Re: Question about CTX and a virus on our server

From: L C <lccronin_at_hotmail.com>
Date: Thu, 15 Sep 2005 16:33:51 GMT
Message-ID: <PnhWe.21981$Zv6.2956@trndny03>

"DA Morgan" <damorgan_at_psoug.org> wrote in message news:1126800519.288769_at_yasure...
> L C wrote:
> > Hello,
> >
> > Not an Oracle person so I apologize if this is the wrong group or my
> > question doesn't make sense, but we have an Oracle server that got a
couple
> > of viruses on it - Backdoor Trojan, IRC. This caused our CTX not to
start.
> > We cleaned the viruses and it still will not start.
> >
> > We start CTX by using the following batch file:
> >
> > cd C:\Oracle\Ora92\bin
> > ctxsrv.exe -user ctxsys/ctxsys_at_Database1
> >
> > We get a quick message that flashes something about authentication and
> > listener
> >
> > We have Oracle 9i on a 2003 Advanced server
> >
> > Any thoughts as to what I could try.
> >
> > Thanks Larry C
>
> Many. And the first is to get Windows off of any Oracle server.
> For that matter to get it off any server, Oracle or otherwise,
> used for a critical business process. All the expensive firewalls
> and virus checkers in the world have not even protected Microsoft
> itself. How do you expect to do better than they have?
>
> That said ... you didn't provide an error message so no help is
> possible. You need to read the alert log (in the bdump directory)
> and all of the full error message (including text) and then
> provide them here.
> --
> Daniel A. Morgan
> http://www.psoug.org
> damorgan_at_x.washington.edu
> (replace x with u to respond)

Thanks for the reply

Sorry for the length

Here is part of the log that calls an error message: ORA-313 signalled during: alter database open... Shutting down instance: further logons disabled Shutting down instance (immediate)
License high water mark = 3
All dispatchers and shared servers shutdown Wed Sep 14 12:15:42 2005
alter database close normal
ORA-1109 signalled during: alter database close normal... Dump file c:\oracle\admin\obian\bdump\alert_obian.log Wed Sep 14 12:17:04 2005
ORACLE V9.2.0.1.0 - Production vsnsta=0
vsnsql=12 vsnxtr=3
Windows 2000 Version 5.2 Service Pack 1, CPU type 586 Wed Sep 14 12:17:04 2005
Starting ORACLE instance (normal)
LICENSE_MAX_SESSION = 0
LICENSE_SESSIONS_WARNING = 0
SCN scheme 2
Using log_archive_dest parameter default value LICENSE_MAX_USERS = 0
SYS auditing is disabled
Starting up ORACLE RDBMS Version: 9.2.0.1.0. System parameters with non-default values:

  processes                = 150
  timed_statistics         = TRUE
  shared_pool_size         = 50331648
  large_pool_size          = 8388608
  java_pool_size           = 33554432
  control_files            = C:\oracle\oradata\OBIAN\CONTROL01.CTL,
C:\oracle\oradata\OBIAN\CONTROL02.CTL, C:\oracle\oradata\OBIAN\CONTROL03.CTL
  db_block_size            = 8192
  db_cache_size            = 25165824
  compatible               = 9.2.0.0.0

  db_file_multiblock_read_count= 16

  fast_start_mttr_target   = 300
  undo_management          = AUTO
  undo_tablespace          = UNDOTBS1
  undo_retention           = 10800
  remote_login_passwordfile= EXCLUSIVE
  db_domain                =
  instance_name            = OBIAN
  dispatchers              = (PROTOCOL=TCP) (SERVICE=OBIANXDB)
  job_queue_processes      = 10
  hash_join_enabled        = TRUE
  background_dump_dest     = C:\oracle\admin\OBIAN\bdump
  user_dump_dest           = C:\oracle\admin\OBIAN\udump
  core_dump_dest           = C:\oracle\admin\OBIAN\cdump
  sort_area_size           = 524288
  db_name                  = OBIAN
  open_cursors             = 300

  star_transformation_enabled= FALSE

  query_rewrite_enabled    = FALSE
  pga_aggregate_target     = 25165824
  aq_tm_processes          = 1
PMON started with pid=2
DBW0 started with pid=3
LGWR started with pid=4
CKPT started with pid=5
SMON started with pid=6
RECO started with pid=7

CJQ0 started with pid=8
QMN0 started with pid=9
Wed Sep 14 12:17:07 2005
starting up 1 shared server(s) ...
starting up 1 dispatcher(s) for network address '(ADDRESS=(PARTIAL=YES)(PROTOCOL=TCP))'... Wed Sep 14 12:17:07 2005
alter database mount exclusive
Wed Sep 14 12:17:12 2005
Successful mount of redo thread 1, with mount id 3369701443. Wed Sep 14 12:17:12 2005
Database mounted in Exclusive Mode.
Completed: alter database mount exclusive Wed Sep 14 12:17:12 2005
alter database open
Wed Sep 14 12:17:12 2005
Errors in file c:\oracle\admin\obian\bdump\obian_dbw0_2108.trc:

ORA-01157: cannot identify/lock data file 201 - see DBWR trace file
ORA-01110: data file 201: 'C:\ORACLE\ORADATA\OBIAN\TEMP01.DBF'
ORA-27041: unable to open file
OSD-04002: unable to open file
O/S-Error: (OS 2) The system cannot find the file specified.

Here is the error message:
Dump file c:\oracle\admin\Database1\bdump\Database1_dbw0_2108.trc Wed Sep 14 12:17:12 2005
ORACLE V9.2.0.1.0 - Production vsnsta=0
vsnsql=12 vsnxtr=3
Windows 2000 Version 5.2 Service Pack 1, CPU type 586 Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production With the Partitioning, OLAP and Oracle Data Mining options JServer Release 9.2.0.1.0 - Production
Windows 2000 Version 5.2 Service Pack 1, CPU type 586 Instance name: Database1

Redo thread mounted by this instance: 1

Oracle process number: 3

Windows thread id: 2108, image: ORACLE.EXE

• SESSION ID:(2.1) 2005-09-14 12:17:12.000 ORA-01157: cannot identify/lock data file 201 - see DBWR trace file ORA-01110: data file 201: 'C:\ORACLE\ORADATA\Database1\TEMP01.DBF' ORA-27041: unable to open file OSD-04002: unable to open file O/S-Error: (OS 2) The system cannot find the file specified.

Received on Thu Sep 15 2005 - 11:33:51 CDT