My wife's comp became infected with 2 fairly noxious pieces of Malware, "Hellz Little Spy" and "CoolWWWSearch.hjt". I had to do a destructive reinstall today. I was able to get rid of the malware using Spybot, however, there was a price to pay. Upon deleting them using Spybot, upon reboot, I was thrown into a logon/logoff loop. I tried several Repair reinstalls, they worked, however the Malware was still there. I have an idea that it was the Hellz Little Spy which was causing the problem. If in fact this is the case, perhaps Spybot needs to look into this issue, and address this particular Malware differently. Certainly, it can be removed by Spybot, but at what price? Perhaps a small tutorial on what to look for in the registry (and delete) would be appropriate for anyone who finds themselves infected with this piece of malware, as opposed to simply removing it by the normal Spybot removal method. If such a tutorial existed, it sure would've saved me a lot of time and trouble with having to do the destructive reinstall to get rid of it.

Hello,

Please make sure that you are running the latest version of Spybot - Search & Destroy including the latest updates.

To see which version number and/or updates of Spybot - Search & Destroy you are using please run Spybot-S&D and choose "Help" --> "About" in the menu bar.
There you can see which version you have and which updates are installed.
It should be version 1.5.2 and the updates from the 2008/06/25.

Best regards
Sandra
Team Spybot

Hi Sandra, I did check and I do have the latest version of Spybot (1.5.2.20) and the 6/25/08 update.
It's interesting, I posted the problem I was having at another site and have received 2 responses from people who were having the same issues I had, and were infected with the same 2 Malware issues that I was. Both used Spybot in an attempt to get rid of the problems. One of them got thrown into the same logon/logoff loop that I experienced, the other was unable to get rid of the Malware using Spybot, upon reboot, it was still in the system.
The only reason that I suspect the Hellz Little Spy malware as being the culprit in my problem is that I looked at the registry entry where it was located, and saw the word "logon" at the very end of the registry entry. Regarding the other malware that I had (CoolWWWSearch.hjt), I did d/l CW SHredder, but when I used it, it said that I had no infection. This may be a result of that particular malware being "new" and the shredder simply didn't pick it up (Spybot DID pick it up).
I've noticed a number of postings regarding people experiencing the logon/logoff loop issue. Perhaps we could try to establish what the common thread exactly is (I'm sure that there is one). This way, Spybot could be updated to address this problem.

Hi Sandra, I did check and I do have the latest version of Spybot (1.5.2.20) and the 6/25/08 update.
It's interesting, I posted the problem I was having at another site and have received 2 responses from people who were having the same issues I had, and were infected with the same 2 Malware issues that I was. Both used Spybot in an attempt to get rid of the problems. One of them got thrown into the same logon/logoff loop that I experienced, the other was unable to get rid of the Malware using Spybot, upon reboot, it was still in the system.
The only reason that I suspect the Hellz Little Spy malware as being the culprit in my problem is that I looked at the registry entry where it was located, and saw the word "logon" at the very end of the registry entry.

My wife just called me to report the same login/logoff loop issue with Hellz Little Spy after running an newly downloaded copy of Spybot. She's bringing the computer home tonight for me to try to fix, but it loops even in safe mode and is an older computer for which the install and recovery discs are long since lost at her office. I think this one's going to take some luck to fix!

EDIT: sorry, I just saw that this has been beaten to death all over the place... I thought I'd read through things carefully... anyway, I've got links to a number of things to try, so hopefully I'll be able to fix it.

Good luck with it, Crodge. It doesn't sound good though, what with the disks being lost. With all of the posts (at this forum and others) regarding this problem, it won't be long before one of the computer Guru's comes up with a fix. In my case, I simply wiped everything and started over, drastic - yes. But it was the only way I could get rid of the problems. If you come up with something regarding a fix, please share it - I'm sure there would be MANY grateful comp users.

It might be worth considering Ghost, Drive Image or some Microsoft system restore program. These allow you to restore the system back to uninfected condition without the hassle of backup disks. You just have to remember to make new backups every once in a while to make sure you keep all system restore data updated.

Why was the excellent reply to this problem (sent by HP_XP_User) removed? Was it because it was critical of SpyBot for the false positives when running a scan or because he suggested using something else (Recovery Commander feature on Fix-It Utilities) as opposed to Spybot?

jimmie123:


Thought Police????

Why was the excellent reply to this problem (sent by HP_XP_User) removed? ...
Apparently they were moved not removed.


... You did exactly what you accused me of - trying to hijack other peoples threats and turning the attention away from their problems to yours. So when I moved your posts, that was to avoid spam ....
The post are all here:
New Defs and Old version cases logon issue
http://forums.spybot.info/showthread.php?t=30132
See:
post #21 (http://forums.spybot.info/showpost.php?p=208934&postcount=21)
post #22 (http://forums.spybot.info/showpost.php?p=208935&postcount=22)
post #23 (http://forums.spybot.info/showpost.php?p=208950&postcount=23)
post #24 (http://forums.spybot.info/showpost.php?p=208952&postcount=24)
post #25 (http://forums.spybot.info/showpost.php?p=208963&postcount=25)
post #26 (http://forums.spybot.info/showpost.php?p=208972&postcount=26)

This makes absolutely no sense whatsoever....I begin a thread by describing what I perceived to be a real problem....several people complain of the same problem....one person posts a legitimate "fix" to this problem and you go ahead and move it because of some "possible" threat of spam?? I fail to see the correlation between the proposed possible spam and what he/she posted. Take your position seriously....but use a little common sense too.

jimmie123:

Besides HP_XP_User (http://forums.spybot.info/member.php?u=43614)'s suggestion to buy "Fix It Utilities Professional version 8" which also seems to have been successfully used by Joanne (http://forums.spybot.info/member.php?u=43675) in this thread:
Stuck in Windows loop
http://forums.spybot.info/showthread.php?t=30447

None of the many fixes referenced worked. I went out and bought the program that someone else had posted about here, before his post was deleted. It was also suggested on another post referenced elsewhere at this site. It may have been a blog.

Fix-It Utilities 8.0. $40, Staples had it with a $10 rebate. Great program! It restored to a previous point. All is well.

...


There are other methods to fix the problem caused by HellzLittleSpy documented here:
Userinit Issue
http://forums.spybot.info/blog.php?b=14
______

As you can see Joanne (http://forums.spybot.info/member.php?u=43675) also questioned why HP_XP_User (http://forums.spybot.info/member.php?u=43614)'s post was removed.


This makes absolutely no sense whatsoever ... and you go ahead and move it ...
I didn't move it. I was merely trying to tell you and others where to find it.

Why was the excellent reply to this problem (sent by HP_XP_User) removed? Was it because it was critical of SpyBot for the false positives when running a scan or because he suggested using something else (Recovery Commander feature on Fix-It Utilities) as opposed to Spybot?

Thank you.

If you try Fix it, and do have a series of restore points, it should work.

Let me know

HP_XP_User

I suppose I should be a little miffed...lol. I DO have an older version of Fix-It Utilities here (version 6.0) and it does contain Recovery Commander. I guess I should have tried it, but I had completely forgotten about it. That sure would've saved a lot of time and trouble. I really need to get ahold of System Mechanic....as a part of their program, they offer a disaster disk that you burn - I had one of those and it wouldn't boot. Good to know about Fix-It being a solution to that particular problem though. Thankfully, after the destructive recovery I did, the last couple times I've run Spybot, I got the "Congratulations" screen after I scanned....never knew I'd be so glad to see that particular screen.