Disk Knight: a new virus "protection" program
UPDATE:
After having several thousand people visit my blog, obviously because Disk Knight is pissing them off, I thought it might be nice to post some step-by-step instructions on how to rid yourself of this nuisance. Follow these instructions at your own risk.
These instructions courtesy Precise Security:
1. Temporarily Disable USB Drive to autorun (Windows XP):
a. Open Windows Explorer or press the Windows + “e” key.
b. Right-click the drive of the USB Drive. Then select Properties. Drive Properties will appear.
c. Select the AutoPlay tab.
d. Choose Select an Action to Perform
e. At the bottom of the selection, click Take no Action, then click Apply.
f. Click OK to exit Drive Properties.2. Show Hidden Files
a. Open Windows Explorer
b. Go to Tools > Options
c. On View tab, mark Checked the “Show Hidden Files and Folders and “Hide Protected OPerating System Files” Unchecked.
3. Delete the files manually
a. Go the USB Drive and delete autorun.inf
b. Go to C: Drive and delete autorun.inf
c. Go to C:\Windows and delete Disk Knight.exe4. Modify Windows Registry
a. Go to Start > Run then type regedit
b. On Registry Editor, go to Edit > Find and type “knight”
c. Delete all entries it found.5. Connect to Internet and update your AntiVirus
6. Reboot your computer in SafeMode
a. During BootUp process Press F8 continuously until selection appears
b. Use Arrow Up+Down to select SafeMode on the selections menu.
c. Hit Enter to proceed.7. Scan your computer with an updated AntiVirus and delete all infections it founds.
Note: You may enable autorun of the USB Drive by reversing the process in Step 1.
**From August 7, 2007:**
Several users in my network are complaining about “Disk Knight,” a new program that was created by a 19-year-old in Chittagong named Ariful Islam. I used to have a link to his site here, with removal instructions, but it seems to have disappeared.
The program is meant to stop virus processes originating from USB flash disks, however, its virus like behaviour means that it is now spreading uncontrollably on computers around Bangladesh via users’ USB disks—a real nuisance for IT administrators like myself.
Users with more computer knowledge will be able to remove DiskKnight from their computers and flash disks following my instructions, however, I have already submitted samples of the file to our virus protection vendor Sophos as I’d rather not have some program stopping every process on my computer, including the useful ones! While I appreciate Mr. Islam’s wish to help the community deal with viruses, it is my belief the best approach is to educate users to protect themselves.
Guys ur all talking abt this knight Virus… nd there is a another stupid Bangladeshi Virus in my computer.. i cant do a thing to dis Image file. it is in all of my drives… its says Dpi virus made by Bangladesh… uffff.. can any1 help he with dis.. it disabled my hidden file option.. plzzz help me… contect me in Saikat1313@yahoo.com