knight.exe!!

marysmail · Dec 21, 2007

Hi. I'm trying to get rid of this "Knight.exe" ... Antivir says it's a Trojan, I think it's been around since the last "Windows Update" I authorized... every time I plug in any USB this "Disk Knight" thing popped-up saying USB drives could have viruses and blahblah, to which I just closed it and went on doing my thing.

But today I tried to download some pics from my camera and Antivir went crazy.

It's located in my C:/WINDOWS/Knight.exe and it won't let me delete it. (it says "knight.exe" is the trojan "TR/Autorun.acl")

Any ideas? Thanks!! Mar.-

abri · Dec 22, 2007

Hi marysmail!
Welcome to Major Geeks!

Please go to the instructions in the READ & RUN ME FIRST , only in your case, go first to the link for your operating system (at the bottom of the page) and then look for Combofix before you do anything else. Install and run that first. Then go back and work through the above READ & RUN ME link in the normal order.

When you finish all of that, you will be able to attach the Combofix, AVG-Antispyware and MGlogs.zip with your next post.

abri

marysmail · Dec 22, 2007

Hi, thanks for your reply! I've done everything on the "read & run me"... I think the knight.exe is gone...

When I ran AVGantispy it didn't save a log, it wouldn't even give me the option to save it.. it found some tracking cookies (marked as medium) and a trojan (marked as high), which had a different root than the last one (the one from the knight.exe that showed up on AntiVir). Should I run it again and see if I can save the log this time?

I'm attaching the MG zip and the log from combofix though.

abri · Dec 22, 2007

Hi marysmail!

Your logs are clean. You can do the following things to make your computer safer from malware. Then please follow the instructions in the box for cleaning out the tools we had you install and to reset your restore points:

Go to add/remove programs and uninstall the below:[/b]

- J2SE Runtime Environment 5.0 Update 10
- J2SE Runtime Environment 5.0 Update 11
- J2SE Runtime Environment 5.0 Update 6
- J2SE Runtime Environment 5.0 Update 9
- Java(TM) 6 Update 2

If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

Your logs look good. If you're not experiencing any malware symptoms, please do the following:

If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.

If you have the trial version of AVG Antispyware 7.5, you can remove this via add/remove programs.

Go to add/remove programs and uninstall HijackThis.

Then go into Windows Explorer and find MGTools directly under C:\ (or the root drive where your operating system is installed).

Open the MGTools folder and delete the contents.

Then delete the folder itself.

Look for any leftover logs on your desktop and if found delete them

Run CCleaner

After you've completed the above, please follow the instructions at this link for setting a clean restore point. Disable and Enable System Restore!

Once you've done this, please take a look at the link that follows. It's a good read and has some good information to help you prevent further malware invasions.

How to Protect Yourself from Malware

Let us know how things went!
Click to expand...

abri

marysmail · Dec 22, 2007

Great. Did everything it said on your last post and it went chocomilk smooth.

Thank you so much for your help, Abri!! Oh, and Merry Xmas!

Mar.-

abri · Dec 23, 2007

Thanks marysmail!

Merry Christmas to you!

abri

Log in or Sign up

knight.exe!!

marysmail Private E-2

abri MajorGeek

marysmail Private E-2

Attached Files:

ComboFix2.txt

MGlogs.zip

abri MajorGeek

marysmail Private E-2

abri MajorGeek