keygen으로 현기증 날뻔했던 이야기..

불량인생으로 키젠쓰다가 
"컴터해야 된단말이야..현기증난단말에요!" 증상으로 발작할 뻔했습니다..

키젠을 실행후 원주돌이로 경로를 봤더니...
세상에....
알까놓고 자폭하다니....무서운놈..

시스템 상태가 뽕맞은것처럼 갤갤하길래..
malware을 실행했더니...

으잉... 머릿속은 혼란에 빠졌습니다.. 침착하게 검색해봤지만...
해결방법이 없어!!
영문사이트는 보나마나 까막눈이고..에휴..

이제까지 혼자 뻘짓했지요..
폭발할기세...

뇌를 현란하게(?) 움직이니까...
"병시나..이전버전 설치!"
쌩유..(응?)

현재 최신버전이 1.50 입니다. 1.46으로 깔았더니...멀쩡...!
아오...망할...

현재까지 뻘짓했던 상황 정리글.txt

---

keygen 실행후 시스템 느려지는 현상발생→[Malwarebytes' Anti-Malware] 출동!
→그러나,,, runtime error 6 'overflow' 오류로 파업→3~4시간 정도 뻘짓하다가 이전버전 설치.
→정상작동! 이게다 최신버전 때문.....망할..  

---

알까놓은 벌레들.txt
{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
예약작업에 등록하여 부팅시 자동실행.
Ggh.exe, ggg.exe, ggf.exe
{22116563-108C42c0-A7CE-60161B75E508}.job
gxixua.exe, jp595IR86O-Ggh.exe
sshnas21.dll

HKEY\LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHNAS

malware bytes에서 감지한 레지스트리
HKEY_CURRENT_USER\Software\AppDataLow\HavingFunOnline
{7113C1E1-4D6E-403E-A869-DFDFC04397F6}
HKEY_CURRENT_USER\Software\Microsoft\Handle
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace)

알약에서 [V.TRJ.FakeAlert.168960] 로 감지.
이외에 비슷한 악성코드
[Win-Trojan/Fakeav.60416.B][Win-Trojan/Fakeav.60416.B]

*추가 감염 경로
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}
값-IAniGIFEvents
-하위폴더-
[ProxyStubClsid]   값:기본-{00020420-0000-0000-C000-000000000046},
[ProxyStubClsid32] 값:기본-{00020420-0000-0000-C000-000000000046}
[TypeLib]              값:기본-{82351433-9094-11D1-A24B-00A0C932C7DF}
                             값:version-1.5
-------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}
값-IAniGIFEvents
[ProxyStubClsid]   값:기본-{00020424-0000-0000-C000-000000000046}
[ProxyStubClsid32] 값:기본-{00020424-0000-0000-C000-000000000046}
[TypeLib]              값:기본-{82351433-9094-11D1-A24B-00A0C932C7DF}
                            값:version-1.5
-------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
폴더-1.5
-하위폴더-
값:기본-Animation GIF Control
0
0\win32-C:\WINDOWS\system32\AniGIF.ocx
FLAGS - 기본 2
HELPDIR - 기본 C:\WINDOWS\system32\
-------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFCtrl.AniGIF
기본 Animation GIF Control
CLSID - {82351441-9094-11D1-A24B-00A0C932C7DF}
CurVer - AniGIFCtrl.AniGIF
Insertable -

-------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
기본 AniGIFPpg Class
CurVer-AniGIFPpg.AniGIFPpg.1
------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
기본 AniGIFPpg Class
CLSID-{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
-------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
기본 AniGIFPpg2 Class
CurVer-AniGIFPpg2.AniGIFPpg2.1
-------------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
기본 AniGIFPpg2 Class
CLSID - {61AB12E1-A5FF-11D1-B2E9-444553540000}
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
1.5 -
\0 -
0\win32-C:\WINDOWS\system32\AniGIF.ocx
\FLAGS - 2
\HELPDIR - C:\WINDOWS\system32\
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}
기본 IAniGIF
\ProxyStubClsid - {00020424-0000-0000-C000-000000000046}
\ProxyStubClsid32 - {00020424-0000-0000-C000-000000000046}
\TypeLib - {82351433-9094-11D1-A24B-00A0C932C7DF}
           version 1.5
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}
\ProxyStubClsid - {00020420-0000-0000-C000-000000000046}
\ProxyStubClsid32 - {00020420-0000-0000-C000-000000000046}
\TypeLib - {82351433-9094-11D1-A24B-00A0C932C7DF}
           version 1.5
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\AniGIFCtrl.AniGIF
기본 Animation GIF Control
\CLSID - {82351441-9094-11D1-A24B-00A0C932C7DF}
\CurVer - AniGIFCtrl.AniGIF
\Insertable 
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\AniGIFPpg.AniGIFPpg
기본 AniGIFPpg Class
\CurVer - AniGIFPpg.AniGIFPpg.1
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\AniGIFPpg.AniGIFPpg.1
기본 AniGIFPpg Class
CLSID - {6DC82D15-92F2-11D1-A255-00A0C932C7DF}
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\AniGIFPpg2.AniGIFPpg2
기본 AniGIFPpg2 Class
\CurVer - AniGIFPpg2.AniGIFPpg2.1
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\AniGIFPpg2.AniGIFPpg2.1
기본 AniGIFPpg2 Class
\CLSID - {61AB12E1-A5FF-11D1-B2E9-444553540000}
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
기본 AniGIFPpg2 Class
\InprocServer32 - C:\WINDOWS\system32\AniGIF.ocx
                           ThreadingModel-Apartment
\Programmable 
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
기본 - AniGIFPpg Class
\InprocServer32 - C:\WINDOWS\system32\AniGIF.ocx
                           ThreadingModel - Apartment
\Programmable
-------------------------------------------------------------------
HKEY_CLASSES_ROOT\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
기본 Animation GIF Control
\Control
\InprocServer32 - C:\WINDOWS\system32\AniGIF.ocx
                           ThreadingModel - Apartment
\Insertable
\MiscStatus
기본 0
MiscStatus\1 - 131473

\ProgID - AniGIFCtrl.AniGIF
\Programmable
\ToolboxBitmap32 - C:\WINDOWS\system32\AniGIF.ocx, 1
\TypeLib - {82351433-9094-11D1-A24B-00A0C932C7DF}
\Verb
\verb\0 - &Properties,0,2
\Version - 1.5

C:\WINDOWS\system32\drivers\npf.sys