Page 1 of 4 1234 LastLast
Results 1 to 10 of 38

Thread: New Defs and Old version cases logon issue

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Default New Defs and Old version cases logon issue

    The new definition files released the 25th in combination with v1.3 (I know not supported) detects the valid value of HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Userinit as "HellzLittleSpy" and deletes the value leaving it blank.

    This causes a logging on user to be immediately logged off until the value is properly restored to c:\windows\system32\userinit.exe,

    Problem only seems to occur in v1.3/

  2. #2
    Junior Member
    Join Date
    Jun 2008
    Posts
    15

    Default

    Good call on it being 1.3 that causes it. I've seen it randomly and wasn't sure why or how, but every one that I've had to correct this on has 1.3 installed. I'm guessing autoupdate doesn't update the program version but only the definitions. Any chance of that happening?

    http://forums.spybot.info/showthread.php?t=30030

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello,
    Quote Originally Posted by Malloc View Post
    Any chance of that happening?
    Spybot-S&D v1.3 is very old, any reason you have not upgraded to v1.5?

    Version 1.6 is due shortly.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    1

    Default Why upgrade from 1.3 to 1.5 (or 1.6)?

    When I run 1.5.2.20 with the 25 June 2008 Updates, it only searches for 169160 items. When I run 1.3, it searches for 169175 items and it finds HellzLittleSpy which 1.5 does not find.

    Why upgrade to 1.5 when it does not seem to be as good as 1.3?

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello,
    Quote Originally Posted by macdunn View Post
    When I run 1.5.2.20 with the 25 June 2008 Updates, it only searches for 169160 items. When I run 1.3, it searches for 169175 items and it finds HellzLittleSpy which 1.5 does not find.

    Why upgrade to 1.5 when it does not seem to be as good as 1.3?
    1.3 may have given a false positive on HellzLittleSpy. 1.5 has more effective detections and new functions.What is your operating system?

    2008-06-25
    Total: 663265 fingerprints in 171141 rules for 4049 products.
    http://forums.spybot.info/showthread.php?t=30020

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Junior Member
    Join Date
    Jun 2008
    Location
    Dutch Harbor, AK.
    Posts
    2

    Default New Defs and Old version cases logon issue

    Greetings, I am having this very issue and do not know how to correct it. I've tried safe mode and everything my limited knowledge know to do. What are my options, if any? Thanks.

    The new definition files released the 25th in combination with v1.3 (I know not supported) detects the valid value of HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Userinit as "HellzLittleSpy" and deletes the value leaving it blank.

    This causes a logging on user to be immediately logged off [/B]until the value is properly restored to c:\windows\system32\userinit.exe,

    Problem only seems to occur in v1.3/

  7. #7
    Junior Member
    Join Date
    Jun 2008
    Location
    Dutch Harbor, AK.
    Posts
    2

    Default New Defs and Old version cases logon issue

    I contacted Dell support and their solution was to do a system restore that will delete all my data. Are there any other solutions for replacing this file? Any help here would be appreciated. Thanks, Bruce


    Quote Originally Posted by Coho_Bruce View Post
    Greetings, I am having this very issue and do not know how to correct it. I've tried safe mode and everything my limited knowledge know to do. What are my options, if any? Thanks.

    The new definition files released the 25th in combination with v1.3 (I know not supported) detects the valid value of HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Userinit as "HellzLittleSpy" and deletes the value leaving it blank.

    This causes a logging on user to be immediately logged off [/B]until the value is properly restored to c:\windows\system32\userinit.exe,

    Problem only seems to occur in v1.3/

  8. #8
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Coho_Bruce:

    There are other options in the thread referenced by Malloc in post #2 above:

    For example:

    Quote Originally Posted by Malloc View Post
    I've had this happen on 6 computers so far, but I have them on the network so I can remove registry edit though them.

    Here are some other tools that have offline registry edits:

    http://home.eunet.no/~pnordahl/ntpasswd/
    http://windowsxp.mvps.org/peboot.htm
    http://ubcd4win.com/index.htm

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  9. #9
    Junior Member
    Join Date
    Jul 2008
    Posts
    1

    Default

    Quote Originally Posted by Coho_Bruce View Post
    I contacted Dell support and their solution was to do a system restore that will delete all my data. Are there any other solutions for replacing this file? Any help here would be appreciated. Thanks, Bruce
    I had the exact same problem this week. Very frustrating. I tried three different utility programs that I could boot from the CD drive. Norton System Works, System Mechanic, and Fix It Utilities 8. Fix It Utilities 8 was the only one that solved the problem. Use it to boot from the CD. Run the "Recovery Commander" then restore a "system restore checkpoint"
    Everything is fine now. Works good.
    Last edited by tashi; 2008-07-02 at 00:36. Reason: Mod: removed email address in username

  10. #10
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Default

    For those who are still fixing this problem I created a BartPE plugin to fix it.

    No additional files are needed everything is included already in the PE Build or is in the plugin.

    To launch select Programs -> Repair Userinit -> Repair User init

    for those who would like to do it on their own
    Code:
    @echo off
    if exist c:\windows\system32\config\software (
    	reg load HKLM\JUNK c:\windows\system32\config\software
    	set UserInitPath="C:\windows\system32\userinit.exe,"
    ) ELSE if exist c:\winnt\system32\config\software (
    	reg load HKLM\JUNK c:\winnt\system32\config\software
    	set UserInitPath="C:\winnt\system32\userinit.exe,"
    ) else goto END
    for /f "skip=4 delims=" %%i in ('reg query "HKLM\JUNK\Microsoft\Windows NT\currentversion\Winlogon" /v userinit') do (
    	for /f "usebackq tokens=1,2,3" %%j in ('%%i') do (
    		if "%%l"=="" (
    			reg add "HKLM\JUNK\Microsoft\Windows NT\currentversion\Winlogon" /v userinit /t REG_SZ /d %UserInitPath% /f
    		)
    	)
    )
    
    :END
    pause

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •