公司Oracle生产库某用户中毒【AfterConnect.sql】
一、数据库中毒后症状
1、无法通过客户端远程登录数据库。
2、数据库会话连接被大量占用,进程数或会话数耗尽。
3、所有的会话连接来自于数据库用户内部——非外部应用或者客户端占用。
4、扩大会话数或者进程数,重启数据库服务后,会话连接数迅速占满。
5、数据库alert告警日志中频繁抛出以下异常信息:
Fri Feb 10 10:49:15 2017 Errors in file /jyoracle/oracle/diag/rdbms/jyoracledb1/jyoracledb1/trace/jyoracledb1_ora_20845.trc: ORA-00604: 递归 SQL 级别 1 出现错误 ORA-20315: 你的数据库已被SQL RUSH Team锁死 发送5个比特币到这个地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小写一致) 之后把你的Oracle SID邮寄地址 sqlrush@mail.com 我们将让你知道如何解锁你的数据库 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address sqlrush@mail.com, we will let you know how to unlock your database. ORA-06512: 在 "FULLCAR_2.DBMS_CORE_INTERNAL ", line 27 ORA-06512: 在 line 2
二、中毒原因
某开发同事从网上下载免破解绿色版PLSQL Developer软件版本11.06,然后连接数据库,导致数据库用户内被自动注入了存储过程、触发器、八万多个job
三、病毒介绍
-- -- Copyright (c) 1988, 2011, Oracle and/or its affiliates. -- All rights reserved. -- -- NAME -- login.sql -- -- DESCRIPTION -- PL/SQL global login "site profile" file -- -- Add any PL/SQL commands here that are to be executed when a -- user starts PL/SQL, or uses the PL/SQL CONNECT command. -- -- USAGE -- This script is automatically run -- -- This SQL was created by Oracle ; You should never remove/delete it! -- MODIFIED (MM/DD/YY) -- esoyleme 02/27/02 - remove xumuts.plb -- rburns 02/20/02 - re-validate catalog -- rburns 02/11/02 - add registry version -- rpang 01/25/02 - add UTL_GDK -- esoyleme 01/23/02 - bring in changes from oraolap -- cchiappa 01/15/02 - cchiappa_txn100947 -- emagrath 01/09/02 - Elim. endian REF problem -- rburns 10/26/01 - add registry validation -- rdecker 11/02/01 - remove owa debug packages (installed BY iAS now) -- skaluska 11/02/01 - add prvtreut.plb -- sbalaram 11/02/02 - add catstr -- wesmith 10/23/01 - remove catplrep.sql -- liwong 10/23/01 - Add catpstr.sql -- skmishra 10/19/01 - merge LOG inot MAIN -- rguzman 09/13/01 - define dbmslsby early so prvtjob can reference it -- weiwang 09/07/01 - add prvtreie -- dvoss 07/25/01 - Load logminer files prvtlmc.plb and prvtlmrd.plb -- skaluska 08/17/01 - move rules engine creation. -- narora 06/28/01 - add catplrep -- esoyleme 09/25/01 - call catxs.sql. -- ayoaz 10/12/01 - move catodci to before dbmsstat spec -- rburns 10/05/01 - use 9.2.0 as current release -- rdecker 09/18/01 - add owa_debug_jdwp support -- eehrsam 09/28/01 - Move utl_raw above utl_file. -- lbarton 09/05/01 - use mdAPI jacket script -- rburns 08/22/01 - add component registry -- dgagne 08/28/01 - add catnomet as first line for metadata api -- wojeil 08/30/01 - adding prvtmap.plb. -- dvoss 07/25/01 - Load logminer files prvtlmc.plb and prvtlmrd.plb -- pravelin 08/13/01 - Run caths AFTER catrep. -- pravelin 07/26/01 - Add caths for Heterogeneous Services. -- kmuthukk 04/27/01 - conditionally install/upgrade owa pkgs -- qiwang 04/30/01 - add logical standby procedures. -- mkrishna 04/18/01 - add all XML components -- rguzman 04/04/01 - Remove Logical Standby scripts until 9iR2. -- yhu 03/08/01 - add dbms_odci package. -- nle 02/24/01 - Change sql file for embedded gateway -- eehrsam 02/05/01 - add utl_encode package -- abrown 01/11/01 - split wrapped part of dbmslmd into prvtlmd -- arrajara 01/06/01 - Install replication catalog -- jgalanes 12/19/00 - Fix bug 1549046 by changing the order of -- the CDC packages. -- wnorcott 12/19/00 - re-order CDC packages. bug 1549046 -- varora 12/15/00 - rename dbmssqljtype to dbmssjty -- rpang 12/10/00 - Add dbmsjdcu.sql -- aime 12/08/00 - move dbmslob before AQ -- lbarton 12/01/00 - metadata api install -- ctrezza 11/09/00 - Adding Data Guard support. -- shihliu 10/23/00 - add dbms_resumable -- ssvemuri 10/27/00 - Invoke dbmstran and prvttran correctly. -- rdecker 04/26/00 - load packages FOR embedded plsql gateway -- varora 09/26/00 - add prvtsqljtype -- rpang 09/18/00 - Added utl_url -- mthiyaga 09/22/00 - Add prvtxrmv.plb -- ssvemuri 09/19/00 - dejaview file rename. -- amganesh 09/13/00 - dejaview. -- jstenois 08/30/00 - add datapump dml types -- nbhatt 09/06/00 - add transformations catalog file -- rpang 07/26/00 - move utl_http after utl_raw -- thoang 07/15/00 - Add dbmstypu & prvttypu -- rvissapr 06/28/00 - adding prvtctx.sql -- jdavison 07/25/00 - Add xmltype and anydata. -- rpang 06/28/00 - Added prvthttp.plb -- svivian 06/27/00 - move dbmslms.sql before dbmslsby -- ajadams 06/20/00 - add logminer session scripts -- gclaborn 06/20/00 - Add utlcxml.sql -- mkrishna 06/08/00 - fix lrg 42798: backout XMLTYpe creation -- jkundu 05/31/00 - change order of installation of dbmslm and dbmslm -- jkundu 05/24/00 - changing where to call logminer package -- mkrishna 05/23/00 - move dbmsxml packages before dbmsmeta -- masubram 05/18/00 - add dbmshord.sql and prvtbord.plb -- liwong 05/12/00 - Add prvthsye.plb -- liwong 05/08/00 - Add prvthtxn.plb, prvthsye.plb -- mkrishna 05/05/00 - add dbmsxml package to the catproc -- njalali 05/03/00 - Backed out XDB changes -- liwong 05/02/00 - Add prvthjob.plb -- mkrishna 05/02/00 - add dbmsxml.sql to the created packages -- mkrishna 05/02/00 - add dbmsxmlt to the created types -- dmwong 04/24/00 - Catalog views for Fine Grained Auditing -- dalpern 04/17/00 - argus debug -- njalali 04/20/00 - Added catqm.sql -- vvishwan 04/12/00 - Load dbmshias.sql, prvtbias.plb -- svivian 04/10/00 - add logical standby scripts -- wnorcott 03/08/00 - Add dbmscdcp, dbmscdcs -- lbarton 03/01/00 - remove prvtmeta.plb -- wnorcott 02/07/00 - Add dbmscdcu.sql / prvtcdcu.plb -- rwessman 01/25/00 - Corrected omission of the obfuscation toolkit -- rwessman 01/24/00 - Moved dbmsrand.sql from catoctk.sql to -- catproc.sql so that all may use it -- btao 01/12/00 - add prvtsms.plb for summary advisor -- gclaborn 11/15/99 - Add dbmsmeta.sql / prvtmeta.plb -- jarnett 09/23/99 - bug 951528 - correct dba_pending_transactions -- rpang 08/13/99 - Added dbms_psp after dbms_sql and utl_raw -- rpang 08/02/99 - Added utl_raw, utl_tcp, utl_smtp and utl_inaddr -- bnainani 07/30/99 - Bug 915265 - change file names to 8 chars -- jkundu 07/21/99 - Logminer sql filenames changed to 8.3 format -- amozes 07/28/99 - add prvtstas.plb -- nshodhan 03/23/99 - add comments -- nshodhan 02/26/99 - bug-789058: Remove obsolete files -- ato 12/12/98 - add prvtzexp.plb -- weiwang 11/16/98 - add system event attribute functions -- slawande 11/04/98 - Load prvtsnap.plb before prvtsum.plb. -- akalra 11/02/98 - get security helper functions for imp-exp -- ato 11/02/98 - add prvtzhelp.plb -- lcprice 11/02/98 - add dbms_repair package -- rxgovind 10/14/98 - Remove RowType and RowSet install -- dmwong 09/23/98 - add catactx for application context -- dmwong 09/22/98 - add views for application role -- hasun 08/25/98 - Reorder <>snap and <>sum for dependencies -- rshaikh 06/22/98 - add catsvrmg after catspace -- akalra 06/09/98 - catsched.sql -> catrm.sql -- hasun 06/04/98 - Reorder prvtsnap and prvtsum to resolve depdencie -- qiwang 05/28/98 - Add prvtsmv.plb -- mcusson 05/11/98 - Name change: LogViewr -> LogMnr. -- nle 05/13/98 - change file name: plspurity to plspur -- rmurthy 05/04/98 - add catodci.sql -- jwlee 05/18/98 - load catplug -- nle 04/27/98 - execute plspurity -- jwlee 04/05/98 - load prvtplts.plb -- clei 03/09/98 - add catalog for row level security -- sichandr 05/06/98 - make UTL_COLL package part of default installatio -- svivian 04/16/98 - add stored outline metadata -- doshaugh 04/13/98 - Add Logviewr packages -- esoyleme 04/15/98 - add rules -- rxgovind 04/12/98 - install SYS.RowType and SYS.RowSet -- sramakri 04/08/98 - Add loading of prvtsma.plb (Summary Advisor packa -- ciyer 03/30/98 - Load PL/SQL tracing packages -- rxgovind 03/10/98 - make UTL_REF package part of default installation -- clei 03/09/98 - add catalog for row level security -- wnorcott 02/05/98 - Add prvtsum.sql -- akalra 01/20/98 - Add catsched.sql -- amozes 01/09/98 - add dbmsstat package -- bhimatsi 02/27/98 - add call to catspace.sql -- gclossma 09/09/97 - add .plb suffix to load of prvtpckl -- gclossma 08/14/97 - add prvtpckl.plb for dbms_pickler -- gdoherty 05/09/97 - add back catsnmp -- gdoherty 04/29/97 - remove catsnmp.sql -- rwessman 04/18/97 - Deleted catoctk.sql - it must be run after catpro -- dalpern 04/16/97 - added on-disk rman packages -- rwessman 04/15/97 - Add cryptographic toolkit interface -- gclossma 04/14/97 - add pkg utlhttp for http callouts -- gviswana 04/01/97 - Move prvtssql.plb down after dbmssql.sql -- nlewis 03/20/97 - add prvttrst.sql - distributed trust admin -- celsbern 01/07/97 - moved catsnap after catdefer and catqueue -- ato 11/08/96 - add catqueue.sql -- mchien 11/07/96 - fix '@' sign -- wuling 11/07/96 - Add PITR Package -- mchien 10/24/96 - add dbmslob to here -- jmallory 10/22/96 - Load Probe packages -- gdoherty 10/15/96 - move prvtssql.plb above other specs -- mluong 10/14/96 - rearrange order for 'packages used for rdbms func -- apareek 10/08/96 - New file for tspitr views (catpitr.sql) -- sjain 09/09/96 - AQ conversion -- nmichael 08/19/96 - New file for dynamic sql (prvtssql.sql) -- asurpur 08/02/96 - Including prvtxpsw.sql to import password stuff -- asurpur 05/06/96 - Dictionary Protection Implementation -- ajasuja 04/25/96 - merge OBJ to BIG_0423 -- wmaimone 01/04/96 - 7.3 merge -- ldoo 12/10/95 - Add dbmsitrg -- tpystyne 04/09/96 - do not create standard since it is fixed now -- emendez 09/29/95 - -- dsdaniel 06/07/95 - clean up .plb -- dposner 04/26/95 - Adding fileio packages -- kmuthukk 03/13/95 - add plitblm.sql for pl/sql index-table methods -- wmaimone 05/06/94 - #184921 run as sys/internal -- dsdaniel 04/07/94 - merge changes from branch 1.5.710.5 -- adowning 03/29/94 - merge changes from branch 1.5.710.[6,7] -- adowning 02/23/94 - use prvt*.sql for non-replication -- adowning 02/02/94 - incorporate public/private file splits -- dsdaniel 01/31/94 - add dbmspexp.sql for export extensions -- rjenkins 01/19/94 - merge changes from branch 1.5.710.4 -- dsdaniel 01/18/94 - merge changes from branch 1.5.710.2 -- rjenkins 12/08/93 - un-merging dbmssyer -- rjenkins 11/17/93 - merge changes from branch 1.5.710.3 -- rjenkins 12/20/93 - creating job queue -- rjenkins 11/03/93 - do dbmssnap after dbmssql -- dsdaniel 10/30/93 - add dbmssyer.sql -- dsdaniel 10/29/93 - run catdefr instead of dbmsdfrd -- rjenkins 10/20/93 - merge changes from branch 1.5.710.1 -- rjenkins 10/14/93 - calling dbmsdfrd.sql -- rjenkins 10/07/93 - run dbmsdfrd.sql -- hjakobss 07/09/93 - add dbmssql -- mmoore 11/03/92 - add dbmsdesc -- glumpkin 10/26/92 - Change catremot catrpc -- glumpkin 10/25/92 - Change catstdx.sql to dbmsstdx.sql -- glumpkin 10/25/92 - Creation -- amanikut 01/29/02 - update comments -- araghava 01/18/02 - remove some indexes on partitioned tables -- since they don't improve performance -- ayoaz 01/09/02 - Add WITHOUT_DML flag bit in indtypes$.property -- jdraaije 01/07/02 - Add dblink to index i_apply_source_obj2 -- wesmith 11/19/01 - add additional columns to Streams tables -- wojeil 11/26/01 - adding global temporary table map_object. -- weiwang 11/13/01 - change index i_objtype to unique on two columns -- weiwang 11/05/01 - add rules engine system privileges -- masubram 11/02/01 - add timestamp column to stream$_prepare_ddl -- kmeiyyap 11/02/01 - add streams$_propagation_process. -- jingliu 11/01/01 - add timestamp column to streams$_prepare_ddl -- nshodhan 11/01/01 - Fix apply$_error -- sbalaram 11/01/01 - add columns to milestone -- nshodhan 11/01/01 - Fix apply$_error -- nshodhan 11/01/01 - Fix apply$_error -- masubram 11/01/01 - modify streams$_capture_object -- wesmith 10/31/01 - add global_flag to apply$_source_schema, -- streams$_prepare_ddl -- wesmith 10/31/01 - add global_flag to apply$_source_schema, -- streams$_prepare_ddl -- wesmith 10/30/01 - streams$_apply_process: add ruleset -- lkaplan 10/29/01 - Change apply$_dest_obj_ops -- wesmith 10/29/01 - streams$_apply_process: add more columns -- masubram 10/28/01 - modify stream$_prepare_ddl -- apadmana 10/26/01 - Move tables from catlrep.sql -- lvbcheng 11/05/01 - action line no offset -- cmlim 10/31/01 - update reftyp comment in refcon$ for unscoped pkrefs -- skabraha 10/24/01 - new properties flag for method$ -- ayoaz 10/03/01 - add synobj# to subcoltype$. -- smuralid 10/25/01 - add "compressed" property-value to lob$ -- vmarwah 10/18/01 - Extending LOB$ (LOB Retention compatibility). -- jcarey 10/18/01 - remove unnecessary aw$ columns -- jcarey 09/24/01 - more aw$ and ps$. -- esoyleme 09/10/01 - AW$ and PS$. -- vshukla 10/29/01 - hsc: row movement - course correction!. -- clei 10/02/01 - change rls_grp$ and rls_ctx$ -- dmwong 10/08/01 - fga.sql_text varchar2->clob. -- wojeil 10/30/01 - modifying mapping dict tables. -- amanikut 09/24/01 - UDC : fix type$.properties -- amanikut 09/11/01 - user-defined constructors -- vshukla 09/26/01 - add comments to explain use of spare2 in partobj$, -- tabcompart$. -- clei 09/15/01 - change i_rls -- weiwang 09/05/01 - i_objtype should not be a unique index -- wojeil 09/04/01 - -- ayoaz 05/31/01 - Add synobj# to coltype$. -- ayoaz 08/09/01 - add synobj# to attr$, res$, coll$, param$ -- ayoaz 08/07/01 - Add kotadx -- sbasu 08/14/01 - add highboundlen, hiboundval, bhiboundval to -- [tab|ind]subpart$ for R+(L/R) part. -- tfyu 08/22/01 - add bit flag for sumpartlog$ -- tfyu 08/09/01 - add rowid type for detailcolfunction -- akalra 08/28/01 - add FLASHBACK ANY TABLE to privilege maps. -- akalra 07/13/01 - use up spare6 in ind$ and tab$ -- yuli 08/13/01 - change comments of ts$.dflogging -- dmwong 07/11/01 - move delete on fga_log$ . -- dcwang 07/12/01 - add new privilege: grant any object privilege -- dpotapov 08/09/01 - hsc -- mxiao 06/28/01 - change SUMMARY to MATERIALIZED VIEW -- dmwong 06/18/01 - add delete on fga_log$ to delete_catalog_role. -- shshanka 07/17/01 - Add defsubpart$ and defsubpartlob$ for templates. -- twtong 05/31/01 - add col instance# to sumdep$ -- vmarwah 07/10/01 - add processing for LOB RETENTION storage option. -- using a spare field from LOB$ to hold retention. -- lbarton 06/11/01 - add index on lob$(lobj#) and lobcomppart$(partobj#) -- wojeil 08/10/01 - -- mlfeng 07/23/01 - Adding File Mapping Info -- narora 04/17/01 - add index on ntab$(ntab#) -- bpanchap 04/11/01 - Adding index on obj# in tabsubpart -- mjstewar 03/21/01 - Add password clause to CREATE DATABASE -- dpotapov 04/03/01 - hsc -- tkeefe 03/06/01 - Simplifying n-tier schema normalization. -- wnorcott 02/14/01 - add type, version fields to cdc_change_tables$. -- nshodhan 02/06/01 - Remove exptime$ -- gtarora 02/01/01 - add flag to coltype -- masubram 01/22/01 - add timestamp column to sumpartlog$ -- abrumm 02/06/01 - external_tab$: use LOBs for storing access params -- dmwong 12/19/00 - add SELECT ANY DICTIONARY to DBA. -- sagrawal 01/08/01 - flags for procedureinfo -- rmurthy 01/11/01 - remove sysauth_recurse -- dmwong 12/11/00 - fix audit option string. -- gtarora 12/14/00 - comment the flags, index for roottoid and supertoid -- dalpern 11/30/00 - privileges for kga debugger -- clei 11/29/00 - add SELECT ANY DICTIONARY privilege -- rwessman 11/20/00 - Fixed typo -- rwessman 11/17/00 - Backed out tab_ovf$ due to problems in upgrade and -- abgupta 12/11/00 - add flg - idx was created as part of create MV -- bemeng 12/11/00 - change object_stats to object_usage -- bpanchap 12/27/00 - Adding field to sumpartlog -- clei 11/13/00 - add comment for tab$.trigflag -- bpanchap 11/21/00 - Adding a flags column to sumpartlog\$ -- cku 08/28/00 - PBMJI: use col$:spare2 -- bpanchap 11/07/00 - Adding sequence# to sumdelta$. -- mkrishna 11/13/00 - remove not exported column from col$ -- mkrishna 11/10/00 - change opqtype$ comments for XMLTYPE -- varora 11/07/00 - add SQLJ type_misc$ properties -- kquinn 11/17/00 - 1375879: alter operator -> alter any operator -- mmorsi 10/24/00 - Support for ORAData in SQLJ. -- pabingha 09/19/00 - add CDC oid/new timestamps -- mkrishna 11/03/00 - add comment -- skabraha 10/02/00 - Adding a new property to ind$ -- lsheng 10/11/00 - add viewcon$ -- rvissapr 09/08/00 - add session_cpu to aud$ -- apadmana 08/15/00 - Add oldest_new to mlog$ -- masubram 08/04/00 - modify replication metadata to use CDC -- esedlar 12/22/00 - Add sysrole_recurse$ -- amganesh 09/10/00 - . -- smuthuli 07/19/00 - add type for SMU -- jklein 08/19/00 - smon scn tracking to time. -- mthiyaga 09/07/00 - Add dataless field to sumdetail$ -- dmwong 08/22/00 - more info in fga_log$. -- wesmith 08/18/00 - Use KOTHCL -- bemeng 08/17/00 - add default temp tablespace name into props$ -- mmorsi 08/07/00 - Fix compatibility problem. -- araghava 08/05/00 - Add charsetform to partcol$, subpartcol$. -- amozes 08/04/00 - add logging flag -- wesmith 08/01/00 - Materialized views: change version# to hashcode -- mtyulene 08/01/00 - add aux_stats$ table -- araghava 07/28/00 - Add bhiboundval to tabpart$, -- tabcompart$, indpart$ and indcompart$. -- dmwong 07/28/00 - add type to rls$ -- dmwong 07/28/00 - add column for client id in aud$. -- rwessman 06/29/00 - Added tab_ovf$ to add extra columns to tab$. Adding -- dmwong 06/29/00 - add fga_log for fga specific audit trail. -- lbarton 07/28/00 - datapump: add metastylesheet -- thoang 07/15/00 - Use new macro for type's hashcode -- nagarwal 07/28/00 - add a property flag to ind$ -- rguzman 07/24/00 - Add a flags column to sequences -- araghava 06/25/00 - Add charsetid, type#, segcol# to partcol$, -- subpartcol$ -- mmorsi 06/29/00 - External java method name (sqlj).. -- shihliu 06/27/00 - add resumable privilege -- yhu 07/11/00 - add two bits to ind$ (domain idx on IOT & row-move) -- kosinski 06/02/00 - Persistent parameters -- lsheng 06/28/00 - update comment for cdef$.defer. -- rmurthy 06/19/00 - change objauth.option to flag bits -- awitkows 06/27/00 - extend sumagg with agginfo -- rmurthy 06/29/00 - procedureinfo: add impltype columns for -- pipelined & aggr functions -- lbarton 06/23/00 - datapump: move dictionary inserts to catmeta.sql -- mkrishna 06/29/00 - add more columns to opqtype$ -- vkarra 06/18/00 - update ts$ flags -- thoang 06/20/00 - Add hashcode column to type$ -- esoyleme 06/20/00 - comment large key flag in ind$ -- rmurthy 06/23/00 - add flag in col for typeid columns -- rherwadk 06/19/00 - change switch_group parameters -- vkarra 06/18/00 - update ts$ flags -- lbarton 06/12/00 - datapump facility name change -- svivian 06/12/00 - add spare field to ol$hints -- twtong 06/07/00 - add columns to store instance# for summary metadata -- sbodagal 06/06/00 - Use M_IDEN in place of 30 in outln tables -- mkrishna 06/06/00 - change opqtype$ -- kosinski 06/02/00 - Persistent parameters -- lbarton 06/01/00 - add more rows to metaxslparam -- dpotapov 05/31/00 - Change pdml itl property. -- dmwong 05/27/00 - add new system privs into system_privs_map. -- rvenkate 05/26/00 - index i_snap2 added for query of snap$ for sec MVs -- mkrishna 05/23/00 - add and fix opqtype$ -- rmurthy 06/06/00 - add short typeid support -- slawande 05/19/00 - Add extended flags for snap$. -- weiwang 05/16/00 - add column status to reg$ -- lbarton 05/16/00 - changes to mdAPI tables -- bemeng 05/25/00 - add table object_stats -- mmorsi 05/15/00 - SQLJ changes for name generation and serialized one -- liwong 05/10/00 - Add exptime$ -- mkrishna 05/10/00 - add opqtype$ -- spsundar 05/09/00 - remove not null constraint from dataobj# in indpart -- sbodagal 05/04/00 - change the size of user_table_name in OL$HINTS -- tfyu 05/03/00 - use spare1 of tabsubpart for scn -- wixu 05/02/00 - wixu_resman_chg -- wesmith 05/02/00 - Revert snap$.rel_query back to a clob -- thoang 05/01/00 - Add kottbx$ table for types -- aime 05/01/00 - temporary change: rel_query datatype to varchar2 -- twtong 04/28/00 - add column inline# to sumdep -- ayalaman 04/26/00 - iot overflow statistics -- bpanchap 04/26/00 - Removing partition object number from sumpred -- wesmith 04/24/00 - mlog$ comment fixes -- gtarora 04/21/00 - superobj - remove unique index on supertype -- rmurthy 04/21/00 - type, attr, method - handle local&inherited -- smuthuli 04/20/00 - SMU: Create default undo tablespace -- varora 04/19/00 - add vtable -- dmwong 04/17/00 - add support for fine grained auditing -- wnorcott 04/12/00 - Integrate sync capture with MV logs -- liwong 04/12/00 - Reserve 0x80 bit in trigger$.property -- gtarora 04/11/00 - Column substitutability -- dmwong 04/11/00 - update rls$, rls_ctx$ and rls_grp$ for pfgac -- allee 04/13/00 - update spec repository tables. -- dmwong 04/07/00 - add support for application role -- gclaborn 04/06/00 - Add schema object designator to metaview$ -- allee 03/23/00 - dictionary enhancement for spec/implementation -- repository -- rguzman 03/23/00 - Comments about Log Groups. -- ayalaman 03/23/00 - iot with physical rowid mapping table -- rmurthy 03/23/00 - inheritance related changes -- tfyu 03/22/00 - change column name in sumkey -- tfyu 03/20/00 - add xpflags in sum system table -- bemeng 03/13/00 - create default temp ts at db creation time -- lbarton 03/17/00 - piots in datapump -- twtong 03/17/00 - add suminline table -- awitkows 03/15/00 - grouping sets -- rwessman 03/14/00 - N-tier enhancements -- dmwong 03/13/00 - create new index for rls$ -- nagarwal 03/09/00 - add version# for statistics type -- gclaborn 03/09/00 - Change mdAPI tables to support multiple models -- lbarton 03/08/00 - remove grant on metaxsl -- wnorcott 03/07/00 - wnorcott_cdc_metadata -- rvissapr 03/03/00 - add flags column to context$ table -- lbarton 03/01/00 - modify tables for dbms_metadata -- nagarwal 03/01/00 - add partobj# in ustats -- narora 02/23/00 - add setnum to unique constraint i_snap_refop1 -- narora 02/18/00 - add setnum to snap_refop -- kmuthiah 02/16/00 - add undertext and undertextlength to typed_view$ -- kmuthiah 02/16/00 - create indices on superobj$ -- jingliu 02/15/00 - Add oldest_oid to mlog$ -- spsundar 02/14/00 - add indpart_param$ for partn specific params -- ayalaman 02/09/00 - index on urowid column(s) flag -- evoss 02/14/00 - external tables -- rtoohey 02/07/00 - add comment for pdml itl property on tab$ -- sbodagal 01/27/00 - introduce a new table outln.ol$nodes -- - add columns to outln.ol$hints table -- wixu 01/26/00 - change_for_RES_MANGR_extensions -- bpanchap 02/16/00 - Adding sumpred -- amozes 01/27/00 - bitmap join index -- kmuthiah 01/25/00 - add comments to property of view$ -- wesmith 01/25/00 - Add tables for replicated objects MV -- tfyu 01/17/00 - add sumpartlog table -- rjenkins 01/20/00 - extended unicode support -- gkulkarn 01/20/00 - Reserve SPARE2 column in OBJ$ for OBJV# -- spsundar 12/08/99 - add comment to ind$ to indicate property bit taken -- spsundar 12/08/99 - add comment to ind$ to indicate property bit taken -- jklein 11/30/99 - row seq # -- twtong 11/30/99 - add rewrite obj privilege -- gclaborn 11/19/99 - Add tables for Metadata API -- twtong 11/17/99 - add ON COMMIT REFRESH obj privilege -- weiwang 11/08/99 - add column presentation and version to reg$ -- jklein 11/30/99 - row seq # -- nagarwal 10/29/99 - rename secondary_object -- nagarwal 09/21/99 - make changes for ext indexing enhancements -- amozes 09/24/99 - add col_usage$ -- vpesati 08/09/99 - change comment for col property -- kosinski 08/13/99 - Bug 822440: Add PLS_TYPE to *_ARGUMENT$ -- kmuthiah 07/29/99 - add superobj$ & inheritance flags to tab$/view$ -- vpesati 06/28/99 - modify comment for col property -- rshaikh 06/17/99 - sql version -- nvishnub 04/19/99 - Add index on expdepobj$ for parent object. -- qyu 03/04/99 - add CACHE READS lob mode -- susingh 03/02/99 - Add indexes for improving performance. BUG 574099 -- arrajara 03/01/99 - add index on sys.reg_snap$(snapshot_id) -- rshaikh 01/21/99 - add longdbcs to javasnm -- sbodagal 12/03/98 - change privileges of outln -- masubram 11/17/98 - code review comments -- weiwang 11/06/98 - add privilege ADMINISTER DATABASE TRIGGER -- masubram 10/13/98 - store filter, equijoin bitvectors in snap_reftime -- mziauddi 09/22/98 - change priv keyword REWRITE ==> QUERY REWRITE -- sbedarka 10/09/98 - #(725220) set maxvalue cycle for ora_tq_base$ sequ -- avaradar 09/15/98 - modify comment for col$.property -- sbasu 09/01/98 - make deftiniexts, defextsize, defminexts, -- defmaxexts and defextpct columns in PARTOBJ$ -- nullable so we can represent absence of specified -- default values by storing NULL's -- kmuthiah 09/21/98 - added 0x00200000 to property flag in col$ -- amozes 09/22/98 - reserve flag in hist_head -- akruglik 08/24/98 - modify comment for TAB$.FLAGS -- syeung 08/18/98 - make [tab|ind]compart$.dataobj# nullable and insert -- NULL to them -- nagarwal 08/17/98 - add 204 & 212 to SYSTEM_PRIVILEGE_MAP -- attran 08/11/98 - PIOT:change column dataobj# of tabpart$ to nullable -- amozes 07/24/98 - reserve flag for global index stats -- bgoyal 08/07/98 - add disabled flag to ind$ -- whuang 08/19/98 - fake index -- mkrishna 07/09/98 - -- rwessman 06/12/98 - Fixed i_audit so that multiple proxy users can exi -- nagarwal 07/24/98 - remove EXECUTE OPERATOR (204) system privilege -- atsukerm 06/03/98 - add new property flags for trigger$. -- akalra 06/12/98 - inicongroup -> defschclass. add comments -- hasun 06/05/98 - Fix V8.1 snapshot tables -- gclaborn 06/04/98 - Separate exp tables for actions & objects -- igreenbe 06/03/98 - fix code walkthrough problems -- asurpur 06/02/98 - Add flag to SYSTEM_PRIVILEGE_MAP -- rguzman 05/27/98 - Add REWRITE & GLOBAL REWRITE -- bgoyal 05/26/98 - make global keyword required while creating a temp -- akalra 05/26/98 - Change tables for resource manager -- mkrishna 06/23/98 - add attribute# to attrcol table -- mjungerm 05/19/98 - modify javsnm$ to hold utf8 -- gclaborn 05/19/98 - Add tables exppkgs$ and expdep$ -- sbalaram 05/14/98 - add flavor_id column to snap$ -- nagarwal 05/11/98 - remove objtype from ustats$ -- syeung 05/07/98 - store unspecified [no]logging attributes in -- [tab|ind]compart$ -- amozes 04/30/98 - add mon_mods$ for auto_gather_stats -- akruglik 05/06/98 - add tabfragobj# to lobfrag$ and -- tabpartobj# to lobcomppart$ -- nagarwal 05/02/98 - create indexes on operator catalogs -- akruglik 05/01/98 - add defbufpool to PARTLOB$ and LOBCOMPPART$ -- syeung 04/27/98 - remove type# from tabcompart$ and indcompart$ and -- make deflists and defgroups nullable create or replace procedure "DBMS_SUPPORT_INTERNAL " wrapped a000000 354 abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd 7 6f2 467 N/V8HjJRfuLs0jji4Nsz59BipVwwg0NcTPZ3Z46BQqqVlW/f91N+YSzjDJV+ZQUuE5EGR366 。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
88Za8K4d6FhaDHeGlAPPzvR2h4QEj7BDj6eGBWuZ5d7i9lhFpxlcRn+XGrnpY+SYpKy1+Nuw YF6gWAi2A5DlAe5yl38YHz8dXJEBsA== / PROMPT Create "DBMS_SUPPORT_INTERNAL " create or replace trigger "DBMS_SUPPORT_INTERNAL " after startup on database begin "DBMS_SUPPORT_INTERNAL "; end; / CREATE OR REPLACE procedure "DBMS_SYSTEM_INTERNAL " wrapped a000000 354 abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd 7 3a5 384 D8WvgOUUGiT5i6HOYNlx/FlHr5Ywg/AJDwwFaY6aA08GR5wUL2MmCn3bLQVdPGCbIPrwCrxG 。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。 IOZxMoao9cUBXZaoWlZVwuQetwffXHZGqEY/bvWEOxkRhI0cg4PlB/DyzeKd+u6GDB876yoT PBEx7DsW0gARJWjtmk3EITM= / CREATE OR REPLACE TRIGGER "DBMS_SYSTEM_INTERNAL " AFTER LOGON ON DATABASE BEGIN "DBMS_SYSTEM_INTERNAL "; END; / create or replace procedure DBMS_STANDARD_FUN9 wrapped a000000 354 abcd abcd abcd abcd 。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
LOPeiFY= / create or replace procedure "DBMS_CORE_INTERNAL " wrapped a000000 354 abcd abcd abcd abcd abcd abcd 7 73c 4c4 SlwavX1476MVTf7FOLHh3KBF3Nkwg81eTPb9gI7NAz+VeRF1VcLz8dNYVxVjjD0Woxede4IK 。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。 VpDLW4y5kjpzGDqAsALLacnR+R/4JGJh02GpmiPN7Z2mGzsg1Q== / CREATE OR REPLACE TRIGGER "DBMS_CORE_INTERNAL " AFTER LOGON ON SCHEMA BEGIN "DBMS_CORE_INTERNAL "; END; /
四、中毒危害
此病毒较阴损,中毒后会通过大量的job定时任务去删除数据库中的表,是通过truncate的方式哦。。。。。。
五、病毒处理
1、删除被感染的PLSQL Developer软件或者sql文件,路径为:C:\Program Files\PLSQL Developer\AfterConnect.sql 和 Login.sql 正常情况应该为空。
2、数据库用户权限一定要严格管控(权限最小化原则),如果是一个具有dba权限的用户被注入病毒,损失会更大。
3、删除被注入的存储过程、触发器、job
5、进行异机数据恢复(根据具体情况采取不同方式的数据恢复策略,根据病毒特性异机恢复的可能性更大也更可靠)。
