Regarding dfsc.sys

Started by Starry Windy September 21st, 2013 9:19 AM
  • 715 views
  • 8 replies

Starry Windy

Everything will be Daijoubu.

Male
Liberty Garden
Seen April 28th, 2020
Posted April 28th, 2020
9,307 posts
10.4 Years
I was just checking a scan, when I find out that my antivirus detects a system file called dfsc.sys which is located in winsxs folder as a trojan, but yet I checked on some tech website that it's one of the most important files, that if it's deleted, that might mean that I can't access Windows anymore. So... what should I do, and if it's not a virus, how could I bring dfsc.sys back, since when I want to bring it back from the quarantine, the program won't let me do it even when having Administrator privilege. (and I was turning off System Restore before I realize that as well...)

Starry Windy

Everything will be Daijoubu.

Male
Liberty Garden
Seen April 28th, 2020
Posted April 28th, 2020
9,307 posts
10.4 Years
I was using Avira one, and it was when I try to initiate sfc /scannow in Command Prompt, that the antivirus alert is triggered in the middle of the scan.

Legendary Silke

You like dragons?

Seen December 23rd, 2021
Posted April 22nd, 2020
5,925 posts
12.5 Years
Do NOT delete this file until you get a second opinion from another anti-malware scanner, and try scanning the file again after you've updated Avira's definitions. It's part of Windows 7 - deleting it can mean trouble. It's likely that you're getting a false positive, but just to be safe, get a second opinion.

(It's the DFS Namespace Client Driver and comes from Microsoft. If the file is not a malicious doppelganger, there should be visible details in the Details tab of its properties. Try going to C:\Windows\winsxs\ in Windows Explorer, and search for dfsc.sys in there.)

Starry Windy

Everything will be Daijoubu.

Male
Liberty Garden
Seen April 28th, 2020
Posted April 28th, 2020
9,307 posts
10.4 Years
Well... that's the problem, I have deleted it... moved to quarantine, to be exact... :( and I managed to scan it in VirusTotal right here: https://www.virustotal.com/en/file/5c4b05ae15fcd5296f6af738aaf71371c89619fb791742d3ff36a75fd338f539/analysis/1379781310/

and too bad I can't return it to where it belongs...

Starry Windy

Everything will be Daijoubu.

Male
Liberty Garden
Seen April 28th, 2020
Posted April 28th, 2020
9,307 posts
10.4 Years

Well, that's what I get when attempting to restore the file. I tried it manually as well, and it's no go too, even with Administrator privilege.

Starry Windy

Everything will be Daijoubu.

Male
Liberty Garden
Seen April 28th, 2020
Posted April 28th, 2020
9,307 posts
10.4 Years
Looks like I self-solved the problem lol

Well, I was solving it via taking over winsxs folder via using Command Prompt in Admin mode. I was using this command:

Takeown /f %WINDIR%\windows\winsxs /R
or alternatively, in C:\Windows\ folder:
Takeown /f winsxs /R
And then edit the permission to full access so that I can return the system file back. If anyone have the problem like what I just experience, just do it like this ok?