Cause of corrupt system files?


  1. Win20Win
    Posts : 22
    Various
       New #1

    Cause of corrupt system files?


    I've been in the process of removing data from a Win 10 machine for several weeks now, during which time it has not been connected to the internet, and no new programs have been installed on it. However, today, when I was trying to run malware checks on the appdata folder, the anti-malware package that I have installed on the machine began struggling to initiate scans, or completing them instantaneously, or other bugged behaviour. I also have Windows Defender enabled for on-demand scans (and I think occasional background scans), which was also previously working fine, but at the same moment, it began refusing to scan anything at all - e.g. clicking the 'scan now' button gave no response.

    To resolve the problem, I initially tried system restore, but that would not complete successfully until I uninstalled the 3rd party anti-malware package from the machine. Even with a successful restore, Windows Defender was still refusing to scan anything, while the restored version of the 3rd party package appeared bugged beyond functionality and had to be removed again.

    The problem appears finally to have been resolved by running a scan with the system file checker (sfc /scannow), which reported that it had found corrupt system files and fixed them all. Now Windows Defender is back to working, and the machine *seems* to be functioning normally.

    My question is this: on a machine that has not been connected to the internet or had any programs installed on it for weeks, how is it possible for some of the system files suddenly go from uncorrupted to corrupted? Could I have triggered some latent malware on the system by poking around? Could it be the bizarre (and very brief) 'update' that Windows did a couple of days ago even though it can't have had any updates due to not being connected to the internet? Perhaps some conflict between the two anti-viruses? I'm hoping someone can offer an explanation as right now I'm fretting about the malware option.
      My Computer
    Quote Quote

  3. dalchina
    Posts : 42,911
    Win 10 Pro (22H2) (2nd PC is 22H2)
       New #2

    Certain programs can make changes to system files, from permissions to modifying their resources (icons etc). These changes can result in such discrepancies.

    In the last month or so, a minor bug was introduced by MS where an issue with Defender meant SFC reported corruption (details are available on this forum e.g.) - not the first such MS-added discrepancy.
    MS Posts Support Note About Defender SFC /Scannow Errors

    Finally, things could potentially be overwritten or become corrupt- e,.g. HDD failure.

    It is worth monitoring your disks- Hard Disk Sentinel (paid) e.g. allows threshold triggered reporting.
    And routine disk imaging intrinsically verifies the integrity of the used parts of imaged partitions.
    Last edited by dalchina; 07 Sep 2019 at 09:09.
      My Computers
    Quote Quote

  4. simrick
    Posts : 16,325
    W10Prox64
       New #3

    Win20Win said:
    I've been in the process of removing data from a Win 10 machine for several weeks now, during which time it has not been connected to the internet, and no new programs have been installed on it. However, today, when I was trying to run malware checks on the appdata folder, the anti-malware package that I have installed on the machine began struggling to initiate scans, or completing them instantaneously, or other bugged behaviour. ...[SNIP]...
    My question is this: on a machine that has not been connected to the internet or had any programs installed on it for weeks, how is it possible for some of the system files suddenly go from uncorrupted to corrupted?
    Hi Win20Win,
    Dalchina has pretty much answered your questions, but I'd thought I'd add just a little bit...

    Win20Win said:
    Could I have triggered some latent malware on the system by poking around?
    Yes, it is possible, but for SFC /SCANNOW to "fix" things, highly unlikely is was an infection.

    Win20Win said:
    Could it be the bizarre (and very brief) 'update' that Windows did a couple of days ago even though it can't have had any updates due to not being connected to the internet?
    How could the computer have updated if it was not connected to the internet? Did you update it manually? Is it on a LAN and possibly got the update from another computer on the same LAN?

    Win20Win said:
    Perhaps some conflict between the two anti-viruses? I'm hoping someone can offer an explanation as right now I'm fretting about the malware option.
    Possibly, but unlikely. You never mentioned which 3rd-party AV you were using.

    There are infections which are "time bombs", in that they have a delay before deploying their payload, but it doesn't sound like that's what happened to you.

    Sorry I can't be of more help.
      My Computer
    Quote Quote

  6. Win20Win
    Posts : 22
    Various
    Thread Starter
       New #4

    simrick said:
    How could the computer have updated if it was not connected to the internet? Did you update it manually? Is it on a LAN and possibly got the update from another computer on the same LAN?
    This is what I was wondering. It was a very strange occurrence: When I shut the machine down, it unexpectedly went to the standard 'don't turn off the power b/c updating' screen, and then when I turned it back on again, I got the screen it shows when it finishes updating - but neither lasted more than a few seconds. I was pretty spooked by it, because I was quite certain that the machine had not been connected to the internet or any other network for several weeks, nor had any update been download onto portable media and connected to it. Is there some function in Windows 10 where it will go into 'install updates' mode every several weeks whether it has any updates to install or not?

    Regarding the integrity of the storage drive, I believe it is reporting 100% health on SMART.

    Would anti-malware be the type of program that could make changes to system files which could potentially corrupt? Apart from the Windows update system, my suspicion is towards that because I had been running a series of scans when everything started to go wrong.
      My Computer
    Quote Quote

  7. dalchina
    Posts : 42,911
    Win 10 Pro (22H2) (2nd PC is 22H2)
       New #5

    This is what I was wondering. It was a very strange occurrence: When I shut the machine down, it unexpectedly went to the standard 'don't turn off the power b/c updating' screen
    That, of course, should only occur if there's a pending update which has not been completed; you would normally expect to see an 'update and restart' option if so, for example, if using a menu option to shut down.

    If you had not done a full restart or shut down for some time, but hibernated, e.g. then yes, an update could be pending for quite some time.

    Potentially malware could be written to behave in any way at any time... if you were detecting malware, or had reason to run scans, then the unpredictable becomes more likely.

    I've added a link referring to the SFC / Defender issue above.

    You could run
    chkdsk c: /scan
    from an admin command or Powershell prompt - this checks file system integrity, no repair.

    Have a look at your Update History (Settings, Windows Update - or search) and check the record for failures.
    The News section here has a thread per update per build.
      My Computers
    Quote Quote

  8. teots
    Posts : 343
    Ghost Spectre Win 10 64 Bit Pro V 20H2 Build 19042.985
       New #6

    Did you check for any hdd bad sector ?
      My Computer
    Quote Quote

 

  Related Discussions
Happy to start of this post by saying, I performed a factory reset on my machine and it is up and running. Though my computer is thankfully functional again, I'm not sure what went wrong in the first place... so I'm posting generally, soliciting...
SFC Corrupt Files on CBS.Log ?
in Performance & Maintenance

Can someone please help...my sfc command says it can't fix some files...but I don't know what files or how to fix them...looked at CBS.log but doesn't mean much to me. Tried to attach CBS log but am getting this error: CBS.log: Your file of...
When I run sfc /scannow, these are the problems that can't be fixed: 2016-04-17 17:10:09, Info CSI 000051ab Cannot repair member file "Snipping Tool.lnk" of Microsoft-Windows-SnippingTool-App, version 10.0.10586.0, arch...
Why do my files keep getting corrupt?
in Performance & Maintenance

So every couple of months I seem to have a problem... Something acting a bit weird, or my whole computer is amazingly slow, etc.. So I usually go for chkdsk /f /r and sfc /scannow Now when running sfc, I ALWAYS seem to have some corrupt...
Hello, My wife has a Lenovo ThinkPad X230 (Type 2306-CTO) that shipped with Windows 7 and has been successfully upgraded to Windows 10. It has been running Windows 10 (retail release plus updates) smoothly for a couple months. Yesterday (11...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 00:00.
Find Us




Windows 10 Forums