Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Installation
When executed, the worm copies itself in the %windir% folder using the following name:

Knight.exe


In order to be executed on every system start, the worm sets the following Registry entry:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Disk Knight" = "%windir%\Knight.exe"

 

The following Registry entries are set:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Disk Knight]
"DisplayName" = "Disk Knight"
"UninstallString" = "%windir%\Knight.exe uninstall"
"DisplayVersion" = "2.0"
"Publisher" = "Kalpurush"
"HelpLink" = "http://www.ariful.esmartweb.com/software.html"
"Readme" = "res://%windir%\Knight.exe/about.html
"Contact" = "ariful2k@hotmail.com"

 

Spreading on removable media
The worm copies itself into the root folders of removable drives using the following filename:

Knight.exe

The following file is dropped in the same folder:

autorun.inf


Other information

The worm blocks application execution.