oracle dul 12 officially released

E-mail:chf.dba@gmail.com

Title: oracle dul 12 officially released

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

The oracle official dul tool has finally released version 12, dul 11 is released.:oracle dul 11 officially released

Data UnLoader: 12.0.0.0.5 - Internal Only - on Thu Feb 27 11:27:42 2020
with 64-bit io functions

Copyright (c) 1994 2019 Bernard van Duijnen All rights reserved.

 Strictly Oracle Internal Use Only


Reading USER.dat 87 entries loaded
Reading OBJ.dat 72882 entries loaded and sorted 72882 entries
Reading TAB.dat 2810 entries loaded
Reading COL.dat 90151 entries loaded and sorted 90151 entries
Reading TABPART.dat 107 entries loaded and sorted 107 entries
Reading TABCOMPART.dat 0 entries loaded and sorted 0 entries
Reading TABSUBPART.dat 0 entries loaded and sorted 0 entries
Reading INDPART.dat 124 entries loaded and sorted 124 entries
Reading INDCOMPART.dat 0 entries loaded and sorted 0 entries
Reading INDSUBPART.dat 0 entries loaded and sorted 0 entries
Reading IND.dat 4695 entries loaded
Reading LOB.dat 883 entries loaded
Reading ICOL.dat 7430 entries loaded
Reading COLTYPE.dat 2203 entries loaded
Reading TYPE.dat 2779 entries loaded
Reading ATTRIBUTE.dat 10852 entries loaded
Reading COLLECTION.dat 960 entries loaded
Reading BOOTSTRAP.dat 60 entries loaded
Reading LOBFRAG.dat 1 entries loaded and sorted 1 entries
Reading LOBCOMPPART.dat 0 entries loaded and sorted 0 entries
Reading UNDO.dat 21 entries loaded
Reading TS.dat 11 entries loaded
Reading PROPS.dat 36 entries loaded
Database character set is ZHS16GBK
Database national character set is AL16UTF16
Found db_id = 3861844098
Found db_name = O11201GB
DUL>
  2  show datafiles;
ts# rf# start   blocks offs open  err file name
  0   1     0   103681    0    1    0 D:\app\XIFENFEI\oradata\o11201gbk/system01.dbf
DUL>

From the perspective of the Compatible parameters, it directly supports the Oracle 18 version, and the specific subsequent tests
20200227113302

.ROGER virus encrypted database recovery

E-mail:chf.dba@gmail.com

Title: .ROGER virus encrypted database recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Recently, a new encryption virus was found, with the suffix: .id-CC46A224.[Wang.chang888@tutanota.com].ROGER. The encryption prompt is similar:
ROGER-virus-new-ransom-note-image

Analyze the file and find that the virus emptied the file header
20200224173730

Analysis found that most of the location business data in the file still exists
20200224174433

Through the underlying analysis, such failures can achieve the vast majority of data recovery
20200224174803

If you encounter a database that is similar to an encryption virus and encrypted (oracle, mysql, sql server), you can contact us to achieve a better recovery effect without paying the hacker (the recovery is not successful without any fees)
E-Mail:chf.dba@gmail.comProvide professional decryption recovery services.
Protection recommendations:
1. Multiple machines, do not use the same account and password
2. The login password should have sufficient length and complexity, and the login password should be changed regularly.
3. The shared folder of important data should be set up with access control and regularly backed up
4. Regularly detect security vulnerabilities in the system and software and apply patches in a timely manner.
5. Periodically go to the server to check if there is any abnormality. View scope includes:
a) Whether there are new accounts
b) Guest is enabled
c) Is there an exception in the Windows system log
d) Is there any abnormal interception of anti-virus software?
6. Install security protection software and ensure its normal operation.
7. Download and install software from regular channels.
8. For unfamiliar software, if it has been intercepted by antivirus software, do not add trust to continue running.

.happychoose encrypted database recovery

E-mail:chf.dba@gmail.com

Title: .happychoose encrypted database recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Recently, a friend of the SQL server database was encrypted with the suffix: .mdf.happythreechoose, which needs to provide recovery support.
Files left by hackers are similar

ALL YOUR FILES ARE ENCRYPTED!
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.

To recover data you need decryptor.
To get the decryptor you should:
Send 1 test image or text file happychoose@cock.li or happychoose2@cock.li.
In the letter include YOUR ID (look at the beginning of this document).

We will give you the decrypted file and assign the price for decryption all files
 

After we send you instruction how to pay for decrypt and after payment you will 
receive a decryptor and instructions We can decrypt one file
in quality the evidence that we have the decoder.
Attention!

Only happychoose@cock.li or happychoose2@cock.li can decrypt your files
Do not trust anyone happychoose@cock.li or happychoose2@cock.li
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, 
because each user's unique encryption key

The query found that the virus and .happyfourchoose belong to the GlobeImposter family. Currently, the solution is not supported.密
Through low-level analysis, it was found that mainly the header and tail of the file were confidential.
20200217223408
20200217230214

Scanned data files and found that most of the data can be recovered
20200217222837

If you encounter a database that is similar to an encryption virus and encrypted (oracle, mysql, sql server), you can contact us to achieve a better recovery effect without paying the hacker (the recovery is not successful without any fees)
E-Mail:chf.dba@gmail.comProvide professional decryption recovery services.
Protection recommendations:
1. Multiple machines, do not use the same account and password
2. The login password should have sufficient length and complexity, and the login password should be changed regularly.
3. The shared folder of important data should be set up with access control and regularly backed up
4. Regularly detect security vulnerabilities in the system and software and apply patches in a timely manner.
5. Periodically go to the server to check if there is any abnormality. View scope includes:
a) Whether there are new accounts
b) Guest is enabled
c) Is there an exception in the Windows system log
d) Is there any abnormal interception of anti-virus software?
6. Install security protection software and ensure its normal operation.
7. Download and install software from regular channels.
8. For unfamiliar software, if it has been intercepted by antivirus software, do not add trust to continue running.

.chch encrypted database recovery

E-mail:chf.dba@gmail.com

Title: .chch encrypted database recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Recently, the database was encrypted by the .chch virus. Through analysis, such viruses can be better recovered through the database level.
20191205192145
Through the recovery process, a better data recovery effect is achieved as follows
20191205191902

If you have such an encrypted scenario database (sql server, oracle, mysql), you can contact us

rm mysql datadir recovery

E-mail:chf.dba@gmail.com

Title: rm mysql datadir recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Received a friend’s request to delete the datadir directory of the mysql database. The database is currently running, but many operations can no longer be performed normally.
The database can log in, but no business database can be seen, you can query it in conjunction with the table name

[root@hy-db-xff-s-110 mysql3306]# mysql -uroot -ptSQghoV^J1GE^U8*wPElImv5
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 443214
Server version: 5.7.21-log MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

mysql> select count(1) from xifenfei.orders;
+----------+
| count(1) |
+----------+
| 16451326 |
+----------+
1 row in set (4.17 sec)

Data cannot be exported (into outfile does not work due to the default of the secure-file-priv parameter)

mysql> select * from xifenfei.orders into outfile '/bakcup/orders_new.sql' 
   FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n';
ERROR 1290 (HY000): The MySQL server is running with the --secure-file-priv option so it cannot execute this statement

[root@hy-db-cps-s-110 fd]# mysqldump  -uroot -pwww.xifenfei.com xifenfei orders >/linshi/1.sql
mysqldump: [Warning] Using a password on the command line interface can be insecure.
mysqldump: Got error: 1049: Unknown database 'xifenfei' when selecting the database

Because mysql has no crash, the related files already exist (not really deleted)
rm_mysql_ibd

Use this method to restore the relevant data files to the new server, and then try to start the database. It is found that the database cannot be started normally. Some files are lost. Finally, the individual ibds are processed separately.[MySQL Recovery]mysql ibd file recoveryTo achieve the recovery of most data, for some data that cannot be recovered by this method, if the disk level is not covered, you can first recover according to the os level method, refer to:extundeleteRecover Linux deleted files,If this method also fails to recover normally, you can try database disk fragmentation level recovery: MySQL drop database recovery (recovery method also applies to MySQL drop table, delete, truncate table)

.[hardlog@protonmail.com].harma encrypted database recovery

E-mail:chf.dba@gmail.com

Title: .[hardlog@protonmail.com].harma encrypted database recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Some friends continue to find us. Their old encrypted library needs to be restored, and the extension is similar.id-02A15898.[Hardlog@protonmail.com].harma
20200214155103

Through analysis, it was found that the virus directly emptied part of the block.I did not want some previous viruses to encrypt the block, but luck was good, and there was still a lot of data that was not destroyed.
20200214155240
20200214155304

Over 99% recovery of data through a series of underlying processing
20200214155659

If you encounter a database that is similar to an encryption virus and encrypted (oracle, mysql, sql server), you can contact us to achieve a better recovery effect without paying the hacker (Unsuccessful recovery without charge)
E-Mail:chf.dba@gmail.comProvide professional decryption recovery services.

Oracle Extreme Recovery Support

E-mail:chf.dba@gmail.com

Title: Oracle Extreme Recovery Support

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

All Oracle database recovery work that can be done by similar dul tools (including original and third-party tools), we can provide recovery support through the service, and it is charged after the data is successfully restored, and it is not charged if the recovery is not successful

  • Bypass Oracle’s database engine, extracting data directly at the block level.
  • Supports ASM can unload data directly from ASM disks even all the diskgroups are dismounted.
  • Supports extract files of any type directly from ASM disks even all the diskgroups are dismounted, including datafile, redo log, archive log, etc.
  • In severe ASM disk corruption cases (for example, file directory is totally corrupted), can scan ASM disks, extract all the datafiles which are not overwritten, and then recover all the data.
  • Supports Oracle RDBMS versions 7, 8i, 9i, 10g, 11g, 12c, 18c, 19c
  • Supports multiple database platforms, including AIX, LINUX, HPUX, SOLARIS, WINDOWS and so on. Supports cross-platform unloading, for example unloading AIX based datafiles on a Windows host.
  • Supported data types: NUMBER, CHAR, VARCHAR2, NCHAR, NVARHCAR2, LONG, DATE, RAW, LONG RAW, BLOB, CLOB, TIMESTAMP (9i +), BINARY FLOAT, BINARY DOUBLE (10g +), XMLTYPE
  • Fully support LOB:
    • Supports CLOB, NCLOB and BLOB
    • Supports CLOB big endian and little endian byte order
    • Supports partitioned and subpartioned LOBs
    • Supports different chunk sizes of different LOB columns in the same table
    • CLOB data can be exported to the same file with other columns, or stored in a separate file
    • LOBs are still be able to export even the SYSTEM tablespace is not available
    • LOBs are still be able to export even the associated lob index is corrupted
    • Supports recover SecureFile LOB in Oracle 11g and above versions (currently does not support compression, deduplication and encryption SecureFile LOB)
  • Supports various types of tables, including ordinary HEAP table, IOT table, CLUSTER table.
  • Supports IOT, supported IOT types are:
    • Ordinary IOT
    • Compressed IOT
    • IOT with overflow segments
    • Partitioned and subpartitioned IOT
    • IOT’s are only supported when SYSTEM is available
  • Supports compressed table.
  • Supports data recovery after truncate table.
  • Supports data recovery after drop table.
  • Automatic acquisition of data dictionary information if SYSTEM tablespace is not totally corrupted.
  • Supports data recovery in the absence of SYSTEM tablespace and data dictionary corruption. If data dictionary is not available, can automatically determine the data type of a data column.
  • Supports BigFile tablespace in Oracle 10g and above.
  • Fully support for 64-bit systems, supports more than 4G size of the datafiles.
  • Supports bad file copy even the operating system command (for example, cp) can not copy successfully.
  • Supports different block size of datafiles in the same database.
  • Supports conversion between various character sets, can convert CLOB, NCLOB, NVARCHAR2 column type of data to the specified character set correctly.
  • Auto detection of tablespace number, file number and block size of datafiles.
  • Exported data formats include plain text, exp dmp and expdp dmp files. When exporting in plain text, you can automatically generate SQL statements for building tables and control files required for SQL * Loader import
  • Simulated dump block function of the Oracle, can dump data blocks from datafiles.
  • Supports DESC command to a table to display the column definition.
  • Supports list all table partitions and subpartions.
  • Supports recover accidentally deleted data, even if the table where the data is deleted has LOB columns, even if all the deleted rows’ offsets in corresponding row directory are completely cleared by Oracle.
  • Supports table creation statements, stored procedures, views, functions, packages, indexes, constraints, and other non-data recovery

savemydata@qq.com encrypted database recovery

E-mail:chf.dba@gmail.com

Title: savemydata@qq.com encrypted database recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Recently encountered customer Oracle file is encrypted with suffix name:.id-BE19A09A.[savemydata@qq.com].harma
1

The corresponding txt file is:
2

Through analysis, it is determined that the encryption is to segment the data file to process the encryption destruction. Through the analysis of the oracle dictionary storage information and the corresponding data storage relationship, open the database and skip the segmented encrypted part to achieve a more complete database recovery.
3

For the sql server database, if it is unfortunately encrypted by this type of virus, it can also achieve a more perfect recovery at the database level, reduce losses as much as possible, and do not help the hacker’s rampant behavior (that is, do not give them Bitcoin)

.YOUR_LAST_CHANCE encrypted database recovery

E-mail:chf.dba@gmail.com

Title: .YOUR_LAST_CHANCE encrypted database recovery

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

Recently, a friend reported that the sql server database is encrypted in the format: .id_multi-digit_.YOUR_LAST_CHANCE, let us analyze and determine whether it can be restored.
YOUR_LAST_CHANCE

A similar txt file is:
YOUR_LAST_CHANCE-2

Through analysis, this type of encryption ransomware is determined, and we can achieve a good recovery from the database level, which can basically be used directly after recovery.
sql-recover

If your database server (Oracle or sql server) is accidentally ransomized by this virus, you can contact us to recover directly from the database
E-Mail:chf.dba@gmail.com

*** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

E-mail:chf.dba@gmail.com

Title: *** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED ***

Author: DATABASE SOS©All rights reserved [without my consent, it may not be reproduced in any form, otherwise there is the right to further legal responsibility.]

During a period of recent vacation, I received a lot of win file system encrypted database recovery, mainly focused on virus recovery similar to the following. Through analysis, we can determine that the Oracle and Sql Server databases of this type of encrypted virus can achieve more perfect recovery
1. There is a file under the directory of each file !!! DECRYPT MY FILES !!!. Txt file, the content is:
1

2. Encrypted file name: add the following.id-3109967046_ [Icanhelp@cock.li].firex3m after the original file name
oracle1
sql1

By analyzing the encrypted oracle and sql databases, we can basically achieve perfect recovery (the application of the recovery result can be run directly)
sql-recover
oracle-recovery