Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disk Knight Persistent Problem


  • Please log in to reply
4 replies to this topic

#1 Stacy Jamie

Stacy Jamie

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 22 October 2007 - 11:19 PM

Hi! Don't know if this has been posted already but I still seem to have problems with this irritating USB software called "Disk Knight"...

I already removed it from ADD/REMOVE PROGRAMS, then erased two files with knight*.* .. however, upon restarting, in the task manager area I still see Disk Knight running (in applications) and Knight.exe (in processes). I can't see them in c:\windows and I deleted the Knight registry in regedit.

Anyone has any tips on how to remove it? I dont want it spreading to my desktop :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:06:26 PM

Posted 23 October 2007 - 12:09 AM

Try this: Start, Control Panel, Performance and Maintenance, Administrative Tools, Services, At this point you should have a services listing, at the bottom of the page, click the standard tab. Find the offending program in the list, right click, and click properties. You should do two things here: find service status and click stop, once the service has stopped, click the dropdown arrow, and select "disabled". Then click apply and then ok. restart your computer and you should be able to completely clean out the offending program.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 Stacy Jamie

Stacy Jamie
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 23 October 2007 - 07:01 AM

It's not in services :thumbsup: Also, I was able to disable it in the msconfig window (knight.exe)... I'm just wondering because I deleted the Knight entry in the registry ... how did it return when i restarted? Is there something I missed? And is there a way to delete it without having to tweak through regedit? Thanks

#4 buddy215

buddy215

  • BC Advisor
  • 12,616 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:26 PM

Posted 23 October 2007 - 08:20 AM

Is it a useful "Virus"? Read what sophos has to say.
http://www.sophos.com/security/blog/2007/08/510.html

Trend Micro's removal instructions below.
http://www.trendmicro.com/vinfo/virusencyc...YZ&VSect=Sn

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:26 PM

Posted 23 October 2007 - 08:40 PM

Please insert your flash drives before we begin!

Reconfigure Windows XP to show hidden files, folders. Double-click on My Computer, go to Tools > Folder Options and click on the View tab. Under Hidden Files and Folders, check "Show hidden files and Folders", uncheck "Hide Protected operating system Files (recommended)", uncheck "Hide file extensions for known file types", and hit Apply > OK.

Open My Computer, right-click on your primary drive (DO NOT double-click), select "Explore", and search for any autorun.inf at the root. Repeat the search on all your drives (including your flash drive). If autorun.inf is present continue as follows:

Reboot your computer in "Safe Mode" or "Safe Mode With Command Prompt" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode With Command Prompt".

Go to Start > Run and type: cmd
  • press Ok.
  • At the command prompt, type in your primay drive location, usually C:
  • You may need to change the directory. If so type: cd \
  • Hit Enter.
  • Type: attrib -s -h -r -a autorun.inf
  • Hit Enter.
  • Type: dir
  • Hit Enter. This will allow you to see and confirm the Autorun files.
  • Type: del autorun.inf
  • Hit Enter.
  • Repeat the above commands for each drive on your computer.
Now search for and remove Knight.exe
  • At the command prompt, type in your primay drive location, usually C:
  • Type: dir /s Knight.exe
  • Hit Enter.
  • If the file is present, type: del Knight.exe
  • Repeat the above commands for each drive on your computer.
  • Exit the command prompt and reboot normally.
When done remove the Startup RUN value with Autoruns.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users