Hi all , my system seems to be infected with a zeroaccess variant which keeps dropping corsvr.dll in \system32
When i run Combofix it removes it , after a reboot i get a BSOD that the file is corsvr.dll is missing so i fix the registry entry in hklm\system\currentcontrolset\control\session manager\subsystems that it loads winsrv instead of consrv. My <windows does boot, but then the consrv.dll file gets dropped again and the registry is changed again…
I’ve attached the OTL logs and i’ll be running a combofix now to post that log
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Ok i scanned the pc some more with mbam, superantispyware, tdsskiller , … it appears to be clean now. I rebooted the pc several times and the consrv.dll didn’t come back.