Can't boot after v1.5.2 installation

[shame]

This careless and ridiculous if not malicious damage by the Spybot people: Safer Networking, ranks their program with the worst Malware. I've 'phoned all my family and friends and told them to get Spybot off their computers immediately and to pass the word on to everyone they know. It's the least I can do. For them.
I'm programming a new PC from scratch (it's taken weeks) and fortunately I've been creating backup images of the drive with Acronis.9 at regular intervals. I was nearly finished and put it online last night to update Nod32, Adaware & Spybot and then ran them all in that order. Then I spent hours trying to fix it after using Spybot. I gave up and deployed my last image losing another few hours of recent programming. But because of that I'm one of the lucky ones. I won't have time to get back to my project till Sunday and then only enough time to re-do the work I did last night. *%$#@#$$%
I was hoping to be tuning my firewall and taking it for a test run on the digital superhighways by then.
Spybot's name is mud at the moment. Who will be game to use it again? Would you? Who've been screwed? You really, really messed up BIG time. *I* suspect someone with a vengeance/grievance :devil: at Safer Networking has added a malicious bit of code to the update files(?). What will it be next time?
"format c:" ?
Bye Bye.

PS
you cannot even supply/check proper information for fixing this:
http://forums.spybot.info/blog.php?b=14

"The required default value and data:
Code:
for Windows XP
Userinit=c:\windows\system32\userinit.exe,

for Windows 2000
Userinit=c:\windowsnt\system32\userinit.exe, " <- win 2000 would be .......c:\WINNT\system32\userinit.exe,

Tut tut.
Please check the information you are providing to your users to end the suffering you have sent them.olice:

I've seen posts by your 'Team Members' (kid brother/sister?):cowboy: advising to try booting safe mode. Duh? These poor people are locked out. No doors and the 'Windows' are bolted from the inside. I'm guessing you 'Safer Networking' people use Linux when you're at home? So you would know grief as much as windows users. I see one or two forlorn victims crying 'Mac for me' after this fiasco. Another pretty desert island but with very little 'cargo'. Only good thing about Winblows is heaps of garbage washes up and occasionally you find something good. Spybot was a find but now, as I said, it's got covered in mud :sad:.

I suggest you remove all update files from your servers and replace them with a text file only containing a warning, an apology and promises that whatever bums are actually on seats at 'Safer Networking' are really working to make the program 'Safer...'. Right Now.

I got bitten but I half blame myself. I unchecked a couple entries Spybot had marked for deletion which were obviously programs I had recently installed. I hesitated about 'userinit.exe' but, trusting the program and being a little tired and bleary eyed, I pushed the button.
Damn damn damn damn damn damn damn damn damn damn damn damn damn.

 

[Terminator]

First of all CALM DOWN I appreciate this is an extremely stressful time but accidents can and do happen and sometimes the source of the problem isn't the obvious one.

Secondly The problems you are experiancing only happen if you are using an old version of spybot or you remove the Hellzlittlespy entry. Spybot 1.6 will be out on the 7th and hopefully this problem will be sorted by the new release, Also be careful what you say as some of what you have said could be considered slander:nono:.

To quote PepiMK

We kept the updates available for 1.3 users simply for those who were forced to keep using it e.g. because they have Windows 95 and not enough RAM for a newer version, with the understanding that they would not simply ignore the warning. We did not keep them available for people who decided to ignore both this message and the two updates available through the updater since.

 

[drragostea]

Just a quick note. Spybot-SD 1.6 released tomorrow. That is July 4th.

 

[blues]

as i have understand it will be released on monday look at this: http://forums.spybot.info/showthread.php?t=30453

 

[drragostea]

Thanks for clarifying. I got it.

 

[walker]

[QUOTE=Terminator;209071]First of all CALM DOWN I appreciate this is an extremely stressful time but accidents can and do happen and sometimes the source of the problem isn't the obvious one.

Secondly The problems you are experiancing only happen if you are using an old version of spybot or you remove the Hellzlittlespy entry. Spybot 1.6 will be out on the 7th and hopefully this problem will be sorted by the new release, Also be careful what you say as some of what you have said could be considered slander:nono:.

To quote PepiMK[/QUOTE]

First of all, SHAME has spoken the truth at every juncture in this. If you want to carry this further, we can take this to another level. If you supply your personal information and the "owners" of SpyBot....I will gladly supply my information and we can bring this to the "legal" level. Your comments are laughable. I fully stand behind the comments of this poster....he is certainly not even remotely close to "slander".

He does bring up some very interesting points. This is basically hobbyist software and I should not have been using it in the first place (my bad).....but someone at your "company" surely did this on purpose as a malicious act.......removing lines of registry code identified as "hellzlittlespy".....cannot be an "accident". If you were legitimate in any way, the "company" would admit to this.

Another interesting comment by "Shame" is that you cannot even get the fix remotely close to right. The original "blog" did not identify method #3 as an XP/VISTA only fix. Then method #2 doesn't work for me, as numerous bad shutdowns have caused the iso/boot file to exclaim....."you must start two times in safe mode".....great!!!!!!!!!!!....you can't.

So, where is the slander? Spybot has succeeded where no virus has ever been able to....complete destruction.

SpyBot is in fact the most damaging VIRUS I have ever encountered.

By the way....you will get your chancce at a "slander" suit......I am so pissed off about this I am in the process of obtaining a url and i will soon be listed in all the search engines as a possible choice of selection when Spybot is the search term. The verbage will not be pretty.:euro:

 

[walker]

Walker, do you own a real Win2000 installation disk?

Yes I do. I booted to it. It cannot fix this problem....at least with my knowledge base. What do you suggest?

 

[PepiMK]

removing lines of registry code identified as "hellzlittlespy".....cannot be an "accident"

That the task in question is not compatible with 1.3 is documented in the public:
http://wiki.spybot.info/index.php/RegyChange
I kind of doubt we would prepare a intential bug about four years before letting it occur...

So, where is the slander? Spybot has succeeded where no virus has ever been able to....complete destruction.

You must've had luck with your choice of viruses then

I am so pissed off about this I am in the process of obtaining a url and i will soon be listed in all the search engines as a possible choice of selection when Spybot is the search term. The verbage will not be pretty.

Sorry, but dozens of bad guys already pay big bucks to Google for Adwords for that purpose to be able to cheat people, unless you're a professional criminal, it should get difficult to get a high rank among them

 

[bevdye1962]

V1.5.2 Locks Out Too! Logon/Logoff Loop

I did a cursory look at the forum and didn't see this problem. I installed v1.5.2 and did the requested reboot. Now I can't log in to my system. I click on my username and type in my password, and the system logs me in and then immediately logs me out. This happens repeatedly. I have tried virtually all boot modes under the f8 menu: safe mode, debugging mode, everything. (OS is XP Pro, and I think it is completely updated--it updates automatically). The behavior is always the same for either my regular account or the admin account. It logs in and immediately logs out. Any suggestions? I REALLY don't want to reinstall the OS.

Hi,

I've read that this problem doesn't occur with v1.5.2, but like round_midnight, I also was running v1.5.2 and have the same problem as of my June 29th update. My loop is now actually preceded by a Logon Message, "The system could not log you on. Make sure your User name and domain are correct, then type password again. Letters in passwords must be typed using the correct case." After this, I go to the logon/logoff loop. This occurs in windows logon, safe mode, administrator, or regular account. I have made no headway on the problem at all, it seems.

Having read this and Major Geeks forums comments on this problem and having visited every recommended site with hope of a solution, I am now waiting on an XP Installation CD from Dell to try the Bart PE.

I don't have a solution to offer, but wanted to make sure v1.5.2 is not given the "all-clear". If I didn't have two computers in the home to research the problem, I would have d/l the update onto this computer as well as part of the "weekend update."

Hope there is a true solution soon! If I have any success, I will post asap. Unfortunately, I seem to be undereducation for this one!

 

[walker]

That the task in question is not compatible with 1.3 is documented in the public:
http://wiki.spybot.info/index.php/RegyChange
I kind of doubt we would prepare a intential bug about four years before letting it occur...

You must've had luck with your choice of viruses then

Sorry, but dozens of bad guys already pay big bucks to Google for Adwords for that purpose to be able to cheat people, unless you're a professional criminal, it should get difficult to get a high rank among them

I think as days go by you will learn that there is more to this than you know now....and maybe an apology will be in order. Look at bevdye1962 ....so you see this isn't only 1.3 and the non-screen "warnings" that v.1.3 people got. You have a problem and you want to play verbal football with it. Why go down this road? The fact is that SpyBot has caused a lot of problems for a lot of people and you are calling me a possible "Criminal" because my computers have been fried/toasted...and stepped on...by SpyBot. When I say that no virus has ever caused this much damage I mean it. That is a fact, as far as I am concerned.

I am not accusing the owners of SpyBot with intentionally creating this problem.....but something has been done with the latest updates to cause this problem. Even if an older version was used against suggestions that it not be.....having an update that causes a read of "hellzlittlespy"....and a deletion of a boot file from the reg.....is a bit much. At least it is to be considered unprofessional. The program ceasing to fuction at all, and not being able to be updated by the "updater" would have been a less harsh penalty to the criminal users of this software. This is like executing someone because he has not changed his under shorts.

All of this said......can someone please look over the posts and try to come up with a fix that is well written...and works?

 

[walker]

A user sent me a PM with some information...I am posting it here so people can comment and possible give ideas in reference to what is mentioned here. Thanks.





Re: HellzLittleSpy Fix that really, really does work…..

--------------------------------------------------------------------------------

Hi,

I did see your posts at various different forums...and people's re-posts of your posts.

To be honest, I assumed this was some type of "troll service"....and that you were trying to drum up business for a small software seller.

After seeing the time you have spend on these PM's.....I don't think this is the case...and I appreciate your concern and trying to help.

First, I have to tell you that I did download the free program ver.8.....of course the boot disk is a paid for item....but this is OK. I downloaded to the only working computer in my home/small office setup. I see how the software creates restore points and it has a very nice interface....better than Norton in my opinion.

However, here is the problem...all of the computers have Norton Systemworks and Anti-Virus installed with GO BACK. Here is the problem. In order to try the other fixes mentioned in all of these posts....Norton wanted the removel of Go Back and all of it's components......this is before boot up....in a sort of pre boot....after bios area. It took about an hour to fully remove Go Back. This was the only way I could try the Win 2000 recovery console (didn't work)...the Bart Cd and/or the ISO/image...boot disk fiasco (requires two passes into safe mode!).

So, I believe that the earlier system states have all been removed....at least in the way that Norton reacts with them. The computer also never had Fix Vers. 8 installed of course, so whatever recovery points are created when the software is installed are not there.

I really do not think that this will work.

What are your thoughts?....by the way....I would gladly pay for the software...this is not the issue...I just think the system state recovery points are no longer there.

Nick Walker










Quote:
Originally Posted by HP_XP_User
Walker...

HellzLittleSpy Fix that really, really does work…..

Numerous, recent posts have indicated that the 06/25/08 update with SpyBot V1.3 seems to indicate CoolWWWSearch.hjg and HellzLittleSpy as false positives.

After going through the absolute “nightmare” of restoring my home network after letting SpyBot remove the “Userinit” value from the registry, here is how I managed to get my 3 home network PC set up back when the Userinit reg setting gets wiped out from the reg value settings,

As you know you can’t even really effectively boot into SafeMode, so you can’t even run a DOS prompt to run any batch program to re-write the registry, you get into that endless logon – logoff loop, etc., etc.,

………………..WELL DON’T RUN TO REFORMAT!

Go to the big audio/video chain stores and get a product called “Fix It Utilities Professional version 8. It is made by Avanquest, it sells for about $40, and it’s a 3 user license. Pop the CD into your drive, change any bios/boot up settings to allow the PC to boot from the CD rather than the hard drive and let the CD boot. Once it boots, and the interface comes up, run the program called Recovery Commander. Choose the option to restore from a System Restore Checkpoint. Let it run and assuming you do have a series of system checkpoints to choose from, you should be OK, once you reboot. This is a lifesaver!

By the way, I do not work for this company, I am not trying to submit an ad, I don’t get any kickbacks, I too was beyond enraged after letting Spybot screw my PC. Then I remembered that I had this software. I use this for other stuff, this utility is loaded with other things that you will want to use, I repeat it is a Lifesaver and perhaps the best $40 you will ever spend, since without that reg value your PC is nothing more than a very large and heavy paperweight!!!!!

By the way see my previous post about yet another false positive!

Hope this helps the countless users that seem to be hit by this “false positive”


HP-XP_User

 

[PepiMK]

As I stated in another thread, writing posts in upper caps or bold letters is usually regarded as "shouting" on the Internet. If you don't want to be seen as a "troll service", I would recommend sticking to the netiquette

The immediate consequence now is that updates will be closed for any dated versions, see the announcement. This is a no-win situation, as from experience we know that as many people as do complain like you do currently will complain about that and would request to still receive updates.

I think I did mention it before: the 1.3 user base are mostly those with Windows 95 and very small hardware. Where else in the industry do you find companies that still support Windows 9x? From the guys at any of the big commercial companies, you'll just receive an arrogant laugh (or worse) if you even mention it. So in the end, this step will lead to these people having no protection at all. I'm not sure if this indeed is better than having to take extra care with the scan results.

 

[walker]

PepiMK......you are a very strange person.

Firstly, this is a cut and paste of a PM that another memeber sent to me concerning the problem. How you do not realize that is totally beyond me.

Then you refer to "Troll Service". Do you really think I am a troll trying to cause you or anyone at Spybot a problem? I am a guy with a toasted set of computers...caused by Spybot software. Please don't try to dismiss me as a troll. If you would like to meet in person on this issue let's trade info in PM and I'll discuss this with you in the near future. Don't take this as a threat...I am a friendly guy....but not a troll!!

Then you refer to the complaint......and that "people like me".......do complain......wtf? Do you think I really want to post here at all? I am not a computer hobbyist......I use computers out of necessity and try to use trouble free software that is simple and non-destructive. It is a good idea to discontinue updates for old versions.

The reality is that you do not understand what has happened, why it happened....and you want to be arrogant in your approach. Why not try to fix the problem for all the people with toasted computers....who were not careful with their scan results....ha....you must be joking!!....oh...please don't take this as a troll shout....please, please, please.

As I stated in another thread, writing posts in upper caps or bold letters is usually regarded as "shouting" on the Internet. If you don't want to be seen as a "troll service", I would recommend sticking to the netiquette

The immediate consequence now is that updates will be closed for any dated versions, see the announcement. This is a no-win situation, as from experience we know that as many people as do complain like you do currently will complain about that and would request to still receive updates.

I think I did mention it before: the 1.3 user base are mostly those with Windows 95 and very small hardware. Where else in the industry do you find companies that still support Windows 9x? From the guys at any of the big commercial companies, you'll just receive an arrogant laugh (or worse) if you even mention it. So in the end, this step will lead to these people having no protection at all. I'm not sure if this indeed is better than having to take extra care with the scan results.

 

[jms1002]

Walker,

For what it's worth, I put the blame on Microsofts unstable operating system. Spybot is a third party free download and even though it's worked great for many years, these things are bound to happen. I bought a Mac today (using it now) and it's been seamless and simple so far. If your computing needs consist of photos, internet, basic home spreadsheet and word processing, etc., then you may want to go that route as well and rid yourself of Microsoft products.

 

[walker]

I understand what you are saying.

Actually, Spybot was a favorite software for me. It corrected many problems for me in the past on many different systems. I rec. (past tense).....it to everyone and I even downloaded it onto two recently purchased laptops for my college kids.

I do however believe this is a major glitch...one that I have never seen before under any circumstances. Old versions equal no updates, freeze ups, reboots.......possible removal of the software.....etc.....never has it equalled a complete toasting with no answers forthcoming as to how to correct it.

Also, the attitude from some people who are "Team Bot"...is amazing to me. I would be working on getting some software solution. I burned an ISO image from a downloaded zip .........booted to this "solution"....and I still can't get accesss because it now wants two starts in "Safe Mode".

OK.....thanks for your comments.......I appreciate your thoughts.

I do like Apple products for the activities you note.....but for now I am heavily invested in Microsoft Win......on 11 different systems.... maybe some changes in the future.

Walker,

For what it's worth, I put the blame on Microsofts unstable operating system. Spybot is a third party free download and even though it's worked great for many years, these things are bound to happen. I bought a Mac today (using it now) and it's been seamless and simple so far. If your computing needs consist of photos, internet, basic home spreadsheet and word processing, etc., then you may want to go that route as well and rid yourself of Microsoft products.

 

[Steve_C]

HellzlittleSpy UserInit issue

Maybe I posted in the wrong thread, I've been at this for days and my eyes are shot.

I chose "Method #2, Offline registry tools and password resetter" posted by Yodama

All went well with download of offline registry tool.
When I come to-- "On the next prompt choose "9" Registry editor" it changes pages and prompts "What to do" "Simple registry editor"

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.

Has anyone used this method?

Thanks for your help.

 

[Yodama]

I enter: cd Microsoft\Windows NT\CurrentVersion\Winlogon--just like example.

It gives back: (...)\Windows NT\CurrentVersion\Winlogon
as though it can't read it.
I have repeated 4 times.

Hello Steve_C,

your progress with this method is correct so far,
this

(...)\Windows NT\CurrentVersion\Winlogon

shows that you have navigated to the required registry key.
you just need to continue.

by entering

ls

the contents (Keys and Values) of Winlogon will then be listed.

with

cat Userinit

you can view what data is present in Userinit

with

ed Userinit

you will be able to change the data for Userinit

 

[walker]

....but what can be done about the two safe mode visits if the volume is "dirty"? As you know, you cannot get into safe mode. So, the software will not write to the disk...reading it as "read only". Do you have the solution to this?....or any other idea....as Method #2 was the only one for Win 2000 not on a network. I have now put approx. 20 hours into this....and still have 3 disabled machines.

By the way, I was able to get all the way through the ISO file...but it won't change the registry values as it is perceiving that it cannot write.

If you have any ideas, I'll even remove the drive from the machine and put it in the only machine that works here.

 

[Yodama]

....but what can be done about the two safe mode visits if the volume is "dirty"? As you know, you cannot get into safe mode. So, the software will not write to the disk...reading it as "read only". Do you have the solution to this?....or any other idea....as Method #2 was the only one for Win 2000 not on a network. I have now put approx. 20 hours into this....and still have 3 disabled machines.

By the way, I was able to get all the way through the ISO file...but it won't change the registry values as it is perceiving that it cannot write.

If you have any ideas, I'll even remove the drive from the machine and put it in the only machine that works here.

If the boot disc tells you that you will have to reboot into windows safe mode twice so it can write, then you should follow that instruction.

To get into Windows safe mode you need to press F8 after the Bios screen and before the graphical Windows boot screen.
Choose to boot into safe mode, if it is not present press F8 again.
After Windows has booted into safe mode (do not try to login), restart the computer properly:
choose to "shut down" then "restart". If you do not see the option for shutting down click the options button.
repeat this procedure, then boot from the bootcd from method 2, it is now possible to write the changes.

 

[walker]

I appreciate the quick answer.....but I believe a boot into safe mode is impossible with the missing file (removed by hellzlittlespy error).

If I could get into safe mode I could fix the problem.