sysanti.exe - Dangerous

sysanti.exe

Manual removal instructions:

Antivirus Report of sysanti.exe:
sysanti.exe Malware
sysanti.exeDangerous
sysanti.exeHigh Risk
sysanti.exe
We suggest you to remove SysAnti.exe from your computer as soon as possible.
SysAnti.exe is Trojan/Backdoor.
Kill the process SysAnti.exe and remove SysAnti.exe from Windows startup.

File: qvod.exe

Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.06.22 Win32:Hacko
AVG 8.5.0.339 2009.06.22 Dropper.Generic.AQZR
BitDefender 7.2 2009.06.23 Generic.Malware.SFP!dldPk!g.6732F735
Comodo 1391 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 DLOADER.Trojan
F-Secure 8.0.14470.0 2009.06.23 W32/Packed_FSG.D
Kaspersky 7.0.0.125 2009.06.23 Trojan.Win32.Agent.cmzq
NOD32 4179 2009.06.22 probably a variant of Win32/Injector.DY
Symantec 1.4.4.12 2009.06.23 W32.SillyFDC

Additional information
File size: 2409379 bytes
MD5 : 1f281e8f196b1ede5a1003830061fc1e
SHA1 : d3f1d6d22c8dd9f66961537da3c3006baf51fdd0

Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys deleted:0
----------------------------------

----------------------------------
Keys added:815
----------------------------------
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\QvodMenu
...
HKLM\SOFTWARE\Classes\ShareModule.QvodShare.1\CLSID
HKLM\SOFTWARE\Microsoft\ESENT\Process\GoogleToolbarInstaller_full_signed
HKLM\SOFTWARE\Microsoft\ESENT\Process\GoogleToolbarInstaller_full_signed\DEBUG
HKLM\SOFTWARE\Microsoft\ESENT\Process\IEXPLORE
HKLM\SOFTWARE\Microsoft\ESENT\Process\IEXPLORE\DEBUG
HKLM\SOFTWARE\Microsoft\ESENT\Process\Server
HKLM\SOFTWARE\Microsoft\ESENT\Process\Server\DEBUG
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QvodPlayer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\QvodCDAudioOnArrival
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\QvodDVDMovieOnArrival
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\QvodMediaOnArrival
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7139E26A-49CA-4344-B063-C702858627D9}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QvodPlayer
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe
HKLM\SOFTWARE\Google
HKLM\SOFTWARE\Google\Google Toolbar
HKLM\SOFTWARE\Google\Google Toolbar\Component
HKLM\SOFTWARE\Google\Google Toolbar\Component\NonManifest
HKLM\SOFTWARE\Google\Google Toolbar\Component\Used
HKLM\SOFTWARE\Google\No Toolbar Offer Until
HKLM\SOFTWARE\QvodPlayer
HKLM\SOFTWARE\QvodPlayer\Insert
HKCU\Software\QvodPlayer
HKCU\Software\QvodPlayer\Insert
HKCU\Software\QvodPlayer\Option

----------------------------------
Values deleted:2
----------------------------------
HKLM\SOFTWARE\Classes\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}\1: "0,4,,52494646,8,4,,41564958"
HKLM\SOFTWARE\Classes\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB88-524F-11CE-9F53-0020AF0BA770}\2: "0,4,,52494646,8,4,,414D5620"

----------------------------------
Values added:587
----------------------------------
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\QvodMenu\: "{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}"
...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe\Debugger: "ntsd -d"
HKLM\SOFTWARE\Google\No Toolbar Offer Until\Shenzhen QVOD Technology Co.,Ltd: 0x01329157
HKLM\SOFTWARE\Google\Google Toolbar\test: "41"
HKLM\SOFTWARE\QvodPlayer\Insert\Insertpath: "C:\Program Files\QvodPlayer"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PARTIZAN\0000\Capabilities: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\QvodPlayer\QvodTerminal.exe: "C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QVOD"
HKCU\Software\GNU\ffdshow\divx: 0x00000001
HKCU\Software\GNU\ffdshow\mpg1: 0x00000001
HKCU\Software\GNU\ffdshow_audio\rawa: 0x00000004
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QvodPlayer: "C:\Program Files\QvodPlayer\QvodTerminal.exe"
HKCU\Software\QvodPlayer\Option\defaultsavepath: "C:\Media\"
HKCU\Software\QvodPlayer\Option\newpath: "0"
HKCU\Software\QvodPlayer\Insert\Insertpath: "C:\Program Files\QvodPlayer"

----------------------------------
Values modified:390
----------------------------------
HKLM\SOFTWARE\Classes\.3g2\: "mplayerc.3g2"
...
HKLM\SOFTWARE\Classes\Interface\{FA4BB38C-FAF9-4CCA-9302-D1DD0FE520DB}\TypeLib\Version: "3.0"
HKLM\SOFTWARE\Classes\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}\0: "0,5,FFFFFFFFC0,000001BA40"
HKLM\SOFTWARE\Classes\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E06D8022-DB46-11CF-B4D1-00805F6CBBEA}\0: "0, 5, FFFFFFFFC0 ,000001BA40"
HKLM\SOFTWARE\Classes\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}\0: "0,16,FFFFFFFFF100010001800001FFFFFFFF,000001BA2100010001800001000001BB"
HKLM\SOFTWARE\Classes\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{E436EB84-524F-11CE-9F53-0020AF0BA770}\0: "0, 16, FFFFFFFFF100010001800001FFFFFFFF, 000001BA2100010001800001000001BB"
HKLM\SOFTWARE\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\DistCode\: "R41R03"
HKLM\SOFTWARE\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\DistCode\: "R31CND_QVOD"
HKLM\SOFTWARE\Classes\TypeLib\{56A868B0-0AD4-11CE-B03A-0020AF0BA770}\1.0\0\win32\: "C:\WINDOWS\system32\quartz.dll"
HKLM\SOFTWARE\Classes\TypeLib\{56A868B0-0AD4-11CE-B03A-0020AF0BA770}\1.0\0\win32\: "C:\WINDOWS\system32\QUARTZ.dll"
HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command\: ""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
HKLM\SOFTWARE\Classes\xmlfile\shell\Open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"
HKLM\SOFTWARE\Classes\xslfile\shell\Open\command\: ""C:\Program Files\Internet Explorer\iexplore.exe" -nohome"
HKLM\SOFTWARE\Classes\xslfile\shell\Open\command\: ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome"
HKLM\SOFTWARE\GNU\ffdshow\pth: "C:\Program Files\K-Lite Codec Pack\ffdshow"
HKLM\SOFTWARE\GNU\ffdshow\pth: "C:\Program Files\Common Files\QvodPlayer\Codecs\"
HKCU\Software\GNU\ffdshow\trayIcon: 0x00000001
HKCU\Software\GNU\ffdshow\trayIcon: 0x00000000
HKCU\Software\GNU\ffdshow\mpg2: 0x00000000
HKCU\Software\GNU\ffdshow\mpg2: 0x00000001
HKCU\Software\GNU\ffdshow\mjpg: 0x00000001
HKCU\Software\GNU\ffdshow\mjpg: 0x00000000
HKCU\Software\GNU\ffdshow\mpegAVI: 0x00000005
HKCU\Software\GNU\ffdshow\mpegAVI: 0x00000001
HKCU\Software\GNU\ffdshow_audio\trayIcon: 0x00000001
HKCU\Software\GNU\ffdshow_audio\trayIcon: 0x00000000
HKCU\Software\GNU\ffdshow_audio\ac3: 0x00000000
HKCU\Software\GNU\ffdshow_audio\ac3: 0x0000000F
HKCU\Software\GNU\ffdshow_audio\amr: 0x00000000
HKCU\Software\GNU\ffdshow_audio\amr: 0x00000001
HKCU\Software\GNU\ffdshow_audio\vorbis: 0x00000000
HKCU\Software\GNU\ffdshow_audio\vorbis: 0x00000001
HKCU\Software\Haali\Matroska Splitter\ui.trayicon: 0x00000001
HKCU\Software\Haali\Matroska Splitter\ui.trayicon: 0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 04 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 46 00 00 00 07 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----------------------------------
Files added:139
----------------------------------
C:\Documents and Settings\Administrator\Desktop\QvodPlayer.lnk
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleToolbarInstaller2.log
C:\Documents and Settings\Administrator\Start Menu\Programs\QVOD\QVOD(QvodPlayer).lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\QVOD\Uninst QvodPlayer.lnk
C:\Documents and Settings\Administrator\mm.bat
C:\Documents and Settings\Administrator\QvodSetup3.exe
C:\Documents and Settings\Administrator\Server.exe
C:\Program Files\Common Files\SysAnti.exe
C:\Program Files\QvodPlayer\AddIn\VisLrc.dll
C:\Program Files\QvodPlayer\Codecs\asfsplliter.ax
C:\Program Files\QvodPlayer\Codecs\atrc.dll
C:\Program Files\QvodPlayer\Codecs\ColorFilter.ax
C:\Program Files\QvodPlayer\Codecs\cook.dll
C:\Program Files\QvodPlayer\Codecs\drvc.dll
C:\Program Files\QvodPlayer\Codecs\f4v.swf
C:\Program Files\QvodPlayer\Codecs\raac.dll
C:\Program Files\QvodPlayer\Codecs\RealMediaSplitter.ax
C:\Program Files\QvodPlayer\Favorite\Desktop.ini
C:\Program Files\QvodPlayer\GoogleToolbarInstaller_full_signed.exe
C:\Program Files\QvodPlayer\Lang\en_US.dll
C:\Program Files\QvodPlayer\Lang\zh_TW.dll
C:\Program Files\QvodPlayer\NetAgent.dll
C:\Program Files\QvodPlayer\Playlist\Channel.xml
C:\Program Files\QvodPlayer\Playlist\Mediacenter.xml
C:\Program Files\QvodPlayer\Playlist\Playlist.xml
C:\Program Files\QvodPlayer\Qvod.cfg
C:\Program Files\QvodPlayer\QvodBand.dll
C:\Program Files\QvodPlayer\qvodcfg.ini
C:\Program Files\QvodPlayer\QvodInsert.dll
C:\Program Files\QvodPlayer\QvodPlayer.exe
C:\Program Files\QvodPlayer\QvodPlayer.xml
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\Program Files\QvodPlayer\QvodUninst.exe
C:\Program Files\QvodPlayer\ShareModule.dll
C:\Program Files\QvodPlayer\Skin\Default\back.bmp
...
C:\Program Files\QvodPlayer\Skin\Mini.xml
C:\WINDOWS\Fonts\muhlr.fon
C:\WINDOWS\Fonts\vfdol.fon
C:\AutoRun.inf
C:\SysAnti.exe

----------------------------------
Files [attributes?] modified:2
----------------------------------
C:\Program Files\K-Lite Codec Pack\Real\Codecs\cook.dll
C:\WINDOWS\system32\drivers\etc\hosts

----------------------------------
Folders added:21
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\Google Toolbar
C:\Documents and Settings\Administrator\Start Menu\Programs\QVOD
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar
C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Component
C:\Program Files\Google
C:\Program Files\Google\Google Toolbar
C:\Program Files\Google\Google Toolbar\Component
C:\Program Files\QvodPlayer
C:\Program Files\QvodPlayer\AddIn
C:\Program Files\QvodPlayer\Codecs
C:\Program Files\QvodPlayer\Data
C:\Program Files\QvodPlayer\Data\AD
C:\Program Files\QvodPlayer\Favorite
C:\Program Files\QvodPlayer\Lang
C:\Program Files\QvodPlayer\Lyrics
C:\Program Files\QvodPlayer\Playlist
C:\Program Files\QvodPlayer\Skin
C:\Program Files\QvodPlayer\Skin\Default
C:\Program Files\QvodPlayer\Skin\MiNi
C:\Program Files\QvodPlayer\Viewdata

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:1956
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: SysAnti
Author: Unknown
Related File: C:\Program Files\Common Files\SysAnti.exe
Type: Explorer Run

Item Name: C:\autorun.inf
Author: Unknown
Related File: C:\autorun.inf
Type: Autorun.inf

Removal Results: Success
Number of reboot: 1


Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)


Remove sysanti.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.