PC Advisor

Md5sum is a computer program which calculates and verifies 128-bit MD5 hashes. The MD5 hash functions as a compact digital fingerprint of a file. It is extremely unlikely that any two non-identical files will have the same MD5 hash. This means that when we download a file, we can validate the download by comparing the md5 hash value provided by the download location (it is usually stored in *.md5 files) with the md5 hash value calculated for the downloaded file in our computer. In order to calculate the md5 hash for a program in a Windows machine one can use:

Free, open source winMd5Sum from Nullriver Software.

For more info and downloads please visit:

http://www.nullriver.com/index/products/winmd5sum

Last summer some people observed a new program called "Disk Knight" to get installed automatically on their USB drives or in their computer without their approval. The problem was that they couldn’t get rid of this software that tends to have the same behavior as a malware program.

What is this program?

Why doesn’t the antiviruses alarm the user of the potential threat?

Well the program is made by a Bangladeshi student and what it claims to do is to prevent the launch of any other program that resides in the USB drive protecting this way the computer. So if the USB drive is infected with a malware program or virus it won’t infect the computer that will be inserted too. The Disk Knight will then popup a message that will say that your computer is safe and something like that.

The real problem is what if you don’t want to have this program installed in your USB stick or even worse in your computer?

The process to remove Disk Knight from the USB stick is relatively easy.

• open your task manager by pressing Control+Shift+Escape
• kill the process "knight.exe"
• open a windows explorer and go to Tools -> Folder Options.
• go to View tab and check the "Show hidden files and folders" radio button
• open with the windows explorer the USB drive
• delete the files "Knight.exe" and "autorun.inf"

The process to delete the Disk Knight from the computer is more tricky

IMPORTANT!!! the steps below require advanced knowledge of the Windows operating system. Make sure you know what you ‘re doing. I will not be responsible for making your system inoperable.

• go to Start -> run
• type regedit in the box and hit OK
• make a backup of your registry first by highlighting "My Computer" and the click on File -> Export…
• Give any name you want and save the registry file wherever you like
• click Edit -> Find…
• type in the box "knight" and hit "Find Next"
• in the search results that will return check to be sure that the registry entry refers to "Disk Knight" and delete it
• if you are unsure leave it
• when the registry is cleaned delete the file "X:\Windows\knight.exe" where "X" is the drive where the Windows are installed
• delete the files in the "X:\Windows\Prefetch\Knight.exe-<random string here>" where <random string here> is a random string

Edit: I found out that the registry keys affected by Disk Knight are:

Where "X" is the drive where the Windows are installed and <usb drive letter> is the drive letter of your usb drive. Those long string keys may not be the same on your installation so don’t expect to find them that way. Those keys are given only for reference and to be sure that you are deleting the correct registry keys.

When you reach this part you will notice tha you can’t execute any .exe program. Don’t panic and don’t consider formating your disk and reinstalling Windows

• Click Start -> Run and type Command in the box and hit OK
• On the Command Prompt tha will popup write one by one:

• cd \windows
• regedit

• On the registry editor navigate to the key*:

HKEY_CLASSES_ROOT\exefile\shell\open\command

• Double-click the (Default) value in the right pane
• Delete the current value data, and then type: "%1" %* which means quote-percent-one-quote-space-percent-asterisk

• Navigate to:

HKEY_CLASSES_ROOT\.exe

• In the right-pane, set (default) to exefile
• Exit the Registry Editor.

You are done!!!

* If you’re unable to launch Regedit.exe even from Command Prompt, try this:

copy regedit.exe regedit.com