Restore System Files
in [Windows XP Basics]
|
Prev: Window control elements (minimize, maximize, close, scroll bars, etc) are screwed up
Next: Shell32.dll Ocupied by address range for system dll
From: Michael Dobony on 20 Feb 2010 14:26 I have a computer I am working on that is infected by viruses in the system files. I know there is a command to check the system files and replace corrupt or missing ones with the originals. I am running antivirus on it right now, but need this command. Anybody know what comman/app this is that checks the system files? Mike D.
From: 20100220 on 20 Feb 2010 14:50 It is called Systems File Checker (sfc.exe). I suggest read this article: <http://support.microsoft.com/kb/310747> Sfc [/Scannow] [/Scanonce] [/Scanboot] [/Revert] [/Purgecache] [/Cachesize=x] hth "Michael Dobony" <survey(a)stopassaultnow.net> wrote in message news:12exdy76xnjzo.1ni5jmnntqq4f$.dlg(a)40tude.net... >I have a computer I am working on that is infected by viruses in the system > files. I know there is a command to check the system files and replace > corrupt or missing ones with the originals. I am running antivirus on it > right now, but need this command. Anybody know what comman/app this is > that > checks the system files? > > Mike D.
From: Jim on 20 Feb 2010 16:07 sfc /scannow You will need a distribution CD which has the same version as your computer. Jim "Michael Dobony" <survey(a)stopassaultnow.net> wrote in message news:12exdy76xnjzo.1ni5jmnntqq4f$.dlg(a)40tude.net... >I have a computer I am working on that is infected by viruses in the system > files. I know there is a command to check the system files and replace > corrupt or missing ones with the originals. I am running antivirus on it > right now, but need this command. Anybody know what comman/app this is > that > checks the system files? > > Mike D.
From: Jose on 20 Feb 2010 18:15 On Feb 20, 2:26 pm, Michael Dobony <sur...(a)stopassaultnow.net> wrote: > I have a computer I am working on that is infected by viruses in the system > files. I know there is a command to check the system files and replace > corrupt or missing ones with the originals. I am running antivirus on it > right now, but need this command. Anybody know what comman/app this is that > checks the system files? > > Mike D. The System File Checker will, by default on XP SP3, verify 3498 files that XP considers important protected files. If it finds a problem or the built in WIndows File Protection needs to replace a file, it will do so quickly and silently and put an event in the Event Log something like this: Event Type: Information Event Source: Windows File Protection Event Category: None Event ID: 64002 Description: File replacement was attempted on the protected system file c:\windows \system32\taskmgr.exe. This file was restored to the original version to maintain system stability. When sfc /scannow run successfully, you will only see a starting and complete message in the Event Log. It can take a long time to run. Note that sfc /scannow will not run in Safe Mode (try it) and will generate this error if you try: Windows File Protection could not initiate a scan of protected system files. The specific error code is 0x000006ba [The RPC server is unavailable.]. You cannot start the RPC Server in Safe Mode either. Unless your system has been compromised by malicious software or the built in Windows File Protection function is broken SFC, should find nothing to do. It will give you a good feeling if it runs without finding anything. If it finds something to do, you have now or have had some other problem. If you have SP3 installed and only posses an SP1 or SP2 installation CD, running sfc /scannow will complain - a lot. This is because it is trying to match and compare files and the installed SP does not match up with what is on the installation CD. You can read about why and perhaps make an adjustment to get it to work by reading this article. Whether it works or not depends on how your system was built: http://www.updatexp.com/scannow-sfc.html To prevent these kinds of messages (not necessarily errors), you can use your old XP installation CD to make a new installation CD with SP3 included (slipstream) and then run sfc /scannow using the up to date CD as a reference. This slipstreamed CD is a good thing to have anyway in case you need to fix something some other day. Thinking that running sfc /scannow will work right out of the chute is an expectation that generally exceeds reality unless you are prepared in advance with an installation CD that matches your currently installed service pack (usually you have to make such a CD). It most certainly should run without a hitch when all the pieces are in place and result in a warm fuzzy feeling, but I have personally never seen it resolve any problem that was not caused by something else and will never even recommend it, but that could just be me. The advice to "run sfc /scannow" is rarely preceded by the "before you run sfc /scannow..." advice so running it will almost always generate more confusion, concern and questions shortly afterwards. Sometimes the "Try running sfc /scannow in Safe Mode..." advice follows, but that doesn't work either. Please do try it though and see how you get on. It won't hurt anything and you should want it to work. If it doesn't work, we can try to make it work to make you feel better. It makes me feel better to see it find nothing to do and not complain. If you are having some particular issue of suspicious files, describe what the issue is and we can help with that.
From: glee on 20 Feb 2010 23:44
"Michael Dobony" <survey(a)stopassaultnow.net> wrote in message news:12exdy76xnjzo.1ni5jmnntqq4f$.dlg(a)40tude.net... >I have a computer I am working on that is infected by viruses in the >system > files. I know there is a command to check the system files and replace > corrupt or missing ones with the originals. I am running antivirus on > it > right now, but need this command. Anybody know what comman/app this is > that > checks the system files? Mike, You've gotten some good explanations on how to run SFC to do what you describe. The problem is if you have infected system files, the chances are good you have root kits that hide themselves, and SFC running in Windows will NOT be able to replace them, and probably will not even be able to detect them. Using SFC from Windows, in an attempt to remove infected system files, is going to be, in all likelihood, an exercise in futility. You *may* be able to remove some of this type of infection with a program like Malwarebytes Anti-Malware (MBAM), but if root kits are present, MBAM (or any scan run while Windows is running) is simply not going to be able to detect and/or remove them. In that case, you would have to run an updated virus scan from a bootable CD, while Windows was not loaded. Avira makes one such disc creator, the Avira Rescue System. On severely infected systems, even a successful removal from outside Windows cannot guarantee your computer is totally clean, and a format and re-load is then the best solution. I hope this helps. -- Glen Ventura, MS MVP Oct. 2002 - Sept. 2009 A+ http://dts-l.net/ |