I have a computer I am working on that is infected by viruses in the system
files. I know there is a command to check the system files and replace
corrupt or missing ones with the originals. I am running antivirus on it
right now, but need this command. Anybody know what comman/app this is that
checks the system files?
Mike D.
The System File Checker will, by default on XP SP3, verify 3498 files
that XP considers important protected files. If it finds a problem or
the built in WIndows File Protection needs to replace a file, it will
do so quickly and silently and put an event in the Event Log something
like this:
Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Description:
File replacement was attempted on the protected system file c:\windows
\system32\taskmgr.exe.
This file was restored to the original version to maintain system
stability.
When sfc /scannow run successfully, you will only see a starting and
complete message in the Event Log. It can take a long time to run.
Note that sfc /scannow will not run in Safe Mode (try it) and will
generate this error if you try:
Windows File Protection could not initiate a scan of protected system
files.
The specific error code is 0x000006ba [The RPC server is
unavailable.].
You cannot start the RPC Server in Safe Mode either.
Unless your system has been compromised by malicious software or the
built in Windows File Protection function is broken SFC, should find
nothing to do. It will give you a good feeling if it runs without
finding anything. If it finds something to do, you have now or have
had some other problem.
If you have SP3 installed and only posses an SP1 or SP2 installation
CD, running sfc /scannow will complain - a lot.
This is because it is trying to match and compare files and the
installed SP does not match up with what is on the installation CD.
You can read about why and perhaps make an adjustment to get it to
work by reading this article. Whether it works or not depends on how
your system was built:
http://www.updatexp.com/scannow-sfc.html
To prevent these kinds of messages (not necessarily errors), you can
use your old XP installation CD to make a new installation CD with SP3
included (slipstream) and then run sfc /scannow using the up to date
CD as a reference. This slipstreamed CD is a good thing to have
anyway in case you need to fix something some other day.
Thinking that running sfc /scannow will work right out of the chute is
an expectation that generally exceeds reality unless you are prepared
in advance with an installation CD that matches your currently
installed service pack (usually you have to make such a CD).
It most certainly should run without a hitch when all the pieces are
in place and result in a warm fuzzy feeling, but I have personally
never seen it resolve any problem that was not caused by something
else and will never even recommend it, but that could just be me.
The advice to "run sfc /scannow" is rarely preceded by the "before you
run sfc /scannow..." advice so running it will almost always generate
more confusion, concern and questions shortly afterwards. Sometimes
the "Try running sfc /scannow in Safe Mode..." advice follows, but
that doesn't work either.
Please do try it though and see how you get on. It won't hurt
anything and you should want it to work. If it doesn't work, we can
try to make it work to make you feel better. It makes me feel better
to see it find nothing to do and not complain.
If you are having some particular issue of suspicious files, describe
what the issue is and we can help with that.
