月归档：五月 2019

ORA-600 kfrValAcd30 恢复

发表于 2019 年 5 月 6 日由惜分飞

有客户由于存储控制器损坏,修复控制器之后,asm无法正常mount,报ORA-600 kfrValAcd30错误,让我们提供技术支持

asm alert日志报错

Wed Apr 03 16:50:57 2019
SQL> alter diskgroup data mount 
NOTE: cache registered group DATA number=1 incarn=0x14248741
NOTE: cache began mount (first) of group DATA number=1 incarn=0x14248741
NOTE: Assigning number (1,0) to disk (ORCL:DATAVOL1)
Wed Apr 03 16:51:03 2019
NOTE: start heartbeating (grp 1)
kfdp_query(DATA): 15 
kfdp_queryBg(): 15 
NOTE: cache opening disk 0 of grp 1: DATAVOL1 label:DATAVOL1
NOTE: F1X0 found on disk 0 au 2 fcn 0.0
NOTE: cache mounting (first) external redundancy group 1/0x14248741 (DATA)
Wed Apr 03 16:51:04 2019
* allocate domain 1, invalid = TRUE 
Wed Apr 03 16:51:04 2019
NOTE: attached to recovery domain 1
NOTE: starting recovery of thread=1 ckpt=27.2697 group=1 (DATA)
Errors in file /u01/app/grid/diag/asm/+asm/+ASM2/trace/+ASM2_ora_15951.trc  (incident=23394):
ORA-00600: internal error code, arguments: [kfrValAcd30], [DATA], [1], [27], [2697], [28], [2697], [], [], [], [], []
Incident details in: /u01/app/grid/diag/asm/+asm/+ASM2/incident/incdir_23394/+ASM2_ora_15951_i23394.trc
Abort recovery for domain 1
NOTE: crash recovery signalled OER-600
ERROR: ORA-600 signalled during mount of diskgroup DATA
ORA-00600: internal error code, arguments: [kfrValAcd30], [DATA], [1], [27], [2697], [28], [2697], [], [], [], [], []
ERROR: alter diskgroup data mount
NOTE: cache dismounting (clean) group 1/0x14248741 (DATA) 
NOTE: lgwr not being msg'd to dismount
freeing rdom 1
Wed Apr 03 16:51:05 2019
Sweep [inc][23394]: completed
Sweep [inc2][23394]: completed
Wed Apr 03 16:51:05 2019
Trace dumping is performing id=[cdmp_20190403165105]
NOTE: detached from domain 1
NOTE: cache dismounted group 1/0x14248741 (DATA) 
NOTE: cache ending mount (fail) of group DATA number=1 incarn=0x14248741
kfdp_dismount(): 16 
kfdp_dismountBg(): 16 
NOTE: De-assigning number (1,0) from disk (ORCL:DATAVOL1)
ERROR: diskgroup DATA was not mounted
NOTE: cache deleting context for group DATA 1/337938241

mos相关记录
参考:ORA-600 [KFRVALACD30] in ASM (Doc ID 2123013.1)

ORA-00600: internal error code, arguments: [kfrValAcd30]可能是bug或者硬件故障导致.基于客户的情况,最大可能就是由于硬件故障导致asm 磁盘组的acd无法正常进行,从而无法mount成功.如果运气好,通过kfed相关修复可以正常mount成功,运气不好可以通过底层进行恢复数据文件,从而最大限度恢复数据.

发表在 Oracle ASM, 非常规恢复 | 标签为 asm mount, kfrValAcd30, ORA-600 kfrValAcd30 | 评论关闭

对于感染比较厉害的后缀名为*4444之类的比特币加密病毒(例如:help4444 all4444 china4444 monkey4444 snake4444 Rat4444 Tiger4444 Rabbit4444 Dragon4444 Horse4444 Goat4444 Rooster4444 Dog4444 Alco4444 Pig4444等之类的),我们可以提供基于Oracle/Sql Server数据库层面恢复,不依赖联系黑客解密
HOW_TO_BACK_FILES.txt文件内容

YOUR FILES ARE ENCRYPTED !!! 

TO DECRYPT, FOLLOW THE INSTRUCTIONS: 

To recover data you need decrypt tool. 

To get the decrypt tool you should: 

1.In the letter include your personal ID! Send me this ID in your first email to me! 
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 
4.We can decrypt few files in quality the evidence that we have the decoder. 


DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA!!ONLY WE ARE CAN HELP YOU! CONTACT US: 

China.helper@aol.com 
China.helper@india.com 

ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER: 

    81 D7 3E 94 A3 48 73 B3 36 EB 7F E0 96 78 CC 4E
80 39 FC 5C 1B 34 2B C4 D0 0C 4C 51 DE 35 83 75
85 6B 5D 49 33 BB E4 D6 E5 4B 0B 9A F5 77 65 3D
BF 9A 55 72 3C 46 DB 78 04 15 64 BB C6 9F 74 F4
5F B8 72 90 77 D2 2A 66 E0 2F 82 E3 4C 9B 50 FF
49 0B 22 AB 1A F8 85 33 42 49 3D 36 BF F3 FA 57
1F 66 D1 C7 AE F2 34 C7 3F A7 55 ED 92 82 F4 1B
04 71 E1 3B D6 83 D4 C9 6C 55 EC B8 91 BE A3 06
9F 12 5B 0E 37 D4 FD EC 90 3A 11 CF DB A9 96 35
69 98 61 2B 1B EC 70 C0 35 99 71 00 6D 8B 01 8C
EB C6 B7 F9 59 EE 3A E1 24 74 CF 9A 39 8A F3 A4
C1 BF 92 AE 9B F7 E1 C3 3C 1A 51 0C 3A B5 19 E9
5D 9F BD 30 43 CE D9 A9 B8 52 90 64 AF 7E 80 23
AC 37 18 70 67 DB F2 BB B0 21 54 D2 88 38 6B AB
66 E1 88 CE D0 91 82 22 D8 9F 92 E6 E4 32 A3 AD
E9 32 37 13 32 2F 36 1F A3 67 1F 90 3B 00 46 D3

被加密数据文件类似

如果有这个方面的恢复请求,可以随时联系我们
Phone:17813235971 Q Q:107644445 E-Mail:dba@xifenfei.com
预防建议
用户应增强安全意识，完善安全防护体系，保持良好的上网习惯。建议广大用户采取如下措施应对勒索软件攻击：
1. 不要轻易打开来历不明的邮件和邮件附件；
2. 设置高强度远程桌面登录密码并妥善保管；
3. 安装防病毒软件并保持良好的病毒库升级习惯；
4. 对重要的文件还需要做好合理的备份；
5. 对内网安全域进行合理划分，各个安全域之间限制严格的ACL，限制横向移动；
6. 关闭不必要的共享权限以及端口，如：3389、445、135、139。

发表在勒索恢复 | 标签为 Alco4444, all4444, china4444, Dog4444, Dragon4444, Goat4444, help4444, Horse4444, monkey4444, Pig4444, Rabbit4444, Rat4444, Rooster4444, snake4444, Tiger4444, YOUR FILES ARE ENCRYPTED, 比特币 oracle恢复, 比特币 sql 恢复, 比特币加密 | 评论关闭

sql server数据库比特币加密勒索恢复

发表于 2019 年 5 月 2 日由惜分飞

对于GANDCRAB病毒加密的Oracle数据库，我们可以提供较为完美的恢复见(GANDCRAB V5.0.4 比特币加密oracle数据库恢复和GANDCRAB升级版Oracle恢复,对于被GANDCRAB加密的SQL Server数据库近期我们对其进行了一些研究，现在也可以比较好的恢复.
gandcrab5.2-sql-server