sfc /scannow found corrupt files
Windows 7 Home Premium SP1 ran sfc /scannow. Message Windows Resource Protection found corrupt files but was unable to fix some of them...attached is the log.
I ran this because Norton 360 came across Trojan.zbot. The computer was then painfully slow and would hang. I did a system restore which seemed to resolve the issue. I've been running many scans with no sign of it or anything else. Considering doing ComboFix to be sure.
In regards to the sfc message - I ran a fix I came across a while ago - dism /online /cleanup-image /restorehealth - but I am getting error: 87. I've tried researching it to no avail. This has happened on a couple of other machines as well.
Any suggestions.
Thanks,
Mags
dism.log
I ran this because Norton 360 came across Trojan.zbot. The computer was then painfully slow and would hang. I did a system restore which seemed to resolve the issue. I've been running many scans with no sign of it or anything else. Considering doing ComboFix to be sure.
In regards to the sfc message - I ran a fix I came across a while ago - dism /online /cleanup-image /restorehealth - but I am getting error: 87. I've tried researching it to no avail. This has happened on a couple of other machines as well.
Any suggestions.
Thanks,
Mags
dism.log
ASKER
What about a repair install?
First, DISM is not a Windows 7 tool - Windows 8 and above.
Second, SFC can always be run twice, because corruption will often be fixed in the second run.
Third, Repair Install is a good method but only if you are sure you have cleared out the malware and have no root kit viruses (TDS Killer to check).
If you cannot clear the malware completely, then (as above) back up and reinstall Windows.
Second, SFC can always be run twice, because corruption will often be fixed in the second run.
Third, Repair Install is a good method but only if you are sure you have cleared out the malware and have no root kit viruses (TDS Killer to check).
If you cannot clear the malware completely, then (as above) back up and reinstall Windows.
personally i never do repair installs....i don't like the idea of repairing a corrupt system and getting a ton of leftovers and wrong registry settings...
If the setup is absolutely critical to you then yes you should try to fix it but if you have the time i reckon it would be best to format your system and start from scratch...
If you want a newly formatted system and you are afraid of loosing your hard to get settings there is always the option of taking a complete image of your system and do a P2V conversions so that your old system will continue to "live" until everything is set as it should....
If the setup is absolutely critical to you then yes you should try to fix it but if you have the time i reckon it would be best to format your system and start from scratch...
If you want a newly formatted system and you are afraid of loosing your hard to get settings there is always the option of taking a complete image of your system and do a P2V conversions so that your old system will continue to "live" until everything is set as it should....
ASKER
Hi John
First - I have run DISM on several Windows 7 computers with great success. The information I have received is that it works for Windows 7 and 8.
Second - I have run it twice...was going to try a third time
Third - Will run TDSSkiller...on my list.
For my information - I have done System Restores to resolve less damaging malware but I always find remnants. Why is this?
From what I am hearing from you both is that since it was infected with a Trojan and even though I did a successful SR it may still have damage. Am I understanding you correctly? Is there really a absolute way to know that the Trojan is gone? Norton 360 who found it a couple of days ago does not find it after the SR.
Thank you for your assistance.
First - I have run DISM on several Windows 7 computers with great success. The information I have received is that it works for Windows 7 and 8.
Second - I have run it twice...was going to try a third time
Third - Will run TDSSkiller...on my list.
For my information - I have done System Restores to resolve less damaging malware but I always find remnants. Why is this?
From what I am hearing from you both is that since it was infected with a Trojan and even though I did a successful SR it may still have damage. Am I understanding you correctly? Is there really a absolute way to know that the Trojan is gone? Norton 360 who found it a couple of days ago does not find it after the SR.
Thank you for your assistance.
ASKER
John in running TDSSkiller are there any changes to the parameters?
Thanks!
Thanks!
Here is the TDSKiller overview guide.
http://www.malwareremovalguides.info/how-to-use-kaspersky-tdsskiller/
There are checkboxes in the GUI you can consider.
And, yes, I can confirm I have DISM running on my Windows 7 machine (Scanhealth benign mode). I had thought it was Windows 8, so thank you for the correction.
http://www.malwareremovalguides.info/how-to-use-kaspersky-tdsskiller/
There are checkboxes in the GUI you can consider.
And, yes, I can confirm I have DISM running on my Windows 7 machine (Scanhealth benign mode). I had thought it was Windows 8, so thank you for the correction.
In these days Trojans/malware/viruses get harder and harder to detect....
A list for detection would go
MBAM
HitMan Pro
Combofix
Sophos Offline Antivirus
A list for detection would go
MBAM
HitMan Pro
Combofix
Sophos Offline Antivirus
ASKER
Thanks for the info on TDSSkiller John.
tsgiannis I have run MBAM and Hitman and asked about Combofix. Haven't run Sophos in a while.
This is another client who would prefer not to do a clean install with all that they have loaded.
Is there a way a program such as Acronis can be used to reinstall programs, file and folders on to a clean install?
tsgiannis I have run MBAM and Hitman and asked about Combofix. Haven't run Sophos in a while.
This is another client who would prefer not to do a clean install with all that they have loaded.
Is there a way a program such as Acronis can be used to reinstall programs, file and folders on to a clean install?
ASKER
Ran TDSSKiller - 2 unsigned files - service: wltrysvc and File: C:\Program\Broadcom 802.11\WLTRAY.exe. Both suspicious object, medium risk. Skip, Copy to quarantine or delete?
Something to keep in mind is that people who won't or cannot (no software) do a clean Windows install are the very people who screw up machines.
Skip, Copy to quarantine or delete? Move to quarantine or delete but do not skip.
ASKER
Okay...quarantined.
Lucky for me these are solid people...just have a lot of programs on their computer. They have everything needed to reinstall all their software. If a program like Acronis could do it, it would simply be less hassle. I appreciate your input.
Lucky for me these are solid people...just have a lot of programs on their computer. They have everything needed to reinstall all their software. If a program like Acronis could do it, it would simply be less hassle. I appreciate your input.
ASKER
Need to leave for the afternoon...I'll keep you posted.
Thx,
Mags
Thx,
Mags
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks jcimarron. I will l look at that.
I ran ComboFix. Then ran Sophos, Eset, Emsisoft and a specific scan through Norton for the Trojan.zbot...all clean. A few more scans to run then I'll look at the updates then do a sfc. If it fails I will try a repair install.
I ran ComboFix. Then ran Sophos, Eset, Emsisoft and a specific scan through Norton for the Trojan.zbot...all clean. A few more scans to run then I'll look at the updates then do a sfc. If it fails I will try a repair install.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will do. Data backed up...
Thanks guys!
Mags
Thanks guys!
Mags
ASKER
jcimarron I deleted possible problematic updates, restarting each time. I still have the same issue with sfc & dism.
Ran more scans and believe it is as clean as I can get it.
Starting a repair install.
Mags
Ran more scans and believe it is as clean as I can get it.
Starting a repair install.
Mags
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
MagsMcKinley14--
What happened when you ran the Repair Install?
What happened when you ran the Repair Install?
ASKER
I thought I spread points already and closed this??
No, you have not yet closed this question.
MagsMcKinley14--
It seems not. No problem. All's well that end's well
https://www.experts-exchange.com/help/viewHelpPage.jsp?helpPageID=24
12 seconds after John Hurst.
It seems not. No problem. All's well that end's well
https://www.experts-exchange.com/help/viewHelpPage.jsp?helpPageID=24
12 seconds after John Hurst.
ASKER
Let me finish something and I will spread points and answer questions.
Thanks guys...could of sworn I already did this...sorry for the delay.
Mags
Thanks guys...could of sworn I already did this...sorry for the delay.
Mags
ASKER
Repair Install worked...thanks guys!!
@MagsMcKinley14 - Thanks for the update and I was happy to help.
MagsMcKinley14--
You are welcome.
You are welcome.
I would suggest to take a backup of your files and reinstall Windows from scratch