A memory size of 32 MB seems a bit small. By default Elgg sets 64 MB in .htaccess. You can try to increase the allowed memory size in Elgg's .htaccess:
php_value memory_limit 64M
If the value in .htaccess is already larger than 32 MB the limit is set in the main php.ini config file on your server. Then you would need to adjust the setting there or in case you can't do it yourself you would ask the support of your webhoster.
Only if increasing the memory size to 64 MB (or even 128 MB) doesn't help I would suggest to look for other reasons for your problem. Then the link rjcalifornia posted could help.
Thank you for your help! Even 64M didn't seem to be enough, and I'm on shared hosting so I don't want to overdo it.
The link gave me the idea to go into the database through phpmyadmin. I looked up the owner_guid of the spam account and then searched for all objects matching that owner_guid. I deleted rows from the search results in batches of 500 using phpmyadmin's interface. It seems to have worked!
I'm still looking for a good spam-catching plugin -- CAPTCHA doesn't do much. I'm using Elgg for courses, so right now I just turn off the ability to create new accounts except during the first few weeks of the semester. While it's turned on, I have to batch-delete the spammers every day or two.
Julie, give a look in my plugin: spam_login_filter.
The community are using it with good results.
You can try Cash's DB Validator plugin: http://community.elgg.org/pg/plugins/project/438616/developer/costelloc/database-validator
Fantastic!!! Cash is like my elgg guardian angel.
But now I run up against my other problem, which is that I can't log into my admin user to enable/use plugins (I get a black page with just background color). Is there a way to make another user an admin on the back end (in hopes that I've just broken the account and not the entire administration)?
Oh, and to answer the other question: I'm running elgg 1.6.3.
I determined by looking at the source code that my login/admin problems were caused by another plugin. I removed that and was able to use Cash's DB Validator plugin to repair the database problems I'd created. It worked like a charm!
I'm now going to install another plugin to block spammers from creating accounts.
Thank you both so much for your help.