Author Archives: 惜分飞

Oracle Recovery Tools快速恢复ORA-19909

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:Oracle Recovery Tools快速恢复ORA-19909

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

数据库服务器异常断电,数据库启动报ORA-01113 ORA-01110错误,无法正常open

Sun Jan 01 17:02:55 2023
alter database mount exclusive
Successful mount of redo thread 1, with mount id 1652739647
Database mounted in Exclusive Mode
Lost write protection disabled
Completed: alter database mount exclusive
alter database open
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_ora_4396.trc:
ORA-01113: file 1 needs media recovery
ORA-01110: data file 1: 'E:\ORACLE11G\ORADATA\ORCL\SYSTEM01.DBF'
ORA-1113 signalled during: alter database open...

offline datafile 4,并open数据库

Sun Jan 01 20:36:22 2023
alter database datafile 4 offline drop
Completed: alter database datafile 4 offline drop

Sun Jan 01 20:37:40 2023
ALTER DATABASE OPEN
Thread 1 opened at log sequence 13068
  Current log# 3 seq# 13068 mem# 0: E:\ORACLE11G\ORADATA\ORCL\REDO03.LOG
Successful open of redo thread 1
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
SMON: enabling cache recovery
Successfully onlined Undo Tablespace 2.
Verifying file header compatibility for 11g tablespace encryption..
Verifying 11g file header compatibility for tablespace encryption completed
SMON: enabling tx recovery
Database Characterset is ZHS16GBK
No Resource Manager plan active
WARNING: AQ_TM_PROCESSES is set to 0. System operation                     might be adversely affected.
Completed: ALTER DATABASE OPEN

尝试recover datafile 4和online datafile 4失败

Sun Jan 01 22:33:19 2023
ALTER DATABASE RECOVER  datafile 4  
Media Recovery Start
Serial Media Recovery started
WARNING! Recovering data file 4 from a fuzzy backup. It might be an online
backup taken without entering the begin backup command.
ORA-279 signalled during: ALTER DATABASE RECOVER  datafile 4  ...
Sun Jan 01 22:34:02 2023
ALTER DATABASE RECOVER    CONTINUE DEFAULT  
Media Recovery Log E:\ORACLE11G\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2023_01_01\O1_MF_1_13067_%U_.ARC
Errors with log E:\ORACLE11G\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2023_01_01\O1_MF_1_13067_%U_.ARC
ORA-308 signalled during: ALTER DATABASE RECOVER    CONTINUE DEFAULT  ...
ALTER DATABASE RECOVER CANCEL 
Media Recovery Canceled
Completed: ALTER DATABASE RECOVER CANCEL 
ALTER DATABASE RECOVER  datafile 4  
Media Recovery Start
Serial Media Recovery started
WARNING! Recovering data file 4 from a fuzzy backup. It might be an online
backup taken without entering the begin backup command.
ORA-279 signalled during: ALTER DATABASE RECOVER  datafile 4  ...
Sun Jan 01 22:34:15 2023
ALTER DATABASE RECOVER    CONTINUE DEFAULT  
Media Recovery Log E:\ORACLE11G\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2023_01_01\O1_MF_1_13067_%U_.ARC
Errors with log E:\ORACLE11G\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2023_01_01\O1_MF_1_13067_%U_.ARC
ORA-308 signalled during: ALTER DATABASE RECOVER    CONTINUE DEFAULT  ...
ALTER DATABASE RECOVER    CONTINUE DEFAULT  
Media Recovery Log E:\ORACLE11G\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2023_01_01\O1_MF_1_13067_%U_.ARC
Errors with log E:\ORACLE11G\FLASH_RECOVERY_AREA\ORCL\ARCHIVELOG\2023_01_01\O1_MF_1_13067_%U_.ARC
ORA-308 signalled during: ALTER DATABASE RECOVER    CONTINUE DEFAULT  ...
ALTER DATABASE RECOVER CANCEL 
Media Recovery Canceled
Completed: ALTER DATABASE RECOVER CANCEL 
Sun Jan 01 22:36:34 2023
alter database datafile 4 online
ORA-1113 signalled during: alter database datafile 4 online

在datafile 4 offline的情况下,resetlogs库

Sun Jan 01 23:50:01 2023
ALTER DATABASE RECOVER  database until cancel  
Media Recovery Start
 started logmerger process
Parallel Media Recovery started with 56 slaves
Sun Jan 01 23:50:02 2023
Warning: Datafile 4 (E:\ORACLE11G\ORADATA\ORCL\USERS01.DBF) 
    is offline during full database recovery and will not be recovered
Media Recovery Not Required
Completed: ALTER DATABASE RECOVER  database until cancel  
Sun Jan 01 23:50:15 2023
alter database open
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_ora_2480.trc:
ORA-01589: must use RESETLOGS or NORESETLOGS option for database open
ORA-1589 signalled during: alter database open...
Sun Jan 01 23:50:34 2023
alter database open RESETLOGS
RESETLOGS after complete recovery through change 158902238
Resetting resetlogs activation ID 1504008459 (0x59a5590b)
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_ora_2480.trc:
ORA-00367: checksum error in log file header
ORA-00322: log 1 of thread 1 is not current copy
ORA-00312: online log 1 thread 1: 'E:\ORACLE11G\ORADATA\ORCL\REDO01.LOG'
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_ora_2480.trc:
ORA-00367: checksum error in log file header
ORA-00322: log 2 of thread 1 is not current copy
ORA-00312: online log 2 thread 1: 'E:\ORACLE11G\ORADATA\ORCL\REDO02.LOG'
Sun Jan 01 23:50:36 2023
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_m000_8340.trc:
ORA-00316: log 1 of thread 1, type 0 in header is not log file
ORA-00312: online log 1 thread 1: 'E:\ORACLE11G\ORADATA\ORCL\REDO01.LOG'
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_ora_2480.trc:
ORA-00367: checksum error in log file header
ORA-00322: log 3 of thread 1 is not current copy
ORA-00312: online log 3 thread 1: 'E:\ORACLE11G\ORADATA\ORCL\REDO03.LOG'
Sun Jan 01 23:50:38 2023
Setting recovery target incarnation to 3
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_m000_8340.trc:
ORA-00314: log 2 of thread 1, expected sequence# 13070 doesn't match 0
ORA-00312: online log 2 thread 1: 'E:\ORACLE11G\ORADATA\ORCL\REDO02.LOG'
Sun Jan 01 23:50:39 2023
Assigning activation ID 1652808490 (0x6283db2a)
Thread 1 opened at log sequence 1
  Current log# 1 seq# 1 mem# 0: E:\ORACLE11G\ORADATA\ORCL\REDO01.LOG
Successful open of redo thread 1
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Sun Jan 01 23:50:39 2023
SMON: enabling cache recovery
Checker run found 5 new persistent data failures
Successfully onlined Undo Tablespace 2.
Dictionary check beginning
File #4 is offline, but is part of an online tablespace.
data file 4: 'E:\ORACLE11G\ORADATA\ORCL\USERS01.DBF'
Dictionary check complete
Verifying file header compatibility for 11g tablespace encryption..
Verifying 11g file header compatibility for tablespace encryption completed
SMON: enabling tx recovery
Database Characterset is ZHS16GBK
No Resource Manager plan active
WARNING: AQ_TM_PROCESSES is set to 0. System operation                     might be adversely affected.
LOGSTDBY: Validating controlfile with logical metadata
LOGSTDBY: Validation complete
Sun Jan 01 23:50:47 2023
Completed: alter database open RESETLOGS

后续尝试恢复datafile 4报ORA-19909

Mon Jan 02 00:02:10 2023
alter database datafile 4 online
Completed: alter database datafile 4 online
Mon Jan 02 00:03:31 2023
ALTER DATABASE RECOVER  database using backup controlfile  
Media Recovery Start
 started logmerger process
Mon Jan 02 00:03:31 2023
Datafile 4 is on orphaned branch
          File status = 4
        Abs fuzzy SCN = 0
 Hot backup fuzzy SCN = 0
Media Recovery failed with error 19909
Slave exiting with ORA-283 exception
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_pr00_8868.trc:
ORA-00283: recovery session canceled due to errors
ORA-19909: datafile 4 belongs to an orphan incarnation
ORA-01110: data file 4: 'E:\ORACLE11G\ORADATA\ORCL\USERS01.DBF'
Recovery Slave PR00 previously exited with exception 283
ORA-283 signalled during: ALTER DATABASE RECOVER  database using backup controlfile  ...

通过Oracle Database Recovery Check检查发现,确实datafile 4的状态为:WRONG RESETLOGS
wrong-resetlogs

对于此类情况,参考:Oracle Recovery Tools 解决ORA-01190 ORA-01248等故障快速解决
20230102161304
ALTER DATABASE RECOVER  database  
Media Recovery Start
 started logmerger process
Mon Jan 02 16:14:15 2023
Media Recovery failed with error 264
Slave exiting with ORA-283 exception
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_pr00_10712.trc:
ORA-00283: 恢复会话因错误而取消
ORA-00264: 不要求恢复
Recovery Slave PR00 previously exited with exception 283
ORA-283 signalled during: ALTER DATABASE RECOVER  database  ...
Mon Jan 02 16:14:29 2023
ALTER DATABASE RECOVER  database  
Media Recovery Start
 started logmerger process
Mon Jan 02 16:14:29 2023
Media Recovery failed with error 264
Slave exiting with ORA-283 exception
Errors in file e:\oracle11g\diag\rdbms\orcl\orcl\trace\orcl_pr00_20032.trc:
ORA-00283: 恢复会话因错误而取消
ORA-00264: 不要求恢复
Recovery Slave PR00 previously exited with exception 283
ORA-283 signalled during: ALTER DATABASE RECOVER  database  ...
alter database open
Mon Jan 02 16:14:37 2023
Thread 1 advanced to log sequence 2 (thread open)
Thread 1 opened at log sequence 2
  Current log# 2 seq# 2 mem# 0: H:\BAIDUNETDISK\ORCL\REDO02.LOG
Successful open of redo thread 1
MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set
Mon Jan 02 16:14:37 2023
SMON: enabling cache recovery
Successfully onlined Undo Tablespace 2.
Dictionary check beginning
Tablespace 'TEMP' #3 found in data dictionary,
but not in the controlfile. Adding to controlfile.
Dictionary check complete
Verifying file header compatibility for 11g tablespace encryption..
Verifying 11g file header compatibility for tablespace encryption completed
*********************************************************************
WARNING: The following temporary tablespaces contain no files.
         This condition can occur when a backup controlfile has
         been restored.  It may be necessary to add files to these
         tablespaces.  That can be done using the SQL statement:
 
         ALTER TABLESPACE <tablespace_name> ADD TEMPFILE
 
         Alternatively, if these temporary tablespaces are no longer
         needed, then they can be dropped.
           Empty temporary tablespace: TEMP
*********************************************************************
Database Characterset is ZHS16GBK
No Resource Manager plan active
replication_dependency_tracking turned off (no async multimaster replication found)
Starting background process QMNC
Mon Jan 02 16:14:37 2023
QMNC started with pid=22, OS id=14152 
LOGSTDBY: Validating controlfile with logical metadata
LOGSTDBY: Validation complete
Completed: alter database open

后续增加tempfile,导出数据完成本次恢复

IMP-00009: abnormal end of export file

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:IMP-00009: abnormal end of export file

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

exp导出数据正常,没有任何报错
20230101200449

imp导入报IMP-00009和IMP-00020,而且报错表之后数据均未导入,imp程序结束
imp-00009-imp-00020
IMP-00009: abnormal end of export file
IMP-00020: long column too large for column buffer size (2)
Import terminated successfully with warnings.

使用show=y进行dmp文件验证,也报IMP-00009错误,证明是dmp本身异常
imp-show-y

通过dul对dmp文件分析
dul-dmp
找出来损坏的位置,对其进行人工修复,然后imp顺利导入

故障原因是由于direct=true和分区表(该表132列,而且是空表)一起触发的某个bug

truncate sys用户表导致数据库异常恢复

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:truncate sys用户表导致数据库异常恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

有客户本想truncate业务用下面所有的表,结果连接成SYS用户,并且拼接truncate 批量语句,导致sys用户下面大量表被truncate
truncate-sys-table

sqlplus无法登录数据库
ORA-01075
通过分析obj$发现truncate成功了大量sys用户下面表
truncate-sys
基于这种情况,只能把业务数据恢复到一个新库中,然后应用厂商重新配置调试应用.提醒各位:truncate/drop等风险较高操作,一定要核实用户,避免误操作,如果真的遇到此类误操作,第一时间保护现场,原则上只要truncate表之后以前的block没有被覆盖均可恢复

MySQL 8.0版本ibd文件恢复

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:MySQL 8.0版本ibd文件恢复

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

对于单个的ibd文件,大部分情况下可以通过DISCARD TABLESPACE和IMPORT TABLESPACE方式进行恢复

mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> CREATE TABLE `t1` (
    ->   `id` int DEFAULT NULL
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
Query OK, 0 rows affected (0.01 sec)
mysql> insert into t1 values(1);
Query OK, 1 row affected (0.02 sec)

mysql> insert into t1 values(2);
Query OK, 1 row affected (0.01 sec)

mysql> insert into t1 values(3);
Query OK, 1 row affected (0.00 sec)

关闭mysql服务,备份mysql中的t1.ibd文件

[root@xifenfei ~]# service mysql stop
Shutting down MySQL..... SUCCESS! 
[root@xifenfei test]# cp t1.ibd  t1_bak

启动mysql服务,并删除并创建新的t1表(表结构相同)

[root@xifenfei test]# service mysql start
Starting MySQL..................... SUCCESS! 


[root@xifenfei test]# mysql -uroot -poracle test
mysql: [Warning] Using a password on the command line interface can be insecure.
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.31 MySQL Community Server - GPL

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> drop table t1;
Query OK, 0 rows affected (0.20 sec)


mysql> 
mysql> CREATE TABLE `t1` (
    ->   `id` int DEFAULT NULL
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
Query OK, 0 rows affected (0.01 sec)

DISCARD TABLESPACE操作

mysql> ALTER TABLE t1 DISCARD TABLESPACE;
Query OK, 0 rows affected (0.01 sec)

把备份的t1.ibd还原回去并修改权限

[root@xifenfei test]# mv t1_bak t1.ibd
[root@xifenfei test]# ls -ltr
total 112
-rw-r-----. 1 root root 114688 Dec 18 17:24 t1.ibd
[root@xifenfei test]# chown mysql.mysql t1.ibd

IMPORT TABLESPACE并验证数据

mysql> ALTER TABLE t1 IMPORT TABLESPACE;
Query OK, 0 rows affected, 1 warning (0.24 sec)

mysql> select * from t1;
+------+
| id   |
+------+
|    1 |
|    2 |
|    3 |
+------+
3 rows in set (0.00 sec)

在恢复途中如果遇到表定义不对,或者ibd文件损坏,或者版本不匹配等各种情况,可能在IMPORT TABLESPACE的时候可能出现类似ERROR 1808 (HY000): Schema mismatch (Clustered index validation failed. Because the .cfg file is missing, table definition of the IBD file could be different. Or the data file itself is already corrupted.)错误

mysql>  alter table       `t1` import tablespace;                    
ERROR 1808 (HY000): Schema mismatch (Clustered index validation failed. 
Because the .cfg file is missing, table definition of the IBD file could be different. 
Or the data file itself is already corrupted.)

如果出现此类错误,无法直接通过该方法进行解决,参考frm和ibd文件数据库恢复,使用专业恢复工具进行处理

linux系统文件加密勒索病毒

Posted on by

联系:手机/微信(+86 17813235971) QQ(107644445)QQ咨询惜分飞

标题:linux系统文件加密勒索病毒

作者:惜分飞©版权所有[未经本人同意,不得以任何形式转载,否则有进一步追究法律责任的权利.]

昨天晚上,一客户联系我们,其linux的dg备库上发现病毒,让我给看看,登录上去之后发现异常进程
import pty;pty.spawn

进一步检查发现很多文件被加密成.locked1
locked1
对应的README.html内容

[yyapp@ncapp ~]$ cat README1.html 
contact email: service@hellowinter.online, prepare 0.12btc, 
if you can't contact my email, please contact some data recovery  company(suggest taobao.com), 
may they can contact to me .
your person id:izeieOMvPH+SDWYAxX6snmD2k306byUOpTP4Djfm9gaekoP0Q9JwWVcG0NI1grBM/DIo22A+sjCm
UfXXDwq/s72bc014WxmIy8jXCowuH4e6hJBjUgnkfoe/NbfPJN1CNQS3EdO6UaxMS3fwUzfnZTvW
63GyygBgZTzq9CfTdDUBmXe3aP30VTisTrtaFCdRnD2JaMUe5fVPUQ/vX39S4Kkng/VeZtOwUek7
24WbH7Z62Jo+7pnXyeB2PJpdvg0Rcy42VXJj7vZYe48xt2/PYYGuNLIjdDGt00qDiBuWLh19Q8us
mBILkB5sypmE6drpzAR74ao9/fh/YOawkppism9bSbKDnLAUQz1MG7z0MqEEwWF+5uMUoxqk+Wmj
zAY6/eu2X5cV/UASWI8TS+U+agRGgo98B2dkVgTGaXrGc/GzX/QNVVrAYAIqe3o3Mx0EG05vwEjf
cv6AUYK3W+QshyNwUJUrptJaAAzdtpz20dAlQtAWrezAHzY14W91puE5NUmBhWO//xv3xu/5F9wd
eBqfIFHFBkb3RxMTuU19UDQtsn/CKObjdiFz9gunugZXbubSnq1m5huk5dpgXvDh5hU1pdPdVNR6
tLldjbQQH+UQKl7wyQvs205UHRQW0OTfoxcnk2DagwqQyCc4U4BnigjMxYnpiLS2p9G1i/Sg3mU1
6ES7lgQ3WzjICcdhisApjFGomWNOwPNrqwlWihCvugUIbe0ST/n57XiU2HcNjvjraR8KINtDHYhp
dS8FQZZA4/G8JTOMOdsQ2CPKXK7BLX+m39/1xe4w6/g492Qb9L6k7xLHdgrMalnNO5yGgd38WEaG
aYAF40ICmOy55hmdl1Gp6docZ5XDB+eB/A5QcoihZkEeSqB39ibLarubyBjS2jv1ZN6uqCw4wwaV
RC22N4miT0aM3GkX+sfT2J3fWo0HFtgE18T9pVhsE73Sf00bW+LT0yh8SpK9IE4wRA4m+jskzg9S
aJLZDWRc4vtYlx93VXT4Z+3G2rnm1FnX2MXySAyhVlvQmRAfPoDC285Jn95259/17e9Y4639jxSs
JvOO8kiJHBQNbbyV1XXsxBtKyl514wbUjn2mccUlJ51EyfssuITjqdMeHoDaO4KzguXNFJgwGzbv
K+y3NX54yuE1Xm9sCI07pJs2WwC8GzErfmXbseTEvUvcXl0qsQFXTFCTNLnSNdXkswN+Hh/5uI5c
dAM73VP+qiTdvj4a0GRXa+riZ136lVEd9pZpy62XYQYkn+LGGJljvPooMH9rM1oIp8tOiPldIm29
0nNLmiaSmaEefY9I6wRAemvNAHw9Wq75pDBY3H3Xjt8ENsmj2MNpchDvYHM/ndckMoReN8cEsouv
LhuhtjjBktuaVz1j9Vj6UM6LEjGe6ZJyx+fjnTI2haMLej6vf0hopck0vJmSuL1mN03gd/QkBsBt
wDxFReExoTfcuhMRSdkrMqJFWLOpKI+XrYaB6DqHbFjqr3ME6RJcP9ynNF8qqF7JXNJsMu9PJ5ml
0hcg71NirMD7iXNUy1YDgzKqULABvL4SeUAjEE/Sa/HvUw+lMgZaM6aodAczTyWVqITVXzcuDXLV
vlrF5uMflQC13qaPTlqgTbB9xv4F/S8joC/c60fd+5WjdjWT6tMXHLlWRPQJrUNW06+fCh9EPjmW
llD6HJXreorpbjB7hWwahu5mSnWhwWqFsHwYbK7tSo98GqXdOEmOH21zPF57UCr0Sff47tDrSEtn
YCKHt47lS/ayCfnx1g9HAFu0NyULUE/UowuW5aPdRyqcRAaA1UAMugRqZB/QkTQVoPsCQRmca352
HE9M4LasANxTk4RT4HHmrBQSCzW0QZ+L2ouDTYgc2ipjXQbnLuZgU1AgIqvjjo+dDz4A9BYeJWEU
4QDg89IfDFpSiU26nvsDHIxh2KP0F5Uvf5n4Q1K/sO3g71G9prxMHLyq+M6UdY5W/zVAzYFuzx/H
Z8jvaQTYHopyUQUHLZ1XvkD+CzRFMruTHyVavu1OL+3xzgILP23IDyoPdp1pyfQbrwN0inDlAEMN
3cJRvMleqKB145p7hItgOpDCwqojMveM+YaT+mPhPCZbV4GsJ/YeP2yzMPG8lXTHG2nu/0Ew08TO
BstwUtAFqTc8C0vgMLR6ZGZ8UtwT0yE7WQm7KPwPiMtzqhNtW4ORtzrSmy1YPjpqZ2LIu5WrqW3Y
hh56D6Kl1fQgFA4x2PuBF1+VJm8jovm4MQkOBjwKr0gpcWqwHsPPGLvTb/tiFRoP3r2+nulgKP7D
zaoJpbhqtp2e18Ip6RC4MWvNRZ8MJwF9X9s1KI7Gqdxp1ePvwmsVFvOzozIUA9WczSlGQ9oMs0Rq
Kf6Q6VypCpOkRHtHpKsB96drqs08dpQ1zRZdLaCzs/r6je7JGFDZyf7iI7qvZjZWBPIJNGR4q+Ms
6ur3xsHm4jRbg5knH+9c7n9hA0Y7HHVweXo8SAmxd2Zbggldiw/qXlnhEg6yUEE3QYvkw9gnmMkO
N7Biclfd6VcOc6vXGtzXLGml09DVNJg4vWVauwldzAEUT15Eoo5aVjqtYLJjDYmWIefKrQoeQ8GS
SmZ7Y66hYZRAQFmBPYNq0T5g0se5j8+tYvldL6u+waqive9cUKG4Au5wYUwDFbY93D9AK73sR7lY
z8oq3AXgT1Leiy3r/O2HNSpb4Qqn6vN3cOxtmmPAPpAhzZ/Ab9iEJCqTp5aqerlJUJWSarQ8DDca
V0gc41vAue9AEc5mNnf/oUILLJv4Kok62PIEAwg3Y/Zw8jv1226QqgAD3jXpVDK52H6nPa6IOqaI
YY5EwUYBcK8FqpJtquzqt7C0NZnIOlSur/og750HieWl5FOc9NpOTNrIW+Fb5Uqhiv2FHR6E874x
IaN3cW2tCtATndFOf5+YQPo1vcEXyZTp+rQjMDqrJdMe8u1nO7ewJF7TAcWLB8PKhejn3aj4S4uC
zMTt7wdp64co8wUusQc11mcpItHfSxE7GViUeZlYnOkb9tzQRmf8ff4I2g2kwwYzrF/OWKgqNDXv
ZfbR1XwXHXlqcyIJJzubxAucYrSaSG6M
[yyapp@ncapp ~]

通过以上信息基本上确认一种类似win的加密勒索病毒,经过分区确认只是加密了yyapp用户有读写权限的数据,其他数据用户数据没有被加密(这个机器是应用服务器,并且做了oracle的备库[没有被加密]),因此基于目前的情况对客户没有太大损失,直接重装应用配置dg即可.通过进一步分区,确认该病毒是通过应用漏洞入侵,建议客户进行应用和系统安全加固.
温馨提示:以前的勒索病毒绝大部分都集中在win平台上,现在可能linux平台也会收到很大影响,建议各位对各自系统进行安全加固,系统和应用打上漏洞补丁和网络安全防护