Tuesday, November 13, 2012

QuickStart: System File Checker tool for Windows



Overview


The System File Checker tool (SFC) calculates a hash for each Windows system file, and compares it with the hash from the original system file. An un-modified version of all system files are kept in the Winsxs folder in Windows Vista and later. In Windows XP and earlier, you must use an OS CD to provide the SFC tool with an un-modified version of the system files. If desired, you can load a copy of the Windows XP CD onto the hard drive and point SFC to it using a registry key, but that is beyond the scope of this post.


Usage


I find this tool to be most useful after a malware infection. I always run it in this case just to make sure important Windows system files are intact. Of course, the only way to be completely sure you have a clean system after an infection is to re-install the OS. The SFC tool is also useful for cleaning up broken system files that have resulted from some kind of disk corruption.

These commands will work on all OSs, XP and newer.

Run a full verification & replacement scan


1. Open a command prompt
2. Enter:
sfc /scannow

Run a full verification scan


1. Open a command prompt
2. Enter:
sfc /verifyonly

Scan and replace a single file


1. Open a command prompt
2. Enter:
sfc /scanfile=c:\windows\system32\file.dll

Verify a single file without replacing it


1. Open a command prompt
2. Enter:
sfc /verifyfile=c:\windows\system32\file.dll


More information


See the following sites for more information on this tool and how to use it:

http://support.microsoft.com/kb/929833
http://support.microsoft.com/kb/185836
http://technet.microsoft.com/en-us/library/bb491008.aspx


No comments:

Post a Comment