Disk Knight: a new virus "protection" program

UPDATE:
After having several thousand people visit my blog, obviously because Disk Knight is pissing them off, I thought it might be nice to post some step-by-step instructions on how to rid yourself of this nuisance. Follow these instructions at your own risk.

These instructions courtesy Precise Security:
1. Temporarily Disable USB Drive to autorun (Windows XP):

a. Open Windows Explorer or press the Windows + “e” key.
b. Right-click the drive of the USB Drive. Then select Properties. Drive Properties will appear.
c. Select the AutoPlay tab.
d. Choose Select an Action to Perform
e. At the bottom of the selection, click Take no Action, then click Apply.
f. Click OK to exit Drive Properties.

2. Show Hidden Files
a. Open Windows Explorer
b. Go to Tools > Options
c. On View tab, mark Checked the “Show Hidden Files and Folders and “Hide Protected OPerating System Files” Unchecked.

3. Delete the files manually

a. Go the USB Drive and delete autorun.inf
b. Go to C: Drive and delete autorun.inf
c. Go to C:\Windows and delete Disk Knight.exe

4. Modify Windows Registry
a. Go to Start > Run then type regedit
b. On Registry Editor, go to Edit > Find and type “knight”
c. Delete all entries it found.

5. Connect to Internet and update your AntiVirus

6. Reboot your computer in SafeMode
a. During BootUp process Press F8 continuously until selection appears
b. Use Arrow Up+Down to select SafeMode on the selections menu.
c. Hit Enter to proceed.

7. Scan your computer with an updated AntiVirus and delete all infections it founds.

Note: You may enable autorun of the USB Drive by reversing the process in Step 1.

**From August 7, 2007:**
Several users in my network are complaining about “Disk Knight,” a new program that was created by a 19-year-old in Chittagong named Ariful Islam. I used to have a link to his site here, with removal instructions, but it seems to have disappeared.

The program is meant to stop virus processes originating from USB flash disks, however, its virus like behaviour means that it is now spreading uncontrollably on computers around Bangladesh via users’ USB disks—a real nuisance for IT administrators like myself.

Users with more computer knowledge will be able to remove DiskKnight from their computers and flash disks following my instructions, however, I have already submitted samples of the file to our virus protection vendor Sophos as I’d rather not have some program stopping every process on my computer, including the useful ones! While I appreciate Mr. Islam’s wish to help the community deal with viruses, it is my belief the best approach is to educate users to protect themselves.

206 Responses

Write a comment
  1. Guys ur all talking abt this knight Virus… nd there is a another stupid Bangladeshi Virus in my computer.. i cant do a thing to dis Image file. it is in all of my drives… its says Dpi virus made by Bangladesh… uffff.. can any1 help he with dis.. it disabled my hidden file option.. plzzz help me… contect me in Saikat1313@yahoo.com

    Saikat1313 27 April 2009 at 8:05 pm Permalink

Trackbacks/Pingbacks

  1. stefanoframbi.com » Blog Archive » Disk Knight - 13. Oct, 2007

    [...] Ok, in questo modo dovreste aver risolto i vostri problemi, per ulterioi informazioni: http://www.mikeyleung.ca/mikiwiki/index.php?title=Disk_Knight http://www.sophos.com/virusinfo/analyses/diskknight.html http://www.mikeyleung.ca/2007/08/07/disk-knight/ [...]

  2. Remove Disk Knight - 22. Mar, 2008

    How to remove Disk Knight…

    How to remove Disk Knight…

  3. Knight Disk Virus!!!? - WikiVista.org - The Windows OS Support Community - 03. Jul, 2008

    [...] Removing Disk Knight – Step by Step Instructions | Mikey Leung – Bangladesh Travel Consultant step by step It was actually meant to stop the spread of pen-drive viruses, but instead allows you to block/enable ALL processes, so it is quite clumsy. [...]

  4. Hardware-ally transmitted disease « Chandrasekhar Limit - 24. Jul, 2008

    [...] you are unlucky and you got it, you can follow the instructions to remove this software: in English (I didn’t checked all the page content), in Italian (I used [...]

  5. bid directory script - 18. Aug, 2008

    bid directory script…

    This enables authors to keep track of who is linking to, or referring…

Write a Comment

Commenter Gravatar