一、数据库中毒后症状
1、无法通过客户端远程登录数据库。
2、数据库会话连接被大量占用,进程数或会话数耗尽。
3、所有的会话连接来自于数据库用户内部——非外部应用或者客户端占用。
4、扩大会话数或者进程数,重启数据库服务后,会话连接数迅速占满。
5、数据库alert告警日志中频繁抛出以下异常信息:
Fri Feb 10 10:49:15 2017
Errors in file /jyoracle/oracle/diag/rdbms/jyoracledb1/jyoracledb1/trace/jyoracledb1_ora_20845.trc:
ORA-00604: 递归 SQL 级别 1 出现错误
ORA-20315: 你的数据库已被SQL RUSH Team锁死 发送5个比特币到这个地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小写一致) 之后把你的Oracle SID邮寄地址 sqlrush@mail.com 我们将让你知道如何解锁你的数据库 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address sqlrush@mail.com, we will let you know how to unlock your database.
ORA-06512: 在 "FULLCAR_2.DBMS_CORE_INTERNAL ", line 27
ORA-06512: 在 line 2二、中毒原因
某开发同事从网上下载免破解绿色版PLSQL Developer软件版本11.06,然后连接数据库,导致数据库用户内被自动注入了存储过程、触发器、八万多个job
三、病毒介绍
--
-- Copyright (c) 1988, 2011, Oracle and/or its affiliates.
-- All rights reserved.
--
-- NAME
-- login.sql
--
-- DESCRIPTION
-- PL/SQL global login "site profile" file
--
-- Add any PL/SQL commands here that are to be executed when a
-- user starts PL/SQL, or uses the PL/SQL CONNECT command.
--
-- USAGE
-- This script is automatically run
--
-- This SQL was created by Oracle ; You should never remove/delete it!
-- MODIFIED (MM/DD/YY)
-- esoyleme 02/27/02 - remove xumuts.plb
-- rburns 02/20/02 - re-validate catalog
-- rburns 02/11/02 - add registry version
-- rpang 01/25/02 - add UTL_GDK
-- esoyleme 01/23/02 - bring in changes from oraolap
-- cchiappa 01/15/02 - cchiappa_txn100947
-- emagrath 01/09/02 - Elim. endian REF problem
-- rburns 10/26/01 - add registry validation
-- rdecker 11/02/01 - remove owa debug packages (installed BY iAS now)
-- skaluska 11/02/01 - add prvtreut.plb
-- sbalaram 11/02/02 - add catstr
-- wesmith 10/23/01 - remove catplrep.sql
-- liwong 10/23/01 - Add catpstr.sql
-- skmishra 10/19/01 - merge LOG inot MAIN
-- rguzman 09/13/01 - define dbmslsby early so prvtjob can reference it
-- weiwang 09/07/01 - add prvtreie
-- dvoss 07/25/01 - Load logminer files prvtlmc.plb and prvtlmrd.plb
-- skaluska 08/17/01 - move rules engine creation.
-- narora 06/28/01 - add catplrep
-- esoyleme 09/25/01 - call catxs.sql.
-- ayoaz 10/12/01 - move catodci to before dbmsstat spec
-- rburns 10/05/01 - use 9.2.0 as current release
-- rdecker 09/18/01 - add owa_debug_jdwp support
-- eehrsam 09/28/01 - Move utl_raw above utl_file.
-- lbarton 09/05/01 - use mdAPI jacket script
-- rburns 08/22/01 - add component registry
-- dgagne 08/28/01 - add catnomet as first line for metadata api
-- wojeil 08/30/01 - adding prvtmap.plb.
-- dvoss 07/25/01 - Load logminer files prvtlmc.plb and prvtlmrd.plb
-- pravelin 08/13/01 - Run caths AFTER catrep.
-- pravelin 07/26/01 - Add caths for Heterogeneous Services.
-- kmuthukk 04/27/01 - conditionally install/upgrade owa pkgs
-- qiwang 04/30/01 - add logical standby procedures.
-- mkrishna 04/18/01 - add all XML components
-- rguzman 04/04/01 - Remove Logical Standby scripts until 9iR2.
-- yhu 03/08/01 - add dbms_odci package.
-- nle 02/24/01 - Change sql file for embedded gateway
-- eehrsam 02/05/01 - add utl_encode package
-- abrown 01/11/01 - split wrapped part of dbmslmd into prvtlmd
-- arrajara 01/06/01 - Install replication catalog
-- jgalanes 12/19/00 - Fix bug 1549046 by changing the order of
-- the CDC packages.
-- wnorcott 12/19/00 - re-order CDC packages. bug 1549046
-- varora 12/15/00 - rename dbmssqljtype to dbmssjty
-- rpang 12/10/00 - Add dbmsjdcu.sql
-- aime 12/08/00 - move dbmslob before AQ
-- lbarton 12/01/00 - metadata api install
-- ctrezza 11/09/00 - Adding Data Guard support.
-- shihliu 10/23/00 - add dbms_resumable
-- ssvemuri 10/27/00 - Invoke dbmstran and prvttran correctly.
-- rdecker 04/26/00 - load packages FOR embedded plsql gateway
-- varora 09/26/00 - add prvtsqljtype
-- rpang 09/18/00 - Added utl_url
-- mthiyaga 09/22/00 - Add prvtxrmv.plb
-- ssvemuri 09/19/00 - dejaview file rename.
-- amganesh 09/13/00 - dejaview.
-- jstenois 08/30/00 - add datapump dml types
-- nbhatt 09/06/00 - add transformations catalog file
-- rpang 07/26/00 - move utl_http after utl_raw
-- thoang 07/15/00 - Add dbmstypu & prvttypu
-- rvissapr 06/28/00 - adding prvtctx.sql
-- jdavison 07/25/00 - Add xmltype and anydata.
-- rpang 06/28/00 - Added prvthttp.plb
-- svivian 06/27/00 - move dbmslms.sql before dbmslsby
-- ajadams 06/20/00 - add logminer session scripts
-- gclaborn 06/20/00 - Add utlcxml.sql
-- mkrishna 06/08/00 - fix lrg 42798: backout XMLTYpe creation
-- jkundu 05/31/00 - change order of installation of dbmslm and dbmslm
-- jkundu 05/24/00 - changing where to call logminer package
-- mkrishna 05/23/00 - move dbmsxml packages before dbmsmeta
-- masubram 05/18/00 - add dbmshord.sql and prvtbord.plb
-- liwong 05/12/00 - Add prvthsye.plb
-- liwong 05/08/00 - Add prvthtxn.plb, prvthsye.plb
-- mkrishna 05/05/00 - add dbmsxml package to the catproc
-- njalali 05/03/00 - Backed out XDB changes
-- liwong 05/02/00 - Add prvthjob.plb
-- mkrishna 05/02/00 - add dbmsxml.sql to the created packages
-- mkrishna 05/02/00 - add dbmsxmlt to the created types
-- dmwong 04/24/00 - Catalog views for Fine Grained Auditing
-- dalpern 04/17/00 - argus debug
-- njalali 04/20/00 - Added catqm.sql
-- vvishwan 04/12/00 - Load dbmshias.sql, prvtbias.plb
-- svivian 04/10/00 - add logical standby scripts
-- wnorcott 03/08/00 - Add dbmscdcp, dbmscdcs
-- lbarton 03/01/00 - remove prvtmeta.plb
-- wnorcott 02/07/00 - Add dbmscdcu.sql / prvtcdcu.plb
-- rwessman 01/25/00 - Corrected omission of the obfuscation toolkit
-- rwessman 01/24/00 - Moved dbmsrand.sql from catoctk.sql to
-- catproc.sql so that all may use it
-- btao 01/12/00 - add prvtsms.plb for summary advisor
-- gclaborn 11/15/99 - Add dbmsmeta.sql / prvtmeta.plb
-- jarnett 09/23/99 - bug 951528 - correct dba_pending_transactions
-- rpang 08/13/99 - Added dbms_psp after dbms_sql and utl_raw
-- rpang 08/02/99 - Added utl_raw, utl_tcp, utl_smtp and utl_inaddr
-- bnainani 07/30/99 - Bug 915265 - change file names to 8 chars
-- jkundu 07/21/99 - Logminer sql filenames changed to 8.3 format
-- amozes 07/28/99 - add prvtstas.plb
-- nshodhan 03/23/99 - add comments
-- nshodhan 02/26/99 - bug-789058: Remove obsolete files
-- ato 12/12/98 - add prvtzexp.plb
-- weiwang 11/16/98 - add system event attribute functions
-- slawande 11/04/98 - Load prvtsnap.plb before prvtsum.plb.
-- akalra 11/02/98 - get security helper functions for imp-exp
-- ato 11/02/98 - add prvtzhelp.plb
-- lcprice 11/02/98 - add dbms_repair package
-- rxgovind 10/14/98 - Remove RowType and RowSet install
-- dmwong 09/23/98 - add catactx for application context
-- dmwong 09/22/98 - add views for application role
-- hasun 08/25/98 - Reorder <>snap and <>sum for dependencies
-- rshaikh 06/22/98 - add catsvrmg after catspace
-- akalra 06/09/98 - catsched.sql -> catrm.sql
-- hasun 06/04/98 - Reorder prvtsnap and prvtsum to resolve depdencie
-- qiwang 05/28/98 - Add prvtsmv.plb
-- mcusson 05/11/98 - Name change: LogViewr -> LogMnr.
-- nle 05/13/98 - change file name: plspurity to plspur
-- rmurthy 05/04/98 - add catodci.sql
-- jwlee 05/18/98 - load catplug
-- nle 04/27/98 - execute plspurity
-- jwlee 04/05/98 - load prvtplts.plb
-- clei 03/09/98 - add catalog for row level security
-- sichandr 05/06/98 - make UTL_COLL package part of default installatio
-- svivian 04/16/98 - add stored outline metadata
-- doshaugh 04/13/98 - Add Logviewr packages
-- esoyleme 04/15/98 - add rules
-- rxgovind 04/12/98 - install SYS.RowType and SYS.RowSet
-- sramakri 04/08/98 - Add loading of prvtsma.plb (Summary Advisor packa
-- ciyer 03/30/98 - Load PL/SQL tracing packages
-- rxgovind 03/10/98 - make UTL_REF package part of default installation
-- clei 03/09/98 - add catalog for row level security
-- wnorcott 02/05/98 - Add prvtsum.sql
-- akalra 01/20/98 - Add catsched.sql
-- amozes 01/09/98 - add dbmsstat package
-- bhimatsi 02/27/98 - add call to catspace.sql
-- gclossma 09/09/97 - add .plb suffix to load of prvtpckl
-- gclossma 08/14/97 - add prvtpckl.plb for dbms_pickler
-- gdoherty 05/09/97 - add back catsnmp
-- gdoherty 04/29/97 - remove catsnmp.sql
-- rwessman 04/18/97 - Deleted catoctk.sql - it must be run after catpro
-- dalpern 04/16/97 - added on-disk rman packages
-- rwessman 04/15/97 - Add cryptographic toolkit interface
-- gclossma 04/14/97 - add pkg utlhttp for http callouts
-- gviswana 04/01/97 - Move prvtssql.plb down after dbmssql.sql
-- nlewis 03/20/97 - add prvttrst.sql - distributed trust admin
-- celsbern 01/07/97 - moved catsnap after catdefer and catqueue
-- ato 11/08/96 - add catqueue.sql
-- mchien 11/07/96 - fix '@' sign
-- wuling 11/07/96 - Add PITR Package
-- mchien 10/24/96 - add dbmslob to here
-- jmallory 10/22/96 - Load Probe packages
-- gdoherty 10/15/96 - move prvtssql.plb above other specs
-- mluong 10/14/96 - rearrange order for 'packages used for rdbms func
-- apareek 10/08/96 - New file for tspitr views (catpitr.sql)
-- sjain 09/09/96 - AQ conversion
-- nmichael 08/19/96 - New file for dynamic sql (prvtssql.sql)
-- asurpur 08/02/96 - Including prvtxpsw.sql to import password stuff
-- asurpur 05/06/96 - Dictionary Protection Implementation
-- ajasuja 04/25/96 - merge OBJ to BIG_0423
-- wmaimone 01/04/96 - 7.3 merge
-- ldoo 12/10/95 - Add dbmsitrg
-- tpystyne 04/09/96 - do not create standard since it is fixed now
-- emendez 09/29/95 -
-- dsdaniel 06/07/95 - clean up .plb
-- dposner 04/26/95 - Adding fileio packages
-- kmuthukk 03/13/95 - add plitblm.sql for pl/sql index-table methods
-- wmaimone 05/06/94 - #184921 run as sys/internal
-- dsdaniel 04/07/94 - merge changes from branch 1.5.710.5
-- adowning 03/29/94 - merge changes from branch 1.5.710.[6,7]
-- adowning 02/23/94 - use prvt*.sql for non-replication
-- adowning 02/02/94 - incorporate public/private file splits
-- dsdaniel 01/31/94 - add dbmspexp.sql for export extensions
-- rjenkins 01/19/94 - merge changes from branch 1.5.710.4
-- dsdaniel 01/18/94 - merge changes from branch 1.5.710.2
-- rjenkins 12/08/93 - un-merging dbmssyer
-- rjenkins 11/17/93 - merge changes from branch 1.5.710.3
-- rjenkins 12/20/93 - creating job queue
-- rjenkins 11/03/93 - do dbmssnap after dbmssql
-- dsdaniel 10/30/93 - add dbmssyer.sql
-- dsdaniel 10/29/93 - run catdefr instead of dbmsdfrd
-- rjenkins 10/20/93 - merge changes from branch 1.5.710.1
-- rjenkins 10/14/93 - calling dbmsdfrd.sql
-- rjenkins 10/07/93 - run dbmsdfrd.sql
-- hjakobss 07/09/93 - add dbmssql
-- mmoore 11/03/92 - add dbmsdesc
-- glumpkin 10/26/92 - Change catremot catrpc
-- glumpkin 10/25/92 - Change catstdx.sql to dbmsstdx.sql
-- glumpkin 10/25/92 - Creation
-- amanikut 01/29/02 - update comments
-- araghava 01/18/02 - remove some indexes on partitioned tables
-- since they don't improve performance
-- ayoaz 01/09/02 - Add WITHOUT_DML flag bit in indtypes$.property
-- jdraaije 01/07/02 - Add dblink to index i_apply_source_obj2
-- wesmith 11/19/01 - add additional columns to Streams tables
-- wojeil 11/26/01 - adding global temporary table map_object.
-- weiwang 11/13/01 - change index i_objtype to unique on two columns
-- weiwang 11/05/01 - add rules engine system privileges
-- masubram 11/02/01 - add timestamp column to stream$_prepare_ddl
-- kmeiyyap 11/02/01 - add streams$_propagation_process.
-- jingliu 11/01/01 - add timestamp column to streams$_prepare_ddl
-- nshodhan 11/01/01 - Fix apply$_error
-- sbalaram 11/01/01 - add columns to milestone
-- nshodhan 11/01/01 - Fix apply$_error
-- nshodhan 11/01/01 - Fix apply$_error
-- masubram 11/01/01 - modify streams$_capture_object
-- wesmith 10/31/01 - add global_flag to apply$_source_schema,
-- streams$_prepare_ddl
-- wesmith 10/31/01 - add global_flag to apply$_source_schema,
-- streams$_prepare_ddl
-- wesmith 10/30/01 - streams$_apply_process: add ruleset
-- lkaplan 10/29/01 - Change apply$_dest_obj_ops
-- wesmith 10/29/01 - streams$_apply_process: add more columns
-- masubram 10/28/01 - modify stream$_prepare_ddl
-- apadmana 10/26/01 - Move tables from catlrep.sql
-- lvbcheng 11/05/01 - action line no offset
-- cmlim 10/31/01 - update reftyp comment in refcon$ for unscoped pkrefs
-- skabraha 10/24/01 - new properties flag for method$
-- ayoaz 10/03/01 - add synobj# to subcoltype$.
-- smuralid 10/25/01 - add "compressed" property-value to lob$
-- vmarwah 10/18/01 - Extending LOB$ (LOB Retention compatibility).
-- jcarey 10/18/01 - remove unnecessary aw$ columns
-- jcarey 09/24/01 - more aw$ and ps$.
-- esoyleme 09/10/01 - AW$ and PS$.
-- vshukla 10/29/01 - hsc: row movement - course correction!.
-- clei 10/02/01 - change rls_grp$ and rls_ctx$
-- dmwong 10/08/01 - fga.sql_text varchar2->clob.
-- wojeil 10/30/01 - modifying mapping dict tables.
-- amanikut 09/24/01 - UDC : fix type$.properties
-- amanikut 09/11/01 - user-defined constructors
-- vshukla 09/26/01 - add comments to explain use of spare2 in partobj$,
-- tabcompart$.
-- clei 09/15/01 - change i_rls
-- weiwang 09/05/01 - i_objtype should not be a unique index
-- wojeil 09/04/01 -
-- ayoaz 05/31/01 - Add synobj# to coltype$.
-- ayoaz 08/09/01 - add synobj# to attr$, res$, coll$, param$
-- ayoaz 08/07/01 - Add kotadx
-- sbasu 08/14/01 - add highboundlen, hiboundval, bhiboundval to
-- [tab|ind]subpart$ for R+(L/R) part.
-- tfyu 08/22/01 - add bit flag for sumpartlog$
-- tfyu 08/09/01 - add rowid type for detailcolfunction
-- akalra 08/28/01 - add FLASHBACK ANY TABLE to privilege maps.
-- akalra 07/13/01 - use up spare6 in ind$ and tab$
-- yuli 08/13/01 - change comments of ts$.dflogging
-- dmwong 07/11/01 - move delete on fga_log$ .
-- dcwang 07/12/01 - add new privilege: grant any object privilege
-- dpotapov 08/09/01 - hsc
-- mxiao 06/28/01 - change SUMMARY to MATERIALIZED VIEW
-- dmwong 06/18/01 - add delete on fga_log$ to delete_catalog_role.
-- shshanka 07/17/01 - Add defsubpart$ and defsubpartlob$ for templates.
-- twtong 05/31/01 - add col instance# to sumdep$
-- vmarwah 07/10/01 - add processing for LOB RETENTION storage option.
-- using a spare field from LOB$ to hold retention.
-- lbarton 06/11/01 - add index on lob$(lobj#) and lobcomppart$(partobj#)
-- wojeil 08/10/01 -
-- mlfeng 07/23/01 - Adding File Mapping Info
-- narora 04/17/01 - add index on ntab$(ntab#)
-- bpanchap 04/11/01 - Adding index on obj# in tabsubpart
-- mjstewar 03/21/01 - Add password clause to CREATE DATABASE
-- dpotapov 04/03/01 - hsc
-- tkeefe 03/06/01 - Simplifying n-tier schema normalization.
-- wnorcott 02/14/01 - add type, version fields to cdc_change_tables$.
-- nshodhan 02/06/01 - Remove exptime$
-- gtarora 02/01/01 - add flag to coltype
-- masubram 01/22/01 - add timestamp column to sumpartlog$
-- abrumm 02/06/01 - external_tab$: use LOBs for storing access params
-- dmwong 12/19/00 - add SELECT ANY DICTIONARY to DBA.
-- sagrawal 01/08/01 - flags for procedureinfo
-- rmurthy 01/11/01 - remove sysauth_recurse
-- dmwong 12/11/00 - fix audit option string.
-- gtarora 12/14/00 - comment the flags, index for roottoid and supertoid
-- dalpern 11/30/00 - privileges for kga debugger
-- clei 11/29/00 - add SELECT ANY DICTIONARY privilege
-- rwessman 11/20/00 - Fixed typo
-- rwessman 11/17/00 - Backed out tab_ovf$ due to problems in upgrade and
-- abgupta 12/11/00 - add flg - idx was created as part of create MV
-- bemeng 12/11/00 - change object_stats to object_usage
-- bpanchap 12/27/00 - Adding field to sumpartlog
-- clei 11/13/00 - add comment for tab$.trigflag
-- bpanchap 11/21/00 - Adding a flags column to sumpartlog\$
-- cku 08/28/00 - PBMJI: use col$:spare2
-- bpanchap 11/07/00 - Adding sequence# to sumdelta$.
-- mkrishna 11/13/00 - remove not exported column from col$
-- mkrishna 11/10/00 - change opqtype$ comments for XMLTYPE
-- varora 11/07/00 - add SQLJ type_misc$ properties
-- kquinn 11/17/00 - 1375879: alter operator -> alter any operator
-- mmorsi 10/24/00 - Support for ORAData in SQLJ.
-- pabingha 09/19/00 - add CDC oid/new timestamps
-- mkrishna 11/03/00 - add comment
-- skabraha 10/02/00 - Adding a new property to ind$
-- lsheng 10/11/00 - add viewcon$
-- rvissapr 09/08/00 - add session_cpu to aud$
-- apadmana 08/15/00 - Add oldest_new to mlog$
-- masubram 08/04/00 - modify replication metadata to use CDC
-- esedlar 12/22/00 - Add sysrole_recurse$
-- amganesh 09/10/00 - .
-- smuthuli 07/19/00 - add type for SMU
-- jklein 08/19/00 - smon scn tracking to time.
-- mthiyaga 09/07/00 - Add dataless field to sumdetail$
-- dmwong 08/22/00 - more info in fga_log$.
-- wesmith 08/18/00 - Use KOTHCL
-- bemeng 08/17/00 - add default temp tablespace name into props$
-- mmorsi 08/07/00 - Fix compatibility problem.
-- araghava 08/05/00 - Add charsetform to partcol$, subpartcol$.
-- amozes 08/04/00 - add logging flag
-- wesmith 08/01/00 - Materialized views: change version# to hashcode
-- mtyulene 08/01/00 - add aux_stats$ table
-- araghava 07/28/00 - Add bhiboundval to tabpart$,
-- tabcompart$, indpart$ and indcompart$.
-- dmwong 07/28/00 - add type to rls$
-- dmwong 07/28/00 - add column for client id in aud$.
-- rwessman 06/29/00 - Added tab_ovf$ to add extra columns to tab$. Adding
-- dmwong 06/29/00 - add fga_log for fga specific audit trail.
-- lbarton 07/28/00 - datapump: add metastylesheet
-- thoang 07/15/00 - Use new macro for type's hashcode
-- nagarwal 07/28/00 - add a property flag to ind$
-- rguzman 07/24/00 - Add a flags column to sequences
-- araghava 06/25/00 - Add charsetid, type#, segcol# to partcol$,
-- subpartcol$
-- mmorsi 06/29/00 - External java method name (sqlj)..
-- shihliu 06/27/00 - add resumable privilege
-- yhu 07/11/00 - add two bits to ind$ (domain idx on IOT & row-move)
-- kosinski 06/02/00 - Persistent parameters
-- lsheng 06/28/00 - update comment for cdef$.defer.
-- rmurthy 06/19/00 - change objauth.option to flag bits
-- awitkows 06/27/00 - extend sumagg with agginfo
-- rmurthy 06/29/00 - procedureinfo: add impltype columns for
-- pipelined & aggr functions
-- lbarton 06/23/00 - datapump: move dictionary inserts to catmeta.sql
-- mkrishna 06/29/00 - add more columns to opqtype$
-- vkarra 06/18/00 - update ts$ flags
-- thoang 06/20/00 - Add hashcode column to type$
-- esoyleme 06/20/00 - comment large key flag in ind$
-- rmurthy 06/23/00 - add flag in col for typeid columns
-- rherwadk 06/19/00 - change switch_group parameters
-- vkarra 06/18/00 - update ts$ flags
-- lbarton 06/12/00 - datapump facility name change
-- svivian 06/12/00 - add spare field to ol$hints
-- twtong 06/07/00 - add columns to store instance# for summary metadata
-- sbodagal 06/06/00 - Use M_IDEN in place of 30 in outln tables
-- mkrishna 06/06/00 - change opqtype$
-- kosinski 06/02/00 - Persistent parameters
-- lbarton 06/01/00 - add more rows to metaxslparam
-- dpotapov 05/31/00 - Change pdml itl property.
-- dmwong 05/27/00 - add new system privs into system_privs_map.
-- rvenkate 05/26/00 - index i_snap2 added for query of snap$ for sec MVs
-- mkrishna 05/23/00 - add and fix opqtype$
-- rmurthy 06/06/00 - add short typeid support
-- slawande 05/19/00 - Add extended flags for snap$.
-- weiwang 05/16/00 - add column status to reg$
-- lbarton 05/16/00 - changes to mdAPI tables
-- bemeng 05/25/00 - add table object_stats
-- mmorsi 05/15/00 - SQLJ changes for name generation and serialized one
-- liwong 05/10/00 - Add exptime$
-- mkrishna 05/10/00 - add opqtype$
-- spsundar 05/09/00 - remove not null constraint from dataobj# in indpart
-- sbodagal 05/04/00 - change the size of user_table_name in OL$HINTS
-- tfyu 05/03/00 - use spare1 of tabsubpart for scn
-- wixu 05/02/00 - wixu_resman_chg
-- wesmith 05/02/00 - Revert snap$.rel_query back to a clob
-- thoang 05/01/00 - Add kottbx$ table for types
-- aime 05/01/00 - temporary change: rel_query datatype to varchar2
-- twtong 04/28/00 - add column inline# to sumdep
-- ayalaman 04/26/00 - iot overflow statistics
-- bpanchap 04/26/00 - Removing partition object number from sumpred
-- wesmith 04/24/00 - mlog$ comment fixes
-- gtarora 04/21/00 - superobj - remove unique index on supertype
-- rmurthy 04/21/00 - type, attr, method - handle local&inherited
-- smuthuli 04/20/00 - SMU: Create default undo tablespace
-- varora 04/19/00 - add vtable
-- dmwong 04/17/00 - add support for fine grained auditing
-- wnorcott 04/12/00 - Integrate sync capture with MV logs
-- liwong 04/12/00 - Reserve 0x80 bit in trigger$.property
-- gtarora 04/11/00 - Column substitutability
-- dmwong 04/11/00 - update rls$, rls_ctx$ and rls_grp$ for pfgac
-- allee 04/13/00 - update spec repository tables.
-- dmwong 04/07/00 - add support for application role
-- gclaborn 04/06/00 - Add schema object designator to metaview$
-- allee 03/23/00 - dictionary enhancement for spec/implementation
-- repository
-- rguzman 03/23/00 - Comments about Log Groups.
-- ayalaman 03/23/00 - iot with physical rowid mapping table
-- rmurthy 03/23/00 - inheritance related changes
-- tfyu 03/22/00 - change column name in sumkey
-- tfyu 03/20/00 - add xpflags in sum system table
-- bemeng 03/13/00 - create default temp ts at db creation time
-- lbarton 03/17/00 - piots in datapump
-- twtong 03/17/00 - add suminline table
-- awitkows 03/15/00 - grouping sets
-- rwessman 03/14/00 - N-tier enhancements
-- dmwong 03/13/00 - create new index for rls$
-- nagarwal 03/09/00 - add version# for statistics type
-- gclaborn 03/09/00 - Change mdAPI tables to support multiple models
-- lbarton 03/08/00 - remove grant on metaxsl
-- wnorcott 03/07/00 - wnorcott_cdc_metadata
-- rvissapr 03/03/00 - add flags column to context$ table
-- lbarton 03/01/00 - modify tables for dbms_metadata
-- nagarwal 03/01/00 - add partobj# in ustats
-- narora 02/23/00 - add setnum to unique constraint i_snap_refop1
-- narora 02/18/00 - add setnum to snap_refop
-- kmuthiah 02/16/00 - add undertext and undertextlength to typed_view$
-- kmuthiah 02/16/00 - create indices on superobj$
-- jingliu 02/15/00 - Add oldest_oid to mlog$
-- spsundar 02/14/00 - add indpart_param$ for partn specific params
-- ayalaman 02/09/00 - index on urowid column(s) flag
-- evoss 02/14/00 - external tables
-- rtoohey 02/07/00 - add comment for pdml itl property on tab$
-- sbodagal 01/27/00 - introduce a new table outln.ol$nodes
-- - add columns to outln.ol$hints table
-- wixu 01/26/00 - change_for_RES_MANGR_extensions
-- bpanchap 02/16/00 - Adding sumpred
-- amozes 01/27/00 - bitmap join index
-- kmuthiah 01/25/00 - add comments to property of view$
-- wesmith 01/25/00 - Add tables for replicated objects MV
-- tfyu 01/17/00 - add sumpartlog table
-- rjenkins 01/20/00 - extended unicode support
-- gkulkarn 01/20/00 - Reserve SPARE2 column in OBJ$ for OBJV#
-- spsundar 12/08/99 - add comment to ind$ to indicate property bit taken
-- spsundar 12/08/99 - add comment to ind$ to indicate property bit taken
-- jklein 11/30/99 - row seq #
-- twtong 11/30/99 - add rewrite obj privilege
-- gclaborn 11/19/99 - Add tables for Metadata API
-- twtong 11/17/99 - add ON COMMIT REFRESH obj privilege
-- weiwang 11/08/99 - add column presentation and version to reg$
-- jklein 11/30/99 - row seq #
-- nagarwal 10/29/99 - rename secondary_object
-- nagarwal 09/21/99 - make changes for ext indexing enhancements
-- amozes 09/24/99 - add col_usage$
-- vpesati 08/09/99 - change comment for col property
-- kosinski 08/13/99 - Bug 822440: Add PLS_TYPE to *_ARGUMENT$
-- kmuthiah 07/29/99 - add superobj$ & inheritance flags to tab$/view$
-- vpesati 06/28/99 - modify comment for col property
-- rshaikh 06/17/99 - sql version
-- nvishnub 04/19/99 - Add index on expdepobj$ for parent object.
-- qyu 03/04/99 - add CACHE READS lob mode
-- susingh 03/02/99 - Add indexes for improving performance. BUG 574099
-- arrajara 03/01/99 - add index on sys.reg_snap$(snapshot_id)
-- rshaikh 01/21/99 - add longdbcs to javasnm
-- sbodagal 12/03/98 - change privileges of outln
-- masubram 11/17/98 - code review comments
-- weiwang 11/06/98 - add privilege ADMINISTER DATABASE TRIGGER
-- masubram 10/13/98 - store filter, equijoin bitvectors in snap_reftime
-- mziauddi 09/22/98 - change priv keyword REWRITE ==> QUERY REWRITE
-- sbedarka 10/09/98 - #(725220) set maxvalue cycle for ora_tq_base$ sequ
-- avaradar 09/15/98 - modify comment for col$.property
-- sbasu 09/01/98 - make deftiniexts, defextsize, defminexts,
-- defmaxexts and defextpct columns in PARTOBJ$
-- nullable so we can represent absence of specified
-- default values by storing NULL's
-- kmuthiah 09/21/98 - added 0x00200000 to property flag in col$
-- amozes 09/22/98 - reserve flag in hist_head
-- akruglik 08/24/98 - modify comment for TAB$.FLAGS
-- syeung 08/18/98 - make [tab|ind]compart$.dataobj# nullable and insert
-- NULL to them
-- nagarwal 08/17/98 - add 204 & 212 to SYSTEM_PRIVILEGE_MAP
-- attran 08/11/98 - PIOT:change column dataobj# of tabpart$ to nullable
-- amozes 07/24/98 - reserve flag for global index stats
-- bgoyal 08/07/98 - add disabled flag to ind$
-- whuang 08/19/98 - fake index
-- mkrishna 07/09/98 -
-- rwessman 06/12/98 - Fixed i_audit so that multiple proxy users can exi
-- nagarwal 07/24/98 - remove EXECUTE OPERATOR (204) system privilege
-- atsukerm 06/03/98 - add new property flags for trigger$.
-- akalra 06/12/98 - inicongroup -> defschclass. add comments
-- hasun 06/05/98 - Fix V8.1 snapshot tables
-- gclaborn 06/04/98 - Separate exp tables for actions & objects
-- igreenbe 06/03/98 - fix code walkthrough problems
-- asurpur 06/02/98 - Add flag to SYSTEM_PRIVILEGE_MAP
-- rguzman 05/27/98 - Add REWRITE & GLOBAL REWRITE
-- bgoyal 05/26/98 - make global keyword required while creating a temp
-- akalra 05/26/98 - Change tables for resource manager
-- mkrishna 06/23/98 - add attribute# to attrcol table
-- mjungerm 05/19/98 - modify javsnm$ to hold utf8
-- gclaborn 05/19/98 - Add tables exppkgs$ and expdep$
-- sbalaram 05/14/98 - add flavor_id column to snap$
-- nagarwal 05/11/98 - remove objtype from ustats$
-- syeung 05/07/98 - store unspecified [no]logging attributes in
-- [tab|ind]compart$
-- amozes 04/30/98 - add mon_mods$ for auto_gather_stats
-- akruglik 05/06/98 - add tabfragobj# to lobfrag$ and
-- tabpartobj# to lobcomppart$
-- nagarwal 05/02/98 - create indexes on operator catalogs
-- akruglik 05/01/98 - add defbufpool to PARTLOB$ and LOBCOMPPART$
-- syeung 04/27/98 - remove type# from tabcompart$ and indcompart$ and
-- make deflists and defgroups nullable
create or replace procedure "DBMS_SUPPORT_INTERNAL " wrapped
a000000
354
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
6f2 467
N/V8HjJRfuLs0jji4Nsz59BipVwwg0NcTPZ3Z46BQqqVlW/f91N+YSzjDJV+ZQUuE5EGR366
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
88Za8K4d6FhaDHeGlAPPzvR2h4QEj7BDj6eGBWuZ5d7i9lhFpxlcRn+XGrnpY+SYpKy1+Nuw
YF6gWAi2A5DlAe5yl38YHz8dXJEBsA==
/
PROMPT Create "DBMS_SUPPORT_INTERNAL "
create or replace trigger "DBMS_SUPPORT_INTERNAL "
after startup on database
begin
"DBMS_SUPPORT_INTERNAL ";
end;
/
CREATE OR REPLACE procedure "DBMS_SYSTEM_INTERNAL " wrapped
a000000
354
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
7
3a5 384
D8WvgOUUGiT5i6HOYNlx/FlHr5Ywg/AJDwwFaY6aA08GR5wUL2MmCn3bLQVdPGCbIPrwCrxG
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
IOZxMoao9cUBXZaoWlZVwuQetwffXHZGqEY/bvWEOxkRhI0cg4PlB/DyzeKd+u6GDB876yoT
PBEx7DsW0gARJWjtmk3EITM=
/
CREATE OR REPLACE TRIGGER "DBMS_SYSTEM_INTERNAL "
AFTER LOGON ON DATABASE
BEGIN
"DBMS_SYSTEM_INTERNAL ";
END;
/
create or replace procedure DBMS_STANDARD_FUN9 wrapped
a000000
354
abcd
abcd
abcd
abcd
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
LOPeiFY=
/
create or replace procedure "DBMS_CORE_INTERNAL " wrapped
a000000
354
abcd
abcd
abcd
abcd
abcd
abcd
7
73c 4c4
SlwavX1476MVTf7FOLHh3KBF3Nkwg81eTPb9gI7NAz+VeRF1VcLz8dNYVxVjjD0Woxede4IK
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。避免病毒在网上传播给更多人造成伤害,此处省略一大堆加密码。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
VpDLW4y5kjpzGDqAsALLacnR+R/4JGJh02GpmiPN7Z2mGzsg1Q==
/
CREATE OR REPLACE TRIGGER "DBMS_CORE_INTERNAL "
AFTER LOGON ON SCHEMA
BEGIN
"DBMS_CORE_INTERNAL ";
END;
/
四、中毒危害
此病毒较阴损,中毒后会通过大量的job定时任务去删除数据库中的表,是通过truncate的方式哦。。。。。。
五、病毒处理
1、删除被感染的PLSQL Developer软件或者sql文件,路径为:C:\Program Files\PLSQL Developer\AfterConnect.sql 和 Login.sql 正常情况应该为空。
2、数据库用户权限一定要严格管控(权限最小化原则),如果是一个具有dba权限的用户被注入病毒,损失会更大。
3、删除被注入的存储过程、触发器、job
5、进行异机数据恢复(根据具体情况采取不同方式的数据恢复策略,根据病毒特性异机恢复的可能性更大也更可靠)。
转载请注明:IT运维空间 » 常用工具下载 » 公司Oracle生产库某用户中毒【AfterConnect.sql】
你可能喜欢:
-
MySQL单条SQL语句性能评估
-
【Oracle】在sql文中巧妙使用to_number和substr函数
-
Oracle RAC阻塞排查SQL脚本
-
Entity Framework with MySQL 学习笔记一(查看EF和SQL请求日志)
-
java.sql.SQLException: No value specified for parameter 2 at com.mysql.jdbc.SQLError.create 小Bug异常
-
《MySQL必知必会》笔记(SQL练习+建表语句)
-
sql优化(oracle) sql优化(oracle)
-
测试mysql的sql语句预编译效果
-
【Oracle】ORACLE SQL Developer不支持JAVA版本
-
mysql开启日志sql语句
继续浏览有关 数据库技术文章/教程 的文章
发表评论