ATLEvent, asmsvc.exe, and blinking HDD lite

mccrosk6971 · Jan 18, 2005

I need some help guys. After running Spybot S&D, I saw that I had this ATLevents thing. After researching it, I realized it had something to do with this Virtumonde virus. I've tried numerous fixes for it, and none of the AV progs I've used will clean it out. At best, Norton quarantined it. I've went through these forums and have tried some of the fixes that other people have tried, but to no avail. It almost seems as though it's different for each person. So now I guess it's my turn to cry out for help. I'm running Windows XP Pro on a Dell Inspiron 5100. First I'll give you a rundown on what I've already tried.

Here are the symptoms- ATLEvents in Spybot. HDD light flashes approximately once every second. This is confirmed with the performance monitor. It showed the HDD performing performing writes every second or 2. Of course this can't be correct or else my HDD would be full, or filling up like crazy. No disc reads though. And finally, this ASMSVC.EXE eats up almost 100 percent of the processor at regular times during the day it seems. Around 2 or 3 PM daily, the computer runs like a snail and the CPU is maxed out. I still have yet to figure out what ASMSVC.EXE even is. Fortunetly, the performance monitor shows that while this is going on, no data is being sent or received through the network interface.

I've tried running numerous AV programs, both in safe more and in normal mode. I've also done it with system restore both on and off. No dice. Every time I delete the *asmsvc.exe key in the registry (specifically the RUNONCE key), it comes back. I'm not talking at reboot either. I delete it, hit REFRESH, and it's there again immediatly. Obviously, the ATLEvent keys also cannot be deleted.

Attached is my latest Hijack This log file. I understand that it may be difficult to tell what is and what is not supposed to be there as you don't know what I've installed. I'm just hoping that, with so many sets of eyes looking at the log file, someone may see something that jumps out at them. I appreciate all insights and help that anyone can spare me as this is becoming a real menace. Thanks all!

chaslang · Jan 19, 2005

This message belongs in the Spyware Forum. I'm moving you there. There are guidelines about posting HJT logs.

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

You should also run Symantec's removal tool: Symantec Trojan.Vundo Removal Tool

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Log in or Sign up

ATLEvent, asmsvc.exe, and blinking HDD lite

mccrosk6971 Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member