Salesforce

Database broker fails to start database with error (44) due to Locky virus.

Printable View
« Go Back

Information

 
TitleDatabase broker fails to start database with error (44) due to Locky virus.
URL NameDatabase-broker-fails-to-start-database-with-error-44-due-to-Locky-virus
Article Number000183866
EnvironmentProduct: OpenEdge
Version: 10.x, 11.x
OS: Windows
Other: Database
Question/Problem Description
Database broker fails to start database with error (44).

Restoring the database works then fails again afterwards.


 
Steps to Reproduce
Clarifying Information
Files with format 77317D93DE39AAF780615EC724BC4C6E.locky  are generated in the directory.

Newer strain of the virus create files with UUID with the extension .zepto 

Newer strain of the virus generates a _2_HELP_instructions.html file.
Error Message** Database has the wrong version number. (db: <value>, pro: <value>). (44)
** Database has the wrong version number. (db: 21845, pro: 21677). (44)
Defect Number
Enhancement Number
Cause
The machine is infected with the Locky virus. It has been observed so far that it encrypts the .db file and causes a wrong version number error.
Resolution
To recover from this problem try the following:
 
1) Make sure the machine is disinfected.

2) Make an OS  backup of the database files.

3) Delete the database .db file.

4) From proenv run the command:

 prostrct builddb  <database name>

5) Verify the database by starting it in single user mode using the command:

 pro <database name> -p dict.p

6) If you still have a problem restore from the last good backup.

Note: This virus seems to spread through the network so all the connected machines need to be scanned for virus to avoid future problems. 

Unix file systems that use Samba to be accessible to Windows are vulnerable to a Windows infected machine.
Workaround
Notes
Keyword Phrase
Last Modified Date11/20/2020 7:21 AM
Powered by