Random thoughts

[Pol]

No executables from the usb medium will work, so no installer no portable apps. They must be first copied on hdd, where I expect that you would have right to run them.

It' all leveled down to a problem that people are coming to your pc and copy/print something through usb port. This is basically insecure as they are doing it under your account and so you are to be blamed.

Anyway preventing autoruns (step one) will be sufficient so long as anyone will not decide to think in a lame way of:

"Yu, I have here some knight.exe 's maybe's some game of flash joke lets click on it. Ceres is looking somewhere else anyways... "

[Ceres]

Thanks Mr. Pol. Btw, gpedit.msc isn't working for me. I wonder why, seems not locked.

[ScarlettP]

No government provided health or dental care at all in the US, unless you are dirt poor. I've never had dental insurance, so it's always been 'pay as I go' so I didn't go as often as I should have and the dentist that I could afford wasn't very good. He only believed in 'patching up' any immediate problems and said nothing about preventing new problems.

When I complained that my gums bled when I brushed, he told me to floss more often. I explained that flossing my my gums bleed even worse, so he told me to keep at it and the gums would 'toughen up'. Yet at the same time, he told me to use a softer tooth brush and don't brush so hard. So... Lacerating my gums with dental floss will 'toughen them up' but a medium toothbrush causes damage??? I flossed every day for a year. Didn't help. He didn't make any other suggestions. I quit flossing unless I had something stuck in my teeth. The gums bled less.

The NEW dentist did a full set of X-Rays before he did anything. I like a man who wants to SEE what he's working with before he starts making general assumptions. He found that I have 'significant' bone loss in the front. That's one of the three places my jaw was broken 30 years ago. I lost a tooth when I was 16. They used a 'Maryland Bridge' which is a butterfly shaped piece of metal across the back to glue the false tooth in, supported by the neighboring tooth. Now, THAT neighboring tooth is loose and the new dentist says that it will probably have to come out. At least I'll get a new bridge that won't be glued to weak teeth over a broken spot in my jaw where the bone is deteriorating.

Today was hell. They did their best to numb me up, but I still feel things. My poor loose tooth never gets really numb and it's the one that hurts like the devil when they touch it. So, naturally, that's the spot that needed the most 'cleaning'. The hygienist did use a rather nifty new gadget on me. It's a high powered water pick that blasts water under the gum line to get out ALL the bacteria and most of the tarter build up. Naturally, she had to go back with the evil metal pick to get the rest of it. *sigh* Torture happy, evil *bad words* and their nasty metal hooks!!!

Half my face was numb for over THREE HOURS! When that wore off, it got worse because then my teeth started to ache. They just felt like someone had been trying to pull them with pliers. Even now, TWELVE HOURS after this torture session began, I can't enjoy my food. It hurts to press my teeth together enough to chew. Plus, there's a funky after taste in my mouth. Not fun.

Best Part? I get to go back and spend another $488 and do this ALL AGAIN day after tomorrow. My life is such a joy.

[asandir]

well we do have medicare which is public health care for everyone, but just nothing for dental

[Pol]

Thanks Mr. Pol. Btw, gpedit.msc isn't working for me. I wonder why, seems not locked.

Maybe you don't use XP Pro or w2k Pro.

The way around is to use notepad and copy paste this into it(including the last empty line)

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=hex:b5,00,00,00

Save it like no-autorun.reg and finally double click on it to import information into you registry.
(Here's original tip for winXP Home, this one should works too, but it's from w2k)

[Pol]

We have/had some public medial care here, sadly it's going to be very restricted from the new year.

[Ceres]

Oh wow... and now we are talking about registry! Yummy. I'll try that one. Hope it works, thanks again, Mr. Pol.

EDIT: Didn't work too. It says: The specified file is not a registry script. You can only import binary registry files from within the registry editor.

[asandir]

our medicare is cool, I reckon, though we do have private medical insurance as well, better IMO

[Pol]

?
You copied selected text into notepad, saved it like a no-autorun.reg and double click on it, ok?

Should works then, assuming that you have WinXP Home.

PS You must copy whole code, including the Windows Registry... etc. (just whole code window)

[Ceres]

Err... I actually didn't c/p it. I just typed it manually, but all of it. I can't c/p it since this computer that I'm using which has internet access is not the pc that I'm trying to fix. The one that I'm trying to fix doesn't have net access.

[asandir]

write it down?

[Pol]

That could be a problem, these things are 'per symbol' sensitive (spaces are also symbols). Do you have usb something (key ideally, mp3 player will do to).

Copy, paste and save according the recipe on your computer, tehn recopy to your usb key and port it to the other computer. Connect and doublclick.

[Ceres]

There are hidden symbols on it?

I'm so noob... didn't even thought about that simple thing.

[Pol]

Well, only hidden symbols here are spaces, after all it's only text. But these spaces must be distributed exactly where they are in a required quantity.

See this is how is going the first line of that mini text..

Windows Registry Editor Version 5.00

if you do some mistake here, like omitting space, changing dot to coma or some other minor detail it's likely to not to be recognized like a correct reg file

another two lines are easy
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=hex:b5,00,00,00

and last line is just a click of enter in to create an empty line. That's the whole spell

So spaces are what you are don't see but it will not works without them. That's why is much easier to just copy.

On the other hand, you probably just did somewhere a typo. But it's true that spaces are important and some applications are very sensitive on them, this one is not so much like was its ancestor. Which is a great relief. ^
(Hope that I didn't scarried you too much.)

[asandir]

if you write it carefully then you'll be fine!! triangles for spaces for us computer geeks

[Ceres]

It works Mr. Pol! It works! Thanks so much!

Just some clarifications:
-So I have done that and my registry got modified. Should I just leave it that way? And if I'm not mistaken, the code prevents the autorun.inf from executing which most USBs possess? And with this, DK won't be able to execute itself thus preventing it from copying itself from the USB to my pc.

-But it doesn't mean that the DK on their USBs are totally gone, if they inserted it to other computers which enables autorun it will infect that. So the only way to remove DK from their USB is to format their USB OR I need to remove it manually (Mike's instruction page).

-And also, since I had modify my pc's registry, what drawbacks should I expect?

[Pol]

Yes, the code prevent autorun on all discs (hdd, cd-roms, usb) to self execute. Unfortunatelly it still can be runned manually, very easy in case that someone will click on it by right button and then choose open and because here's autorun presented it will run it. The best choice is always explore.
(This behaviour can be changed too I believe)

And with this, DK won't be able to execute itself thus preventing it from copying itself from the USB to my pc.
Yep ;)

-But it doesn't mean that the DK on their USBs are totally gone, if they inserted it to other computers which enables autorun it will infect that. So the only way to remove DK from their USB is to format their USB OR I need to remove it manually (Mike's instruction page).

No, these will remains where they are but because knigh.exe won't be active on your computer you may just look for them and delete them. (Ignoring attribute report, me think that they are hidden and system)

Drawback is that after inserting some cd with autorun or usb it will not launch itself - usually cds with presentation. You must run it manually.

[Ceres]

Thanks!

The drawbacks aren't that heavy I think, so I could live with it, probably.

But think I'm going to repeat the process again, I think I made flaws. After I have done everything, I tried to search for 'Knight' in regedit several times and and there are always one or two found and I definitely delete them, and then I search again and whoa... there's always one.

[Pol]

Hmm, then it must be still presented on your pc.

This is a typical way how it's working. If you do kill the process (virus) then you have some slight interval to remove it from the registry (not possible to do it manually so fast). In registry is written something like check if the program is running and if not rerun it again. And exactly if the program is started again it will write itself into the registry. That's way to infinity...

Two general stops method works
against less agressive programs, which runs only in one copy

Get and instal unlocker on desired computer. Perform search for knight exe, select all occurences of that evil knight, right clik and from the menu choose unlock, then pick desired action which is delete. Once deleted it cannot rerun from the registry, where is nothing there is nothing (good quote for viruses bad for your budget)

against more aggresive programms with many hooks
(shouldn't be the case of the knight)
Try to find out all programms names and registry entries, usually by asking internet. Download some 'rescue cd'. Go offline, shutdown the system and start the recovery cd. Remove all virus occurence. Make full scan (also from cd). Restart pc and pray to gods, mostly it will vanish.

Probably best rescue cd is bart pe, which is created from fully installed but clean system. Rest looks like that or generally that.

[Ceres]

Thanks Mr. Pol! I'm going to try that later.