As an evil virus author, I would add another twist: make the plain-text part of the virus install the font (we know it does so). Few moments later, from within the encrypted code, uninstall the font (we have no clues what that code actually does).
Unsuspecting folks would devise infection detectors, which will give nice "false negatives".
Pity. I was hoping that this would be a clever part of systemic offensive. Like forcing laser printer to release deadly toner fumes by downloading evil curves of this font. Or making its kerning so bad that the users would collapse with severe headaches.
Judging from the infection vector (i.e. USB sticks), I suspect that the targets are off-line, or at least heavily firewalled. Mind you, the target is most probably some military facility, likely in Iran. I don't think navigating to a non-white-listed web page wouldn't raise alarm, from the virus author's point of view an unnecessary complication.
Does somebody know whether there is that font ("Palida Narrow") available?
One of my guesses is that both the PATH element and the Program Files item are linked to a single application. That way, as long as the application is installed, the payload would be decryptable. The name check suggests that the application is some in-house project, probably not publicly released.
But maybe the "trigger" is an application in certain environment. Then the Program File would determine application presence. Then the expected item of PATH could refer to some network share, mapped disk, e.g. T:\Repository\bin. Such combination would be pretty unique and therefore an ideal "trigger", IMHO.
I really recommend them, the gear they offer is worth checking! (Now if they made some armored luggage for my camera, I would be really happy.)
Global climate change -- it doesn't bother me. What does bother me, being a "Global Warming denier," is the sudden MADNESS that has stricken deeply into the nation and the world over the last few months. I am truly amazed by the phenomenon. Amazed that the mainstream has become mesmerized by it, entangled in the unscientific propaganda. And amazed at the speed at which it has spread.
It's a naive, domestic operating system without any breeding, but I think you'll be amused by its presumption.