478	27726492	Included in OJVM PSU
JAN2018 (12.1.0.2.180116)	27001733	27162998	27010839	27010888	27010941	Included in OJVM PSU
OCT2017 (12.1.0.2.171017)	26635845	26792364	26636270	26636286	26636295	Included in OJVM PSU
AUG2017 (12.1.0.2.170814)	N/A	26182441	26550023	26550339	26550390	Included in OJVM PSU
JUL2017 (12.1.0.2.170718)	26027162	26182439	25901056	26030704	26030586	Included in OJVM PSU
APR2017 (12.1.0.2.170418)	25437695	25590993	25433980	25434018	25437795	Included in OJVM PSU
JAN2017 (12.1.0.2.170117)	24917972	25112498	24917069	24917916	24917987	Included in OJVM PSU
OCT2016 (12.1.0.2.161018)	24315824	24591630	24433133	24433148	24436306	Included in OJVM PSU
JUL2016 (12.1.0.2.160719)	23177536	23515290	23615289	23615308	23615334	23727148 (Included in OJVM PSU)
APR2016 (12.1.0.2.160419)	22674709	22839633	22738582	22738641	22738657	N/A
JAN2016 (12.1.0.2.160119)	22139226	22311086	22191659	22191676	22378102
OCT2015	21555660 (12.1.0.2.5)	21788394 (12.1.0.2.4)	21520444	21523260	21744313
JUL2015	21068507 (12.1.0.2.4)	21153530 (12.1.0.2.3)	21150768	21150782	21150792
APR2015	20415564 (12.1.0.2.3)	20391199 (12.1.0.2.2)	20834354	20834538	20834553
JAN2015	19877336 (12.1.0.2.2)	20225938 (12.1.0.2.1)	20132434	20132450	20132462
OCT2014 (12.1.0.2.1)	19282028		19791366	19791375	19791399

12.1.0.2
Description	PSU	GI PSU	Proactive Bundle Patch	Bundle Patch (Windows 32bit & 64bit)
JAN2021 (12.1.0.2.210119)	31985579	32131261	32131231	32000405
OCT2020 (12.1.0.2.201020)	31550110	31718737	31718813	31658987
JUL2020 (12.1.0.2.200714)	31113348	31305174	31307682	31211574
APR2020 (12.1.0.2.200414)	30700212	30805421	30805478	30861721
JAN2020 (12.1.0.2.200114)	30340202	30464119	30464171	30455401
OCT2019 (12.1.0.2.191015)	29918340	30070257	30070242	30049606
JUL2019 (12.1.0.2.190716)	29494060	29698592	29698629	29831650
APR2019 (12.1.0.2.190416)	29141015	29176115	29176139	29413116
JAN2019 (12.1.0.2.190115)	28729169	28813884	28833531	28810679
NOV2018 (12.1.0.2.181130)	NA	NA	NA	28810544 (64bit)
OCT2018 (12.1.0.2.181016)	28259833	28349311	28349951	28563501
JUL2018 (12.1.0.2.180717)	27547329	27967747	27968010	27937907
APR2018 (12.1.0.2.180417)	27338041	27468957	27486326	27440294
JAN2018 (12.1.0.2.180116)	26925311	27010872	27010930	27162953
OCT2017 (12.1.0.2.171017)	26713565	26635815	26635880	26720785
AUG2017(12.1.0.2.170814)	26609783	26610308	26610322	26161726
JUL2017 (12.1.0.2.170718)	25755742	25901062	26022196	26161724
APR2017 (12.1.0.2.170418)	25171037	25434003	25433352	25632533
JAN2017 (12.1.0.2.170117)	24732082	24917825	24968615	25115951
OCT2016 (12.1.0.2.161018)	24006101	24412235	24448103	24591642
JUL2016 (12.1.0.2.160719)	23054246	23273629	23273686	23530387
APR2016 (12.1.0.2.160419)	22291127	22646084	22899531	22809813
JAN2016 (12.1.0.2.160119)	21948354	22191349	22243551	22310559
OCT2015	21359755 (12.1.0.2.5)	21523234 (12.1.0.2.5)	21744410 (12.1.0.2.13)	21821214 (12.1.0.2.10)
JUL2015	20831110 (12.1.0.2.4)	20996835 (12.1.0.2.4)	21188742 (12.1.0.2.10)	21126814 (12.1.0.2.7)
APR2015	20299023 (12.1.0.2.3)	20485724 (12.1.0.2.3)	20698050 (12.1.0.2.7)	20684004 (12.1.0.2.4)
JAN2015	19769480 (12.1.0.2.2)	19954978 (12.1.0.2.2)	20141343 (12.1.0.2.4)	19720843 (12.1.0.2.1)
OCT2014	19303936 (12.1.0.2.1)	19392646 (12.1.0.2.1)	19404326 (12.1.0.2.1)	N/A

参考：Assistant: Download Reference for Oracle Database/GI Update, Revision, PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases (Doc ID 2118136.2)

.sql文件被加密恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.sql文件被加密恢复

接到客户请求,有win系统文件被加密勒索,其中有一个mysql的.sql备份最为重要,咨询我们是否可以恢复.通过底层技术分析,确认该文件绝大部分数据可以恢复.

通过winhex分析,发现该文件主要对部分数据进行了加密

通过底层技术处理,可以实现绝大部分数据恢复

如果此类的Sql文件被加密,需要专业恢复技术支持，请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

ORA-600 3020错误引起ORA-600 2663

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：ORA-600 3020错误引起ORA-600 2663

数据库recover异常ORA-600 3020

SQL> recover database using backup controlfile until cancel;
ORA-00279: change 5693717234723 generated at 01/19/2021 10:44:52 needed for
thread 1
ORA-00289: suggestion : +RECOVER/arch/1_294845_938895110.dbf
ORA-00280: change 5693717234723 for thread 1 is in sequence #294845


Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
+BACKUP/xifenfei/onlinelog/group_5.258.973180257
ORA-00279: change 5693717234723 generated at 01/15/2021 11:41:15 needed for
thread 2
ORA-00289: suggestion : +RECOVER/arch/2_336576_938895110.dbf
ORA-00280: change 5693717234723 for thread 2 is in sequence #336576


Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
+DATA1/xifenfei/onlinelog/group_8.298.962885887
ORA-00600: internal error code, arguments: [3020], [128], [248606],
[537119518], [], [], [], [], [], [], [], []
ORA-10567: Redo is inconsistent with data block (file# 128, block# 248606, file
offset is 2036580352 bytes)
ORA-10564: tablespace UNDOTBS1
ORA-01110: data file 128: '+DATA1/xifenfei/datafile/undotbs1_02.dbf'
ORA-10560: block type 'KTU UNDO BLOCK'


ORA-01112: media recovery not started

这个错误比较简单,一般是允许坏块继续恢复

SQL> recover database using backup controlfile allow 1 corruption;
ORA-00279: change 5693717234839 generated at 01/19/2021 10:44:52 needed for
thread 1
ORA-00289: suggestion : +RECOVER/arch/1_294845_938895110.dbf
ORA-00280: change 5693717234839 for thread 1 is in sequence #294845


Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
+BACKUP/xifenfei/onlinelog/group_5.258.973180257
ORA-00279: change 5693717234839 generated at 01/15/2021 11:41:15 needed for
thread 2
ORA-00289: suggestion : +RECOVER/arch/2_336576_938895110.dbf
ORA-00280: change 5693717234839 for thread 2 is in sequence #336576


Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
+DATA1/xifenfei/onlinelog/group_8.298.962885887
ORA-00279: change 5693717637654 generated at 01/19/2021 10:47:25 needed for
thread 1
ORA-00289: suggestion : +RECOVER/arch/1_294846_938895110.dbf
ORA-00280: change 5693717637654 for thread 1 is in sequence #294846
ORA-00278: log file '+BACKUP/xifenfei/onlinelog/group_5.258.973180257' no longer
needed for this recovery


Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
+RECOVER/xifenfei/onlinelog/group_3.258.973180321
ORA-00279: change 5693717705759 generated at 01/19/2021 10:48:07 needed for
thread 1
ORA-00289: suggestion : +RECOVER/arch/1_294847_938895110.dbf
ORA-00280: change 5693717705759 for thread 1 is in sequence #294847
ORA-00278: log file '+RECOVER/xifenfei/onlinelog/group_3.258.973180321' no
longer needed for this recovery


Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
+BACKUP/xifenfei/onlinelog/group_7.265.973181365
Log applied.
Media recovery complete.

后续重建ctl,尝试recover库,报ORA-10877错误

SQL> startup mount pfile='/tmp/pfile'
ORACLE instance started.

Total System Global Area 1.0088E+10 bytes
Fixed Size		    2261928 bytes
Variable Size		 2181041240 bytes
Database Buffers	 7851737088 bytes
Redo Buffers		   53149696 bytes
Database mounted.
SQL> recover database;
ORA-10877: error signaled in parallel recovery slave


--对应的alert日志
Wed Jan 20 13:34:04 2021
ALTER DATABASE RECOVER  database  
Media Recovery Start
 started logmerger process
Parallel Media Recovery started with 64 slaves
Wed Jan 20 13:34:06 2021
Errors in file /u01/app/oracle/diag/rdbms/xifenfei/xifenfei1/trace/xifenfei1_pr00_50593.trc:
ORA-00313: open failed for members of log group 7 of thread 1
Media Recovery failed with error 313
Errors in file /u01/app/oracle/diag/rdbms/xifenfei/xifenfei1/trace/xifenfei1_pr00_50593.trc:
ORA-00283: recovery session canceled due to errors
ORA-00313: open failed for members of log group 7 of thread 1
ORA-10877 signalled during: ALTER DATABASE RECOVER  database  ...

resetlogs失败open数据库失败,ORA-600 2663

Wed Jan 20 13:42:34 2021
Setting recovery target incarnation to 2
Initializing SCN for created control file
Database SCN compatibility initialized to 3
Warning - High Database SCN: Current SCN value is 5693718057561, threshold SCN value is 0
If you have not previously reported this warning on this database, please notify Oracle Support so that additional diagnosis can be performed.
Wed Jan 20 13:42:35 2021
Assigning activation ID 3801294256 (0xe29325b0)
Thread 1 opened at log sequence 1
  Current log# 1 seq# 1 mem# 0: +RECOVER/xifenfei/onlinelog/group_1.260.973179783
  Current log# 1 seq# 1 mem# 1: +BACKUP/xifenfei/onlinelog/group_1.260.973179787
Successful open of redo thread 1
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Wed Jan 20 13:42:35 2021
SMON: enabling cache recovery
Errors in file /u01/app/oracle/diag/rdbms/xifenfei/xifenfei1/trace/xifenfei1_ora_52800.trc  (incident=189187):
ORA-00600: internal error code, arguments: [2663], [1325], [2886390384], [1325], [2886403118], [], [], [], [], [], [], []
Incident details in: /u01/app/oracle/diag/rdbms/xifenfei/xifenfei1/incident/incdir_189187/xifenfei1_ora_52800_i189187.trc
Wed Jan 20 13:42:38 2021
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
Errors in file /u01/app/oracle/diag/rdbms/xifenfei/xifenfei1/trace/xifenfei1_ora_52800.trc:
ORA-00600: internal error code, arguments: [2663], [1325], [2886390384], [1325], [2886403118], [], [], [], [], [], [], []
Errors in file /u01/app/oracle/diag/rdbms/xifenfei/xifenfei1/trace/xifenfei1_ora_52800.trc:
ORA-00600: internal error code, arguments: [2663], [1325], [2886390384], [1325], [2886403118], [], [], [], [], [], [], []
Error 600 happened during db open, shutting down database
USER (ospid: 52800): terminating the instance due to error 600

这个错误比较明显,由于scn的异常导致,通过调整scn,数据库正常open成功,然后使用hcheck检查数据库字典一致(运气不错),没有太大问题,后续建议客户进行逻辑迁移

Alpha865qqz.id 加密数据库恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：Alpha865qqz.id 加密数据库恢复

接到一网友新的加密勒索文件恢复请求,加密文件类似:

对应的!!! HOW TO BACK YOUR FILES !!!.TXT文件说明

                   YOUR FILES ARE ENCRYPTED !!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.

To get the decrypt tool you should:

1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 
4.We can decrypt few files in quality the evidence that we have the decoder.


 DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU!CONTACT US:

China.Helper@aol.com

                   ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:

Your personal ID: 5CF-DFF-C78

Attention!
 * Do not rename encrypted files.
 * Do not try to decrypt your data using third party software, it may cause permanent data loss.
 * Decryption of your files with the help of third parties may cause increased price (they add their fee to our)
 or you can become a victim of a scam.

通过winhex分析文件损坏情况,确认绝大部分数据是ok的

基于这样的情况,从通过我们专业工具进行最大限度恢复实现绝大部分数据恢复

如果此类的Sql Server/Oracle等数据库被加密,需要专业恢复技术支持，请联系我们:
电话/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

incaseformat 病毒删除文件恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：incaseformat 病毒删除文件恢复

一夜之间大量朋友反馈:电脑中除C盘之外的其他磁盘文件都被删除，且磁盘中可能被创建“incaseformat”文本文档

使用360扫描病毒如下

确认问题原因是电脑中病毒后，病毒文件通过DeleteFileA和RemoveDirectory代码实现了删除文件和目录的行为。此病毒启动后将自身复制到C:\WINDOWS\tsay.exe并创建启动项退出，等待重启运行，下次开机启动后约20s就开始删除行。发现文件不见了但空间占用还正常的，不要重启，先备份数据库。如果不小心已经重启而且无法恢复数据.请不要对该分区进行任何写操作,数据理论上绝大部分可以恢复.如果无法恢复,或者恢复出来的文件大量坏块,无法正常使用,可以联系我们进行最大限度恢复.

xfs文件系统mysql删库恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：xfs文件系统mysql删库恢复

有客户在centos 8操作系统上运行的mysql库,本来想删除一个测试表,结果反选了表,导致除该表之外表均被删除,大概有几百张表被删除.客户误操作之后,又使用一个月之前备份导致了十几张表然后终止,关闭机器,保护现场,请求我们给予支持.通过分析,发现该数据库放在/分区下面,第一时间和客户协商,对该分区进行镜像,防止由于系统运行引起的进一步覆盖.对于这类故障大概恢复思路:
1. 通过对xfs文件系统反删除操作,恢复可以恢复的被删除的mysql相关表文件

2. 对于该恢复出来的文件(包含ibd,myd),使用专业mysql工具进行恢复

3.对于异常的表,比如ibd部分损坏,缺少frm等,通过人工修复和单个对象扫描进行恢复
1)使用恢复方法:[MySQL异常恢复]mysql ibd文件恢复
2)使用4的方法进行恢复
4.对于xfs文件系统没有恢复出来的文件的表,尝试底层扫描尽可能恢复数据
恢复参考:MySQL drop database恢复(恢复方法同样适用MySQL drop table,delete,truncate table)
如果您遇到MySQL恢复问题无法自行解决,请联系我们提供专业服务,最大程度减小您的损失：
Phone:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
我们数据库恢复原则:最大限度恢复数据,最大限度减少业务影响时间,最大程度让客户满意