Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

When executed, the worm copies itself in the %windir% folder using the following name:


In order to be executed on every system start, the worm sets the following Registry entry:

"Disk Knight" = "%windir%\Knight.exe"


The following Registry entries are set:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Disk Knight]
"DisplayName" = "Disk Knight"
"UninstallString" = "%windir%\Knight.exe uninstall"
"DisplayVersion" = "2.0"
"Publisher" = "Kalpurush"
"HelpLink" = ""
"Readme" = "res://%windir%\Knight.exe/about.html
"Contact" = ""


Spreading on removable media
The worm copies itself into the root folders of removable drives using the following filename:


The following file is dropped in the same folder:


Other information

The worm blocks application execution.