Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System File Checker - Use it!


  • Please log in to reply
16 replies to this topic

#1 Dude4ever

Dude4ever

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 08 September 2013 - 02:44 AM

Hi everyone.

 

I would like to provide a simple tool for utilizing the power in the System File Checker.

This topic may be appropriate for several forums, but my intention is to provide this as a

anti-malware tool, and a way to increase the security and integrity of a system.

 

This is my first post, so go gentle on me :notanangel:

 

For those who are unfamiliar with this tool, it is called SFC.exe and is integrated in Windows,

located in both "%SystemRoot%\system32" and "%SystemRoot%\sysWOW64".

 

Running this program from an elevated command prompt (cmd), you can repair protected system files in a flash,

you may not even be aware of corrupted or malware-replaced files.

 

I have seen sfc.exe find corrupted system files after a clean Windows install, and it can also happen

when the vast majority of updates are applied in the beginning.

That means your system could have errors that lowers the security, or at least makes your system unstable

over time, from day 1. If you have a oldish computer, chances are your system files is compromised...

 

So

I have composed a Batch-file that have these advantages:

   1: Provokes UAC and asks for administrator-rights by itself - click yes on the secure desktop

   2: Just right-click and choose paste when your Win-directory shows up, and SFC starts automatically!

 

The "readme" is included in the batch-file if there is a problem with repairing.

I can not attach my file, so you'll have to copy ALL of the following text into Notepad, and save it as "SFC.bat":

(You may want to disable word-wrap under "format" option before you paste and save the text)

(Verify that the double :: is in front of every remark in the ReadMe part before you save to avoid errors)

 

 

::  ReadMe Start

::

:: If the tool System File Checker is unable to repair a file, do the following:
::
:: At a elevated command prompt, write the following and press ENTER:
::
::    takeown /f Path_and_filename
::    EXAMPLE: takeown /f E:\windows\system32\jscript.dll.
::
:: Write the following command and press ENTER to give administrators full access to the file:
::
::    icacls Path_and_filename /GRANT ADMINISTRATORS:F
::    EXAMPLE: icacls E:\windows\system32\jscript.dll /grant administrators:F.
::
:: Enter the following command to replace the file with a copy of the file that works:
::
::    Copy Path_and_filename_of_sourcefile Path_and_filename_of_target
::    EXAMPLE: copy E:\temp\jscript.dll E:\windows\system32\jscript.dll.
::________________________________________________________________________________________________________
::
:: Use the System File Checker (sfc.exe) to determine which file is causing the issue. Replace the file. To do this, follow these steps:
::
:: Open an elevated command prompt. Click Start, point to All Programs, click Accessories, right-click Command Prompt,
:: and then click Run as administrator. If you are prompted for an administrator password or confirmation, type the password, or click Allow.
:: Type the following command, and then press ENTER:
::
::    Sfc.exe /scannow
::    Command sfc.exe /scannow will search all protected system files and replaces incorrect versions with correct Microsoft versions.
::
:: Do the following to determine which files could not be repaired by the System File Checker:
::
:: Open an elevated command prompt.
:: Type the following command, and then press ENTER:
::
:: Findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >sfcdetails.txt
::
::   PS! Sfcdetails.txt file contains information from every time the System File Checker was run on the computer.
::   The file contains information about files that were not repaired by the System File Checker.
::   Check the date and time to find problem files which was found the last time you ran the System File Checker.
::   Type the following command, and then press ENTER:
::
::      Edit sfcdetails.txt
::      Sfcdetails.txt file uses the following format:
::      Date/Time SFC detail

::
::  ReadMe End

:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
@echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
if '%1'=='ELEV' (shift & goto gotPrivileges)  
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B

:gotPrivileges
::::::::::::::::::::::::::::
:START
::::::::::::::::::::::::::::
setlocal & pushd "%SystemRoot%\"

::CODE HERE:

pause
echo sfc.exe /scannow>>%temp%\sfcpaste.txt
clip < %temp%\sfcpaste.txt
echo.
echo Copied SFC command to clipboard!
echo.
pause
del %temp%\sfcpaste.txt

ECHO.
ECHO ========================================================
ECHO Right-click inside this window and choose "Paste" or...
ECHO Write "sfc.exe /scannow":
ECHO ========================================================
ECHO.
cmd /k

 

 

That's it.

I hope others find this as useful as I do :rolleyes:

The admin script is useful for other things as well,

but for that it should go under programming.

 

-Erik


Edited by Elise, 08 September 2013 - 05:42 AM.
Moved from Antivirus/Antimalware forum to Tips and Tricks


BC AdBot (Login to Remove)

 


#2 d.stroyer

d.stroyer

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Who want's to know?
  • Local time:01:46 AM

Posted 10 September 2013 - 07:31 PM

Good job dude!Right on the $



#3 Dude4ever

Dude4ever
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 12 September 2013 - 02:38 AM

I'm glad it works ;)

Some of these scripts does not work if UAC already is turned off, or when it is ran on Win XP.

 

But this in particular is tested in both XP and Win7, and should work with any windows platform.



#4 Korkel

Korkel

  • Banned
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 AM

Posted 13 September 2013 - 07:57 AM

Can someone tell if this is save?



#5 Dude4ever

Dude4ever
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 18 September 2013 - 12:40 PM

The whole file is open-source Korkel. Breakdown: 1. ReadMe part does absolutely nothing because of the double colons at the beginning of all comments = :: 2. :checkPrivileges is a lable that skips right to an elevated cmd prompt if UAC is turned off or if Win XP is the OS 3. :getPrivileges is the core script, creates this file: "%temp%\OEgetPrivileges.vbs" line 1 in VBS script -> Set UAC = CreateObject^("Shell.Application"^) line 2 in VBS script -> UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 - Where !batchPath! is the location you saved my "SFC.bat" file. - shell application is the cmd.exe, and "runas" 1 is Run As Administrator 4. I then simply added the sfc.exe /scannow command to a text-file in the default Temp folder and makes cmd copy the command to the clipboard, then deleting the text-file at the same time as the instructions shows up :-) So you may add in this batch file whatever you want. But to delete the VBS-script file witch remains, just add a new line under "del %temp%\sfcpaste.txt", and write: del %temp%\OEgetPrivileges.vbs Regarding the "sfc.exe" file we want to run - this is a standard command line tool native to windows, and are not created by running this script, nor is it modifyed, it is just required to run it with administrator privileges. It is actually just making you more lazy at the worst... Hope this helps :) -Erik

#6 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 14 October 2013 - 08:10 AM

A good thread!!!

SFC is a fine program :)

#7 Erin Walsh

Erin Walsh

  • Banned Spammer
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:46 AM

Posted 15 December 2013 - 04:03 PM

That sure was a good fix.  I have saved it for later reference when needed.

 

Not bad for a first post, Dude!  Trying to muster up my knowledge-base and courage to get my first one done. 

 

You are an inspiration,

Erin 



#8 Dude4ever

Dude4ever
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 15 December 2013 - 10:38 PM

Wow, thank you Erin :)

I'm really honored by your kind words :)

 

What exactly are you reffering to, getting your first one done?

 

Unfortunately I have not been very active on Bleeping lately

I have been working on my programming-skills, working a lot on my regular job, and in addition I'm having a car project and are still in the start-phase of 2 business ideas :P

sound like a lot, but it's just the right kind of urgency that it's still fun, and not stressful :) But I may have to reverse the order of the above to actually finance the plans, oh well ;)

 

Here is a instruction for prompting a user to run any program of choice; My example is for the Malwarebytes' AntiMalware free version, that has no scheduling of scans before upgrading to Pro-version:

 

1. - Press Start(win7 or Vista) to display search-line -> Type: Taskschd.msc and press enter

    - Win8; press "Flag button" + C to bring up the Charm bar, Left-click on Search button, Left-click on Apps in Search -> Type Task Scheduler in the Search field

 

2. Click the Library folder under the parent "Local"

 

3. Right-click in the white-space of the listed tasks, or find "create new task" (or similar) on the right side of the window, and create a new task.

 

4. It's a lot of settings you can modify, but you want to set these at least:

(I have a norwegian OS, so my translations may be slightly wrong, but will point to understandable actions, hopefully)

 

        - Name. Example: "MalwareBytes Autostart/Scanreminder"

        - If it is MBAM you want to schedule to run, Check the "Run with highest privileges/rights" checkbox

        - Go to the "Trigger" settings, create new trigger, set it to weekly or monthly and some start day or date, it will be default Active - that's it for that -> click OK

        - Go to the "Action" settings (next fan), ->New action -> Default is "start a program" -> Browse... -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" -> OK.

 

5. Now a little tweak I will share with you; you can add a script to start at the same time, to display a message as a reminder for scanning your computer (in this example).

    - Open Notebook

    - Type the following (or copy from here):

 

@echo off

cls

msg USERONCOMPUTER Hey Steve!(<- Real name of user, as example) Run manually a full scan with MalwareBytes now, recommended at least monthly! Buy PRO for ultimate protection!(<- Message can be whatever you want after the "msg USER..." )

cmd /c

 

    - USERONCOMPUTER has to be changed to the username that is active on the OS (not the hostname), you find it if you press Start and look in the upper-right corner (fast method, or for those who do not know this)

    - Save this, choosing: Save As.. -> change list on the bottom to All files -> name the file "MbamScanmsg.bat" (use any name, just remember the .bat ending) -> Save in "C:\Program Files (x86)\Malwarebytes' Anti-Malware\"

 

6. Go to the "Action" settings in the same Task you created, ->New action -> Default is "start a program" -> Browse... -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\MbamScanmsg.bat" -> Move to top -> OK.

 

Then a messagebox will show your message to-self, or to your friend if you helped him/her setting up their computer, reminding to scan your computer at the same time MBAM starts :)

AND, it will skip UAC because of the "Run with highest privileges/rights" checkbox was enabled.

 

I used this because I sat up a laptop for somebody that I know, but couldn't give them the instructions personally. Then the first sunday of every month, they will get this message from me and my business partner, and we provided

our mobile phone number at the end of the message also; like: "Call us for support: 991 99 991"

 

Hope this will serve as an convenience :)

 

- Erik



#9 Erin Walsh

Erin Walsh

  • Banned Spammer
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:46 AM

Posted 22 December 2013 - 05:26 PM

Hey Erik,

 

More good notes from you...thanks.  My mention of your first post came from your saying, "This is my first post, so go gentle on me :notanangel:" (Erik, Sept. 8, 2008).  However, it is so cool that you are still following up on this.  And, gives me encouragement on being able to do some good here in the next few years in following your example. 

 

It sounds like you've been way busy!  I have cut and paste this knowledge as well for future reference and want to share it with a friend who has had some similar problems.   Hope all your projects are successful in 2014!



#10 Dude4ever

Dude4ever
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 22 December 2013 - 11:56 PM

I'm glad that I can share experiences that is found useful! :) This is absolutely "open source" that you can copy and paste from this posts, I encourage to do so.

I merely did so myself, the batch-files provided is widely composed from resources found off the internet, but I have modified and tested these "new" versions myself ;)

 

Absolutely pursue your goals that you describe Erin, the world needs people like you that wants to take the computer-bulls by the horns ;)

 

If you or anyone have any questions at all, feel free to send me a message. Maybe anyone have a suggestion for a handy program or batch-file I could try to put together?

I may also be able to help with numerous computer issues not related to malware, as I'm finding time to help out in this community, I aim to apply to the Malware Study Hall so that I can help people with malware infections through Bleeping

as well.

 

I know forums like this is all about staying on topic, so I want to say that the above method of making a message pop up on any given time, could with great advantage describe in short the use of SFC.EXE /SCANNOW:

Example:

 

@echo off

msg USERONCOMPUTER "Hey Steve Thaman Computor! To ensure the integrity of your OS: Press '"'Start'"', type '"'cmd'"' in search field, then press: '"'ctrl'"'+'"'shift'"'&'"'Enter'"', choose '"'yes'"' when UAC asks, in cmd type: '"'sfc /scannow'"' & hit '"'Enter'"' -Regards PCadmin"

cmd /c

 

I just found that there is a limit of 273 characters in such a message ;)

It may be difficult to tell, but there also has to be used special "escape characters" when you compose a text in cmd, I had to use ' on either side of the " to actually show the symbol.

Further escape sequences can be found here: http://www.robvanderwoude.com/escapechars.php

But it helps a lot to encapsulate the whole message in " "  ;)

 

Make this pop up once a year or every six-months ;)

 

-Erik



#11 dannyo669

dannyo669

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 10 January 2014 - 06:03 PM

This is a great thread man. Thanks a lot for making this!



#12 Dude4ever

Dude4ever
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 08 March 2016 - 01:57 AM

Hello guys!

 

There is a need for an update regarding the SFC script.

You may have noticed that Windows 8 and beyond does not allow double-clicking of script-files (If the commands within it requires elevation).

You need to Right-Click and choose "Run as Administrator" on the .BAT file. From there it will verify the elevation yet again by itself.

 

The most important update is the addition of the "Deployment Image Servicing and Management" or DISM Tool for Windows 8 and up.

This tool COMBINED with the SFC Tool is a powerhouse for fixing problems automatically in the Windows system.

I have added the option to choose if and when you want to run both the SFC Tool and the DISM Tool.

 

You should always try to run the SFC tool FIRST. If you have problems with Windows Update in Win8 and up, there is a built-in troubleshooter

you have to run before you try to use the DISM Tool. (Control Panel -> Troubleshooting -> TheOptionThatSuitsYou)

But basically, if SFC tells you after it's scan that it couldn't repair some files, you start the script again and choose the Win8 option to run the DISM Tool :)

 

Here is the updated script:

 

:: System File Checker & DISM Tool - Ease Of Use Script by Dude4ever
:: ***************************************************************************************
:: - Automatic CMD elevation to run as Administrator.
:: - The chosen command is copied to clipboard.
:: - Easy instructions and automatic activation.
:: - Just "Paste" and let the tools do the job.
::
:: ===README===
::
:: If the tool System File Checker is unable to repair a file, do the following:
::
:: At a elevated command prompt, write the following and press ENTER:
::
::    takeown /f Path_and_filename
::    EXAMPLE: takeown /f E:\windows\system32\jscript.dll.
::
:: Write the following command and press ENTER to give administrators full access to the file:
::
::    icacls Path_and_filename /GRANT ADMINISTRATORS:F
::    EXAMPLE: icacls E:\windows\system32\jscript.dll /grant administrators:F.
::
:: Enter the following command to replace the file with a copy of the file that works:
::
::    Copy Path_and_filename_of_sourcefile Path_and_filename_of_target
::    EXAMPLE: copy E:\temp\jscript.dll E:\windows\system32\jscript.dll.
::________________________________________________________________________________________________________
::
:: Use the System File Checker (sfc.exe) to determine which file is causing the issue. Replace the file. To do this, follow these steps:
::
:: Open an elevated command prompt. Click Start, point to All Programs, click Accessories, right-click Command Prompt,
:: and then click Run as administrator. If you are prompted for an administrator password or confirmation, type the password, or click Allow.
:: Type the following command, and then press ENTER:
::
::    Sfc.exe /scannow
::    Command sfc.exe /scannow will search all protected system files and replaces incorrect versions with correct Microsoft versions.
::
:: Do the following to determine which files could not be repaired by the System File Checker:
::
:: Open an elevated command prompt.
:: Type the following command, and then press ENTER:
::
:: findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >sfcdetails.txt
::
:: findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
::
::
::   PS! Sfcdetails.txt file contains information from every time the System File Checker was run on the computer.
::   The file contains information about files that were not repaired by the System File Checker.
::   Check the date and time to find problem files which was found the last time you ran the System File Checker.
::   Type the following command, and then press ENTER:
::
::      Edit sfcdetails.txt
::      Sfcdetails.txt file uses the following format:
::      Date/Time SFC detail
::
:: ***************************
:: UPDATE UPDATE UPDATE UPDATE
:: ***************************
::
:: DISM Commands: DISM /Online /Cleanup-Image [/RestoreHealth] [/ScanHealth]
::
:: ===SCRIPT===


:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
@echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================
ECHO.
ECHO.

:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges
if '%1'=='ELEV' (shift & goto gotPrivileges)  
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************

setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B

:gotPrivileges
::::::::::::::::::::::::::::
:START
::::::::::::::::::::::::::::
setlocal & pushd "%SystemRoot%\System32\"

::CODE HERE:

pause

:Ask
ECHO ==========================================================
ECHO Do you want to run DISM Tool for Windows 8/10?       (Y/N)
ECHO (Use only if SFC fails to repair files in Win 8/10)
ECHO ==========================================================
ECHO.
set INPUT=
set /P INPUT=Type answer: %=%
If /I "%INPUT%"=="y" goto yes
If /I "%INPUT%"=="n" goto no
echo Incorrect input... & goto Ask

:yes
echo DISM /Online /Cleanup-Image /RestoreHealth>>%temp%\DISMpaste.txt
clip < %temp%\DISMpaste.txt
echo.
echo Copied DISM RestoreHealth command to clipboard!
echo.
pause
del %temp%\DISMpaste.txt
goto done

:no
echo sfc.exe /scannow>>%temp%\sfcpaste.txt
clip < %temp%\sfcpaste.txt
echo.
echo Copied SFC command to clipboard!
echo.
pause
del %temp%\sfcpaste.txt

ECHO.
ECHO ========================================================
ECHO Right-click inside this window and choose "Paste" or...
ECHO Write "sfc.exe /scannow":
ECHO ========================================================
ECHO.
cmd /k

:done
ECHO.
ECHO ========================================================
ECHO Right-click inside this window and choose "Paste" or...
ECHO Write "DISM /Online /Cleanup-Image /RestoreHealth":
ECHO ========================================================
ECHO.
cmd /k

 

 

 

That's it guys. The DISM command is a lot longer than SFC, and when you read the "Readme" Update, you see how to only scan but not repair your system with DISM, if you want to analyze first.

 

-Erik



#13 gtrejo

gtrejo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 08 June 2016 - 11:16 AM

Thanks for posting this! Very useful information.



#14 Dude4ever

Dude4ever
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:08:46 AM

Posted 10 June 2016 - 07:52 AM

You are welcome! ^^,

Everyone, just ask if there is questions or whatever :welcome:



#15 Ridernyc

Ridernyc

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 11 June 2016 - 03:55 PM

Glad to see you keeping this up to date.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users