Database SOS – 第43页 – Professional Database Recovery Support@+8617813235971

.lockbit加密数据库恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.lockbit加密数据库恢复

有一例oracle数据库被加密,后缀名为:.lockbit

Restore-My-Files.txt文件内容:

通过对加密文件的恢复,确认每个文件只是破坏了一部分数据块

通过底层分析和恢复,对于该文件中的未损坏block数据均可以恢复,最大程度减少客户因为加密带来的损失

我们有大量类似数据文件被加密经验,如果您遇到此类加密情况,需要解决,可以联系我们,提供专业数据库恢复支持
Phone:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

又一例oracle数据文件被加密恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：又一例oracle数据文件被加密恢复

有客户oracle数据库文件被加密,后缀名为:.z33m8rvi,txt文件内容如下

加密的数据文件为:

通过分析文件,我们判断这种加密情况,数据文件中所有数据均可恢复,通过对文件进行恢复之后,数据库直接打开,数据正常导出

如果您遇到此类加密情况,无法解决请联系我们，提供专业ORACLE数据库恢复技术支持
Phone:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com

asm磁盘dd破坏恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：asm磁盘dd破坏恢复

有客户和我们反馈,由于运维人员操作错误,对一个磁盘组的asm disk进行了dd操作,导致部分数据丢失(客户数据文件存放在两个磁盘组中,其中一个被dd掉[误以为只是存放归档,其实由于第一个磁盘组空间不足,把部分数据文件放进该磁盘组])

通过对asm 日志进行分析发现被dd的磁盘是一个磁盘组,以前恢复过类似的asm 磁盘被dd的案例(asm磁盘头全部损坏数据0丢失恢复,上次因为dd破坏较少,所以可以通过修复磁盘组直接恢复出来里面数据,但是这次被dd了50M,直接修复磁盘头恢复数据基本上不太可能.通过工具对其进行磁盘扫描,参考:asm disk header 彻底损坏恢复,对扫描结果进行分析,发现不少数据块是重复,无法较好的实现重组效果.

类似出现这样的情况一般是由于该asm磁盘组中有同一个文件号的数据多份(比如一个磁盘组中有两个库,同一个数据文件存储多份),通过方面分析,该库没有文件多份存储而且该磁盘组中只有一个数据库.进一步分析仅有的asm alert日志(大部分日志被清除),发现类似信息

Sun Mar 14 05:25:40 CST 2020
NOTE: F1X0 found on disk 0 fcn 0.60289025
NOTE: cache opening disk 0 of grp 2: HIS_FLASH00 label:HIS_FLASH00
NOTE: cache opening disk 1 of grp 2: HIS_FLASH01 label:HIS_FLASH01
NOTE: cache opening disk 2 of grp 2: HIS_FLASH02 label:HIS_FLASH02
NOTE: cache opening disk 3 of grp 2: HIS_DATA03 label:HIS_DATA03
NOTE: cache mounting (first) group 2/0xCCD84BCB (HIS_FLASH)
* allocate domain 2, invalid = TRUE 
kjbdomatt send to node 0
Sun Mar 14 05:25:40 CST 2020
NOTE: attached to recovery domain 2
Sun Mar 14 05:25:40 CST 2020
NOTE: starting recovery of thread=1 ckpt=405.816 group=2
NOTE: advancing ckpt for thread=1 ckpt=405.819
NOTE: cache recovered group 2 to fcn 0.65493064
Sun Mar 14 05:25:40 CST 2020
NOTE: LGWR attempting to mount thread 1 for disk group 2
NOTE: LGWR mounted thread 1 for disk group 2
NOTE: opening chunk 1 at fcn 0.65493064 ABA 
NOTE: seq=406 blk=820 
Sun Mar 14 05:25:40 CST 2020
NOTE: cache mounting group 2/0xCCD84BCB (HIS_FLASH) succeeded
SUCCESS: diskgroup HIS_FLASH was mounted
Sun Mar 14 05:25:42 CST 2020
NOTE: recovering COD for group 2/0xccd84bcb (HIS_FLASH)
SUCCESS: completed COD recovery for group 2/0xccd84bcb (HIS_FLASH)
Sun Mar 14 05:25:47 CST 2020
Starting background process ASMB
ASMB started with pid=17, OS id=14599

初步可以定位,很可能是由于在3月份对该磁盘组进行了扩容,从而发生了数据文件的rebalance操作,从而出现了某些block有重复现象,对于这类情况,通过结合asm字典信息进行分析可以完全规避该问题,对数据文件进行恢复,dbv进行检查,一切正常

对所有文件类似处理,结合正常磁盘组中数据文件,对数据库进行直接open,实现完美恢复.
如果您遇到此类情况,无法解决请联系我们，提供专业ORACLE数据库恢复技术支持
Phone:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
这次数据能够完美恢复属于侥幸,因为asm disk被dd了50M(正常情况下4个磁盘的磁盘组每个磁盘dd 50M之后,很可能有部分数据文件被覆盖,该客户该磁盘组最初是存储归档日志,因此数据文件写入位置相对比较靠后,从而没有被dd破坏)

12.2数据库启动报ORA-007445 lmebucp错误

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：12.2数据库启动报ORA-007445 lmebucp错误

有一个客户找到我们,说他们是数据库启动之时报的错误和数据库不能open 报ORA-7445 lmebucp错类似,让我们对其进行恢复支持,通过分析确定客户数据库版本为12.2.0.1

Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Productio
PL/SQL Release 12.2.0.1.0 - Production	
CORE 12.2.0.1.0 Production	
TNS for Linux: Version 12.2.0.1.0 - Production	
NLSRTL Version 12.2.0.1.0 - Production

alert日志报错

--最初报错
2020-05-11T03:43:06.787164+08:00
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_m004_3253.trc  (incident=639048):
ORA-00600: 内部错误代码, 参数: [kkpo_rcinfo_defstg:delseg], [72280], [], [], [], [], [], [], [], [], [], []
Incident details in: /u01/app/oracle/diag/rdbms/orcl/orcl/incident/incdir_639048/orcl_m004_3253_i639048.trc
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
2020-05-11T03:43:14.250993+08:00
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_m004_3253.trc  (incident=639049):
ORA-00600: 内部错误代码, 参数: [kkpo_rcinfo_defstg:delseg], [72280], [], [], [], [], [], [], [], [], [], []
Incident details in: /u01/app/oracle/diag/rdbms/orcl/orcl/incident/incdir_639049/orcl_m004_3253_i639049.trc
2020-05-11T03:43:21.286310+08:00
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_m004_3253.trc  (incident=639050):
ORA-00600: 内部错误代码, 参数: [kkpo_rcinfo_defstg:delseg], [72280], [], [], [], [], [], [], [], [], [], []
ORA-06512: 在 line 2
Incident details in: /u01/app/oracle/diag/rdbms/orcl/orcl/incident/incdir_639050/orcl_m004_3253_i639050.trc
2020-05-11T03:43:28.059048+08:00
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
2020-05-11T03:43:28.074681+08:00
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_m004_3253.trc:
ORA-00600: 内部错误代码, 参数: [kkpo_rcinfo_defstg:delseg], [72280], [], [], [], [], [], [], [], [], [], []
ORA-06512: 在 line 2
2020-05-11T08:31:22.416087+08:00
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_j000_16511.trc:
ORA-12012: 自动执行作业 141 出错
ORA-30732: 表中不包含用户可见的列
ORA-06512: 在 line 1


---关闭数据库之后重启报错
2020-05-11T09:42:43.234769+08:00
ALTER DATABASE OPEN
2020-05-11T09:42:44.353085+08:00
Ping without log force is disabled:
  instance mounted in exclusive mode.
Endian type of dictionary set to little
2020-05-11T09:42:44.660388+08:00
TT00: Gap Manager starting (PID:31134)
2020-05-11T09:42:45.180876+08:00
Thread 1 opened at log sequence 78596
  Current log# 2 seq# 78596 mem# 0: /u01/app/oracle/oradata/orcl/redo02.log
Successful open of redo thread 1
2020-05-11T09:42:45.181357+08:00
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Exception [type: SIGSEGV, Address not mapped to object][ADDR:0x0][PC:0x10F4C112, lmebucp()+34][flags: 0x0, count: 1]
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_ora_31125.trc  (incident=646445):
ORA-07445: exception encountered:core dump[lmebucp()+34][SIGSEGV][ADDR:0x0][PC:0x10F4C112][Address not mapped to object]
Incident details in: /u01/app/oracle/diag/rdbms/orcl/orcl/incident/incdir_646445/orcl_ora_31125_i646445.trc
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
2020-05-11T09:42:46.070049+08:00
*****************************************************************
An internal routine has requested a dump of selected redo.
This usually happens following a specific internal error, when
analysis of the redo logs will help Oracle Support with the
diagnosis.
It is recommended that you retain all the redo logs generated (by
all the instances) during the past 12 hours, in case additional
redo dumps are required to help with the diagnosis.
*****************************************************************
2020-05-11T09:42:53.344955+08:00
Instance Critical Process (pid: 41, ospid: 31125) died unexpectedly
PMON (ospid: 31026): terminating the instance due to error 12752
2020-05-11T09:42:53.377209+08:00
System state dump requested by (instance=1, osid=31026 (PMON)), summary=[abnormal instance termination].
System State dumped to trace file /u01/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_diag_31046_20200511094253.trc
2020-05-11T09:42:56.690224+08:00
Instance terminated by PMON, pid = 31026

对启动过程做10046跟踪

PARSING IN CURSOR #139821999713040 len=65 dep=1 uid=0 oct=3 lid=0 
tim=2200910467 hv=1762642493 ad='1bfd79130'sqlid='aps3qh1nhzkjx'
select line#, sql_text from bootstrap$ where obj# not in (:1, :2)
END OF STMT
PARSE #139821999713040:c=378,e=378,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,plh=0,tim=2200910467
BINDS #139821999713040:

 Bind#0
  oacdty=02 mxl=22(22) mxlc=00 mal=00 scl=00 pre=00
  oacflg=08 fl2=1000001 frm=00 csi=00 siz=24 off=0
  kxsbbbfp=7f2ad89fe6c8  bln=22  avl=02  flg=05
  value=59
 Bind#1
  oacdty=02 mxl=22(22) mxlc=00 mal=00 scl=00 pre=00
  oacflg=08 fl2=1000001 frm=00 csi=00 siz=24 off=0
  kxsbbbfp=7f2ad89fe698  bln=24  avl=06  flg=05
  value=4294967295
EXEC #139821999713040:c=219,e=658,p=0,cr=0,cu=0,mis=1,r=0,dep=1,og=4,plh=867914364,tim=2200911218
WAIT #139821999713040: nam='db file sequential read' ela= 9 file#=1 block#=520 blocks=1 obj#=59 tim=2200911300
WAIT #139821999713040: nam='db file scattered read' ela= 19 file#=1 block#=521 blocks=3 obj#=59 tim=2200911559
FETCH #139821999713040:c=404,e=404,p=4,cr=5,cu=0,mis=0,r=0,dep=1,og=4,plh=867914364,tim=2200911646
STAT #139821999713040 id=1 cnt=0 pid=0 pos=1 obj=59 op='TABLE ACCESS FULL BOOTSTRAP$ (cr=5 pr=4 pw=0 str=1 time=406 us)'

*** 2020-05-11T12:25:30.977832+08:00
Exception [type: SIGSEGV, Address not mapped to object] [ADDR:0x0] [PC:0x10F4C112, lmebucp()+34] [flags: 0x0, count: 1]
2020-05-11T12:25:31.026914+08:00
Incident 718445 created, dump file:/u01/app/oracle/diag/rdbms/orcl/orcl/incident/incdir_718445/orcl_ora_14324_i718445.trc
ORA-07445: exception encountered:core dump [lmebucp()+34][SIGSEGV][ADDR:0x0][PC:0x10F4C112][Address not mapped to object]

根据该报错,可以大概定位数据库重启之后报ORA-07445 lmebucp()+34错误不能正常启动是由于bootstrap$表异常导致.

BBED> p kcvfhrdb
ub4 kcvfhrdb                                @96       0x00400208

BBED> set block 523
        BLOCK#          523

BBED> map
 File: F:\temp\12.2\1\system01.dbf (0)
 Block: 523                                   Dba:0x00000000
------------------------------------------------------------
 KTB Data Block (Table/Cluster)

 struct kcbh, 20 bytes                      @0

 struct ktbbh, 48 bytes                     @20

 struct kdbh, 14 bytes                      @68

 struct kdbt[1], 4 bytes                    @82

 sb2 kdbr[20]                               @86

 ub1 freespace[1015]                        @126

 ub1 rowdata[7047]                          @1141

 ub4 tailchk                                @8188

BBED> p *kdbr[1]
rowdata[6431]
-------------
ub1 rowdata[6431]                           @7572     0x3c

BBED> x /rnnc
rowdata[6431]                               @7572
-------------
flag@7572: 0x3c (KDRHFL, KDRHFF, KDRHFD, KDRHFH)
lock@7573: 0x01
cols@7574:    0

通过bbed定位rootdba,然后dump相关block,随机找一条记录,确认bootstrap表无后效记录.但是该数据库在重启之前已经报了ORA-600 kkpo_rcinfo_defstg:delseg和ORA-30732错误,很可能还有其他的基表异常.通过先修复bootstrap$记录,然后根据该表中记录分析其他相关表记录,最终确定tab$中记录也异常,通过bbed 批量循环修复方法,对其进行恢复,open数据库,可以验证数据没有问题.至此该问题解决,但是没有找出来故障原因(是人为破坏【直接人工删除】,还是某种工具带入恶意脚本导致,类似:plsql dev引起的数据库被黑勒索比特币实现原理分析和解决方案,亦或者是数据库安装介质带有恶意程序,类似:plsql dev引起的数据库被黑勒索比特币实现原理分析和解决方案)

又一起mysql rm删除数据库目录事故

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：又一起mysql rm删除数据库目录事故

有mysql用户直接使用rm命令删除了所在数据库目录文件夹(删除途中发现删除错误,直接强制终止使得部分删除,部分文件得以保留),如果数据库没有crash,这个问题不大,可以直接通过句柄进行恢复出来对应的ibd文件,然后进行一些特殊处理,数据理论上不会有丢失,参见:mysql 数据库目录被删除恢复.对于这次的情况,只能通过文件系统级别进行恢复,不过该数据库表比较多,大概删除了几千个文件,而且文件系统是ext4,导致大量文件目录被置空,而且该库还运行了一段时间

看来文件恢复删除这条路,基本上很难走得通,可以通过底层碎片技术恢复,通过底层扫描,找到不少碎片

由于涉及的库表多,一个个处理太费时间,通过批量脚本直接解析扫描出来的碎片,并且对其进行入库处理
DBLOGIN=”-uroot ”
DICT_DBNAME=test
RECOVER_DBNAME=xifenfei
WORK_PATH=”/nfs_share/mysql-xff”
cd $WORK_PATH
>/tmp/recover_table_list.$RECOVER_DBNAME
>/tmp/recover_table_parser.$RECOVER_DBNAME
>/tmp/recover_table_unload.$RECOVER_DBNAME
rm -rf /tmp/recover_table_unload_$RECOVER_DBNAME.tmp
echo “tee /tmp/recover_table_unload_$RECOVER_DBNAME.tmp” >/tmp/recover_table_unload.$RECOVER_DBNAME
echo “SET @enable_trigger = 0;”>>/tmp/recover_table_unload.$RECOVER_DBNAME
echo “SET FOREIGN_KEY_CHECKS=0;” >>/tmp/recover_table_unload.$RECOVER_DBNAME
for TABLE_NAME_ID in `mysql $DBLOGIN $DICT_DBNAME -NBe “SELECT SYS_TABLES.NAME FROM SYS_TABLES LEFT JOIN SYS_INDEXES ON SYS_TABLES.ID = SYS_INDEXES.TABLE_ID WHERE SYS_INDEXES.NAME IN (‘PRIMARY’, ‘GENERAL_CLUSTERED_INDEX’) AND SYS_TABLES.NAME LIKE ‘${RECOVER_DBNAME}/%’”`
do
PKEY=`mysql $DBLOGIN $DICT_DBNAME -NBe “SELECT SYS_INDEXES.ID FROM SYS_TABLES LEFT JOIN SYS_INDEXES ON SYS_TABLES.ID = SYS_INDEXES.TABLE_ID WHERE SYS_INDEXES.NAME IN (‘PRIMARY’, ‘GENERAL_CLUSTERED_INDEX’) AND SYS_TABLES.NAME=’$TABLE_NAME_ID’”`
echo $TABLE_NAME_ID’,’$PKEY >>/tmp/recover_table_list.$RECOVER_DBNAME
TABLE_NAME=$(echo `echo $TABLE_NAME_ID`|awk -F”/” ‘{print $2}’ )
#echo $TABLE_NAME
PAGE=”pages-ibdata1/FIL_PAGE_INDEX/`printf ‘%016u’ ${PKEY}`.page”
echo “./c_parser -5f $PAGE -b pages-ibdata1/FIL_PAGE_TYPE_BLOB -t dictionary/$TABLE_NAME.sql > dumps/default/$TABLE_NAME 2> dumps/default/$TABLE_NAME.sql” >>/tmp/recover_table_parser.$RECOVER_DBNAME
echo “source dumps/default/$TABLE_NAME.sql” >>/tmp/recover_table_unload.$RECOVER_DBNAME
echo “select ‘$TABLE_NAME.sql……done’;”>>/tmp/recover_table_unload.$RECOVER_DBNAME
done
echo /tmp/recover_table_parser.$RECOVER_DBNAME
echo /tmp/recover_table_unload.$RECOVER_DBNAME
恢复之后数据整体入库,查询部分没有覆盖表,效果尚可,最大限度抢救了数据

.SATANA加密数据文件恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.SATANA加密数据文件恢复

有朋友win环境中运行oracle数据库文件被加密,扩展名为:.SATANA

对应的how_to_back_files.html文件内容如下:

通过分析此类文件,可以实现数据绝大部分恢复

如果你遇到类似加密病毒并加密的数据库(oracle,mysql,sql server),可以联系我们在不给黑客交款的情况下实现较好恢复效果(恢复不成功不收取任何费用)
Tel/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com提供专业的解密恢复服务.
防护建议：
1.多台机器，不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性，并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制，并进行定期备份
4.定期检测系统和软件中的安全漏洞，及时打上补丁。
5.定期到服务器检查是否存在异常。查看范围包括：
a)是否有新增账户
b) Guest是否被启用
c) Windows系统日志是否存在异常
d)杀毒软件是否存在异常拦截情况
6.安装安全防护软件，并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件，如果已经被杀毒软件拦截查杀，不要添加信任继续运行。

.KEYnnnn勒索病毒恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：.KEYnnnn勒索病毒恢复

又一种新的加密勒索病毒出现,其后缀名为KEYnnnn,HOW_TO_RECOVERY_FILES.txt的勒索信息

ALL YOUR FILES ARE ENCRYPTED!

Send 1 test image or text file 
giveyoukey@tutanota.com or giveyoukey@cock.li. 
In the letter include YOUR ID or 1 infected file!
We will give you the decrypted file and assign the price for decryption all files!
Doesn't try to restore by yourself, You can damage your files!


2AB74B35FA0ACE323834AF2CC410DCC4114982A0B0A986F4E5A0CF2B580C2BF4
846E5EBBCE1E7CFD3C3F09ACA85EE5865BE6F439A5B28786A75E987DFC95FDCF
6BACDB93C11264CBA9B4EDA2D6B0561866026EC96830DD439E56B667BC33B944
68CB9E1693F5416D5B3A5AED97E44747C0E753E825C87F59E2CA61222E6EA95B
BB8C27C0DC324FE29634929C4084825716F403F4A46C3877D803B2F2FBDFA95B
EE3CAFC8394C2521017ECD44BD0B06DA5B031A5F4D3317815C261413E0A2992C
1A3699EC332C6EF207863E50B278D843150D6850F9324EC28270376589B24C4D
D288B53E0ADB4734A93D4DE1374931731B92B88B4C61F17BFB1CAE5D1F410DF9
98BE3312E3DF7A75A01C6E23403EAEA2DAA1A1641872DD5C1292DF2747153921
9548BA1D2C21FA1ACFCB72B2176661B2D7AE7AB1B5D82DC2EB6522D7FBBF3109
438B18309F98DB0F348614AC10739C091B592C3312DB0AE8353C0C6CEFFBC734
C6D4E36A20938E4E0CDCE4C03F524E4BCFA4EBC3C44B0D7F4DFBD7C3FDFC1B67
44D7D6B29787010D9D83DB66EB42DEBD3B3776C99B95F339B66C0593AD3B9567
F4BB3ECDF67B4F2AC63BD5FF7EB297620F1AB3F8734343237AE6A9C13AB95D26
B5DC353D06DDC6DDD22D689F0874F41DAC6B9EA43BFDC8A9A30619AC85A7B17A
22A831268C4CF31834CC6A4311F27004F61A3B125BEA591CC4E2F7DD5ADC33FF
1E228BE256732EBE7FBE83DC734598A2CA7C2A97A9B8E7D149A2DC97733C516E
A9B433DE3EA2DF888940D800A4C206DF09BF4EEC572853E461A2EE8206853924
4C4B83262CFADF333BE383F4D6383358202BA712A038BD1D58F3611572DBA2E8
3B077DCE084F5720AE5A951879AC9ACE9F5FA3524B531D894787B352105BECBD
1937B64489EDDFF8115AEED04D9C115908D86EAD00015FFA7A198A2C8DE2ECA0
82472826E2E0B62EE955047BB097EBC0FF56F120F10EC4C43B28DAC9572FDEC3
843DF9F2E878E49DA6DEE9A6732C39F598BB42DD375BD1FA43D80FEB5F9BAB9A
D78422388F6049F80C62AAF7398FF577A243B3325C5B86A36E2DCE7722D04AC9
AA219EAB06EBEBCD7AF744BA8505C392858547ECF92D2FB72313A7603DD4CB9A
4CB24432763D9300A4

类似的加密文件为:

通过分析,该类病毒是部分加密,可以通过数据库层面处理,恢复大量数据.

对于该类型加密,我们可以对sql server、mysql、oracle恢复出来绝大多数数据,通过不向黑客交赎金的方式,实现绝绝大部分业务数据恢复.

ORA-21779错误处理

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：ORA-21779错误处理

有客户win 10.2.0.4的rac,查看alert日志发现如下错误

Mon May 04 17:25:18 2020
Errors in file d:\oracle\product\10.2.0\admin\orcl\bdump\orcl2_smon_2548.trc:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1

Mon May 04 17:25:28 2020
Errors in file d:\oracle\product\10.2.0\admin\orcl\bdump\orcl2_smon_2548.trc:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1

Mon May 04 17:25:38 2020
Errors in file d:\oracle\product\10.2.0\admin\orcl\bdump\orcl2_smon_2548.trc:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1

Mon May 04 17:25:39 2020
Errors in file d:\oracle\product\10.2.0\admin\orcl\bdump\orcl2_smon_2548.trc:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1

查看对应trace

Dump file d:\oracle\product\10.2.0\admin\orcl\bdump\orcl2_smon_2548.trc
Sat Aug 31 15:02:39 2019
ORACLE V10.2.0.4.0 - 64bit Production vsnsta=0
vsnsql=14 vsnxtr=3
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, OLAP, Data Mining
and Real Application Testing options
Windows Server 2003 Version V5.2 Service Pack 2
CPU                 : 32 - type 8664, 2 Physical Cores
Process Affinity    : 0x0000000000000000
Memory (Avail/Total): Ph:17543M/32742M, Ph+PgF:19550M/33833M

…………

*** 2020-05-04 18:40:35.687
SMON: following errors trapped and ignored:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1
*** 2020-05-04 18:40:45.734
	 Drop transient type:   SYSTPzpEA6olJSImGURLObkiE6w==
*** 2020-05-04 18:40:45.734
SMON: following errors trapped and ignored:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1
*** 2020-05-04 18:40:55.812
	 Drop transient type:   SYSTPzpEA6olJSImGURLObkiE6w==
*** 2020-05-04 18:40:55.812
SMON: following errors trapped and ignored:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1
*** 2020-05-04 18:41:05.875
	 Drop transient type:   SYSTPzpEA6olJSImGURLObkiE6w==
*** 2020-05-04 18:41:05.875
SMON: following errors trapped and ignored:
ORA-21779: 持续时间不活动
ORA-06512: 在 line 1

出现该问题是由于oracle的smon进程无法清理掉 transient types,从而出现该问题,根据官方的说法,这个错误是不会影响数据库正常使用,但是可以通过以下方法暂时规避这种错误:
1)通过设置alter system set events ’22834 trace name context forever, level 1′禁止smon清理transient types,从而来规避该错误,但是可能会引起transient types对象越来越多,当然你可以通过以下sql查询出来

select o.* from obj$ o, type$ t
where o.oid$ = t.tvoid and
bitand(t.properties,8388608) = 8388608 and (sysdate-o.ctime) > 0.0007;

然后删除掉相关记录DROP TYPE “SYSTPf/r2wN4keX7gQKjA3AFMSw==” FORCE;【这个删除不是必须的】
2) flush shared_pool也可以临时规避这个问题
3) 重启数据库,可以暂时规避

具体参考:
SMON: Following Errors Trapped And Ignored ORA-21779 (Doc ID 988663.1)
Receiving ORA-21780 Continuously in the Alert Log and SMON Trace Reports “Drop transient type”. (Doc ID 1081950.1)

mysql ibd文件被加密恢复

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：mysql ibd文件被加密恢复

又一起mysql的ibd文件被加密勒索的恢复请求

通过分析,该文件只有部分被加密,理论上通过底层分析,可以恢复没有被破坏的部分数据

通过处理恢复数据

又一次证明,我们对于mysql文件被加密的勒索病毒,也可以实现较好恢复
如果是Innodb_file_per_table参数为false(5.6之前版本默认为false),需要通过ibdata文件进行恢复,Innodb_file_per_table如果为true,需要通过每个单独的ibd进行恢复.
如果您的数据库(oracle,mysql sql server)不幸被比特币加密,可以联系我们
Tel/微信:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com提供专业的解密恢复服务.

无法启动此程序，因为计算机中丢失api-ms-win-crt-runtime-l1-1-0.dll

联系：手机/微信(+86 17813235971) QQ(107644445)

标题：无法启动此程序，因为计算机中丢失api-ms-win-crt-runtime-l1-1-0.dll

在新安装的win操作操作系统中安装oracle 19.3版本数据库,结果不幸遭遇到如下错误

查询oracle 19c对于win操作系统认证列表

本机操作系统为win 2012,在此认证列表中

通过上述认证查询以及是新安装的原版系统,很可能是由于19c安装特殊之处导致,通过查询mos,确认是由于19c的数据库在安装之时perl需要VS 2017的运行库进行一些操作的依赖,因此安装Microsoft Visual C++ Redistributable for Visual Studio 2017或者更高版本即可.下载link:https://aka.ms/vs/16/release/vc_redist.x64.exe
具体参考MOS:Oracle DB 19C Install fails with the error – “THE PROCEDURE ENTRY POINT _REGISTER_ONEXIT_FUNCTION COULD NOT BE LOCATED IN THE DYNAMIC LINK LIBRARY \PERL\BIN\PERL.EXE” (Doc ID 2658357.1)