Quantcast

Jump to content

» «
Photo

Malware inside Angry Planes & Noclip Mod

1,124 replies to this topic
aboutseven
  • aboutseven

    Player Hater

  • Members
  • Joined: 14 May 2015
  • United-States

#1

Posted 14 May 2015 - 06:46 AM Edited by aboutseven, 20 May 2015 - 10:14 AM.

*
POPULAR

Because these two questions keep getting asked:
1. What do you do if your anti-virus removed or quarantined the files?
If your anti-virus removed or quarantined the virus, don't assume that you weren't affected. Still go through all the steps below and change passwords you believe are at risk.
2. What do you do if the files don't exist and your anti-virus didn't find or remove anything (or you don't have an anti-virus), but you still played the game with the mods installed?
If the files don't exist and your anti-virus didn't remove anything, but you still ran the mods, the virus could have still affected you and removed itself to cover its tracks. It's unknown if this is really the case but why run with the risk? Go through all the steps again to make sure, and then change your passwords.
 
Instructions on virus removal:
If these files do not exist, do not assume you weren't affected. The virus could have deleted itself after grabbing what it needed to cover its tracks, or your anti-virus could have deleted it after it grabbed what it needed.
If you have used the mods Angry Planes and/or Simple Noclip mod, then here is how to get rid of the virus, or check if it is still on your computer.
1. Press Ctrl+Shift+Esc, go to processes, and end the csc.exe process.
2. Go to your Temp folder at "C:\Users\*YOUR USER NAME*\AppData\Local\Temp"
3. Sort the files by date added, and find .z and init..exe and delete those. Some reports say that .z might be named differently, like .x.
4. Some people also reported an unnamed archive file (.zip or .rar) that could not be opened that looks like this: http://i.imgur.com/5an5ARa.png If this exists, delete it.
5. Then find a recently made folder, should be named something like this: https://i.imgur.com/knF3dAB.png (I believe that this is a randomly generated name for each person hit) and should contain Fade.exe. Delete this folder.
6. Type in regedit in your Start menu search, or regedit.exe using run.
7. Go to the path located at the bottom of this screenshot: https://i.imgur.com/bBtk8HM.png HKEY_USERS is the first folder you expand, and the folder after it is a long string of characters, different for each person. Choose the one without "Classes" at the end. The key we are looking for is "Shell". If you are using a custom shell, remove the string after it that leads to Fade.exe. If it just contains explorer.exe and nothing after it, it should be fine to either remove it or keep it the way it is. If you have no idea what I'm talking about, just remove "Shell".
8. In registry go to "HKEY_CURRENT_USER\Software\Microsoft\" and look for "Fade" and "Leep" and delete them. "Leep" might only be related to the Simple Noclip mod, as I did not have it.
9. There are also reports that a malicious GTA5.exe is placed inside the x64 in the GTA V directory, probably related to the Simple Noclip mod. Go to "C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\x64" and delete GTA5.exe if it exists.
10. Of course, remove the mods from GTA V. Do not re-add them. If the server that was grabbing information comes back online, you could be affected again if you decide to keep using the mods.
11. Consider running an anti-virus at this point, just to make sure you got all the instances.
12. Restart your computer to make sure all instances of Fade.exe are no longer running.
This is all that I currently know of for removing the virus, and I will try to update if more information is presented.
With how new the information is, I have no idea if this is a complete removal.
If in doubt, and you still don't feel safe, format and reinstall Windows. I reinstalled Windows myself just to be on the safe side.
 
Change your passwords!
If you have any doubt about being hit by the virus, don't ask if you should, just change your passwords. It's worth the hassle in the event your passwords were really stolen.
If you downloaded Angry Planes or the Simple Noclip mod and played GTA V with them, you were most likely hit with a keylogger or other methods of password grabbing such as getting passwords saved in your browsers, and I strongly suggest changing all passwords. Do the steps above first before changing them. Just because you don't see any of the files above, don't assume you weren't hit. The virus could have had a way of deleting itself from your computer to cover traces. I'd also suggest using something like Keepass in the future for keeping your passwords in an encrypted database, since it is very easy for something like a virus to grab saved passwords in web browsers.
 
Further analysis
User ckck has posted a further analysis on what the virus did here: http://gtaforums.com...entry1067465309
User master131 has posted another analysis with some more technical detail here: http://gtaforums.com...entry1067472143
 
 
 
Original post:
Hey all, first time posting here.
 
Please excuse my ignorance on this subject, as I could be over reacting about something I simply have no knowledge of, but this has definitely raised some red flags.
 
I came across something pretty startling today after reviewing my processes that were running on my computer. I tend to do this a lot out of paranoia, just checking that I don't have stuff running in the background that I don't want running, or if I ever possibly run into something that is out of the ordinary that could possibly be malware. I happened to notice that the Windows C# compiler running the background as csc.exe. I have never noticed noticed this running in the background, and there really is no reason for a C# compiler to be running in the background because I've never even programmed in C#. This is a normal system file, but I decided to pop open Process Explorer and took a look at the process in detail. First thing I noticed is that it was sending and receiving some data across the internet. That was the first red flag, as why would a compiler be accessing the internet? (Again ignorant on this subject, maybe compilers do connect to the internet for specific reasons that I do no know of). Second, not only was the normal system file of the .exe in the path url, but also an .exe located in my Temp folder called Fade.exe. I went to the location of this, and found the .exe with another folder called Data. Within that folder was another called Logs, and then two folders with recent dates, and within those were files called Session1.bin, Session2.bin, and so on.
 
Here are some images of the folder hierarchy and the files in question:
 
So sure enough, I'm freaking out at this point. The Fade.exe had hijacked an official system file, the C# Compiler, and was accessing the internet while keeping what seems to be logs of my system in the hidden temp directory. I then did a Malwarebytes scan and it reported that Fade.exe had also hijacked a part of the registry to force this program to start up on windows logon, as can be seen here: https://i.imgur.com/bBtk8HM.png
Also, two other files were created in the temp directory with the names .z and init..exe which can be seen here: https://i.imgur.com/jEds84Q.png
 
I did more research on this Fade.exe program, but couldn't find anything except for this single instance here which seems to fit the description perfectly: http://vms.drweb-av....irus/?i=4337630
For some reason, directly scanning the file with Malwarebytes reports that it is not malware, and only 3 out of 56 virus scanners found Fade.exe to be malicious (Update: the file is now being detected by more anti-virus, when originally posted it was at 3/56): https://www.virustot...a9336/analysis/
 
Now where does GTA V modding come into this? Well, I compared the date of when the Fade.exe instance was created to whatever I had in my download folder. I don't go around downloading random programs from non-trusted sources, so I couldn't believe that I had gotten a virus from a program. Well sure enough, I noticed all the mods that I had downloaded for GTA V had matched the date when this folder was created. I decided to experiment. I first deleted all instances of the Fade.exe folder, the files in the temp folder, and the registry hijack. I then ran GTA V with the mods installed. Fade.exe had returned after the game had loaded up (not to the menu screen, to the game itself), along with everything else. Again I removed the Fade.exe and all the other stuff, and I then removed all mods but ScriptHook V and its Native Trainer and relaunched the game. The first thing I noticed is that GTA V started up fullscreen when I did this, when it started windowed with the mods installed. Also, with the mods installed, I always noticed a flashing window right before the game finished loading which was gone after removing the mods. After starting up GTA V without the mods and only ScriptHook V, there was no Fade.exe or any other files.
 
Please note that all mods are .asi and .lua type mods. It's not like I ran some random program or something.
 
This brings me to you guys, because due to my ignorance, I have no idea if this is normal behavior or not. It sure doesn't look like normal behavior, especially considering that it hijacks the registry for windows startup, runs in the background without GTA V running, and seems to be contacting a server. Have mods ever been vulnerable to things like this before? I'm going to post this right now so people can go ahead and read it, but I'm going to try and update this with more information after I do some more testing to see which mod is causing this.
 
Update: The first mod that I found to be the culprit was Angry Planes, which can be found here: https://www.gta5-mod...ts/angry-planes
I tested it twice, I would remove the Fade.exe and all of the other files, load up GTA V with only Angry Planes installed, and the Fade.exe would appear with the registry hijacks and other files. Loading up GTA V without Angry Planes does not add any files, so I can only assume that this mod is the one causing it.
  • epoxi, Hanneswasco, Maxrevv and 53 others like this

Silent
  • Silent

    Altering R* Vision™ since 2008

  • GTA Mods Staff
  • Joined: 01 Feb 2010
  • Poland
  • Contribution Award [Mods]
    Best Script/Plugin 2014 [SilentPatch]
    Most Respected 2014
    Most Helpful [Mods] 2014
    Most Helpful [GTA] 2013
    Most Helpful [Mods] 2013
    Most Talented [Modding] 2013
    Best Map 2013 [ViceCityStories PC Edition]
    Best Vehicle 2013 [III Aircraft]
    Most Helpful [Mods] 2012
    Modder of the Year 2012

#2

Posted 14 May 2015 - 08:45 AM Edited by Silent, 14 May 2015 - 08:57 AM.

That's the second time I see someone associating this Fade thing with V mods, yet this time it's a different mod... Interesting.

EDIT:

The other rogue mod was this:
http://gtaforums.com...-simple-noclip/

Need to look into this matter as it seems quite suspicious. Sucks.
  • zerGoot, Snoops27, Z i X and 1 other like this

sasuke78200
  • sasuke78200

    Time moves forward and nothing change

  • Feroci
  • Joined: 07 Nov 2010
  • None

#3

Posted 14 May 2015 - 09:48 AM Edited by sasuke78200, 14 May 2015 - 09:49 AM.

I analyzed the .asi, and yes it seems to be installing a malware on the temp directory.

Don't run it !

 

 

(For those who want to see it, right after the .asi register the script thread, it create a Thread (with CreateThread), look at this thread you'll see the thing)


Alexander Blade
  • Alexander Blade

    Come As You Are

  • Members
  • Joined: 05 Nov 2006
  • None
  • Major Contribution Award [Mods]

#4

Posted 14 May 2015 - 10:19 AM Edited by Alexander Blade, 14 May 2015 - 10:19 AM.

Confirmed , noclip as well as angry planes are with malware , Fade.exe is password stealer , chage every password you have including steam .

  • Zer0w5, ffzero58, Shayd80 and 12 others like this

Zer0w5
  • Zer0w5

    There are no stupid questions, just stupid people.

  • Members
  • Joined: 07 Dec 2008
  • None

#5

Posted 14 May 2015 - 10:59 AM Edited by Zer0w5, 14 May 2015 - 11:12 AM.

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mod...pter-rappel-mod


DarklyinDarkness
  • DarklyinDarkness

    Player Hater

  • New Members
  • Joined: 14 May 2015
  • Australia

#6

Posted 14 May 2015 - 11:18 AM

OK, wow, this actually really sucks. I only ran the NoClip mod once, so there's no Fade.exe sh*t anywhere on my system except a .ini file which i got rid of quick. 


Alexander Blade
  • Alexander Blade

    Come As You Are

  • Members
  • Joined: 05 Nov 2006
  • None
  • Major Contribution Award [Mods]

#7

Posted 14 May 2015 - 11:18 AM

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mod...pter-rappel-mod

  • Zer0w5 and RyanBurnsRed like this

ikt
  • ikt

    Toot!

  • Members
  • Joined: 02 Oct 2006
  • None

#8

Posted 14 May 2015 - 11:20 AM Edited by ikt, 14 May 2015 - 11:21 AM.

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.
 
can someone check if this one is clean too?
https://www.gta5-mod...pter-rappel-mod

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them. You're now essentially free to do whatever the heck you want in those dll files, and normal users won't reverse-engineer it.
  • McDodge34, henriquedematos, Alvarez and 2 others like this

DarklyinDarkness
  • DarklyinDarkness

    Player Hater

  • New Members
  • Joined: 14 May 2015
  • Australia

#9

Posted 14 May 2015 - 11:21 AM

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mod...pter-rappel-mod

 

You mind researching into the Simple Native Trainer mod please??

 

Nah, jk


Zer0w5
  • Zer0w5

    There are no stupid questions, just stupid people.

  • Members
  • Joined: 07 Dec 2008
  • None

#10

Posted 14 May 2015 - 11:21 AM

Yeah now I wouldn't know which .asi files would be clean thanks to the bastards who are infecting it.

  • fefenc likes this

Alexander Blade
  • Alexander Blade

    Come As You Are

  • Members
  • Joined: 05 Nov 2006
  • None
  • Major Contribution Award [Mods]

#11

Posted 14 May 2015 - 11:23 AM

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.
 
can someone check if this one is clean too?
https://www.gta5-mod...pter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

  • BlackScout likes this

DarklyinDarkness
  • DarklyinDarkness

    Player Hater

  • New Members
  • Joined: 14 May 2015
  • Australia

#12

Posted 14 May 2015 - 11:24 AM

 

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.
 
can someone check if this one is clean too?
https://www.gta5-mod...pter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

 

Excuse me, but what are you using to check if the ASI files are without Fade.exe?


ikt
  • ikt

    Toot!

  • Members
  • Joined: 02 Oct 2006
  • None

#13

Posted 14 May 2015 - 11:33 AM

What will it change since they can publish clean source among with infected binary .
 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.
 
can someone check if this one is clean too?
https://www.gta5-mod...pter-rappel-mod

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.


It's easier for people to check if the compiled clean binary matches the released binary and red-flag the mod if it doesn't check out. It might even be integrateable on modding websites, which compiles the source on uploading on their servers, ensuring safety.

Silent
  • Silent

    Altering R* Vision™ since 2008

  • GTA Mods Staff
  • Joined: 01 Feb 2010
  • Poland
  • Contribution Award [Mods]
    Best Script/Plugin 2014 [SilentPatch]
    Most Respected 2014
    Most Helpful [Mods] 2014
    Most Helpful [GTA] 2013
    Most Helpful [Mods] 2013
    Most Talented [Modding] 2013
    Best Map 2013 [ViceCityStories PC Edition]
    Best Vehicle 2013 [III Aircraft]
    Most Helpful [Mods] 2012
    Modder of the Year 2012

#14

Posted 14 May 2015 - 11:35 AM Edited by Silent, 14 May 2015 - 11:47 AM.

What surprises me is that it gets 0 hits on virustotal. Also couldn't find anything weird in the disassembly.

f*cking c*nts.


EDIT:

Checked, it's indeed there. Thanks, sasuke78200 :^:
  • Zer0w5, sasuke78200, Ss4gogeta0 and 5 others like this

iloominaty
  • iloominaty

    Player Hater

  • New Members
  • Joined: 28 Apr 2015
  • Norway

#15

Posted 14 May 2015 - 11:57 AM

 

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.
 
can someone check if this one is clean too?
https://www.gta5-mod...pter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

 

Cant you just match the md5 hash with the compiled source with the downloaded mod?


FlyingSligGuard
  • FlyingSligGuard

    Vape Nash y'all!

  • Members
  • Joined: 03 Sep 2014
  • Portugal

#16

Posted 14 May 2015 - 12:06 PM

sh*t, I loved the Angry Planes mod. Does somebody know if it steals saved passwords (i.e. my Steam autologins because I saved my details and told the client to log at boot, not needing to enter any password) ?

 

 

What will it change since they can publish clean source among with infected binary .

 

Well, paranoid people would be able to read the code, see if contains any malware and then compile it themselves. If the modder published an infected binary and clean source, it would be one less infection for those who compiled in their machine.

  • Alvarez likes this

MagikarpIsOP
  • MagikarpIsOP

    Player Hater

  • Members
  • Joined: 14 May 2015
  • None

#17

Posted 14 May 2015 - 12:08 PM

Having used the angry planes mod in the past.. I don't have any of those files "fade.exe" etc.. Can someone enlight me on this?

  • Luuno likes this

sasuke78200
  • sasuke78200

    Time moves forward and nothing change

  • Feroci
  • Joined: 07 Nov 2010
  • None

#18

Posted 14 May 2015 - 12:09 PM

sh*t, I loved the Angry Planes mod. Does somebody know if it steals saved passwords (i.e. my Steam autologins because I saved my details and told the client to log at boot, not needing to enter any password) ?

 

 

What will it change since they can publish clean source among with infected binary .

 

Well, paranoid people would be able to read the code, see if contains any malware and then compile it themselves. If the modder published an infected binary and clean source, it would be one less infection for those who compiled in their machine.

 

Change your steam credentials, since you use the autologin feature, it means that the password it stored somewhere in your HDD.

  • FlyingSligGuard likes this

Silent
  • Silent

    Altering R* Vision™ since 2008

  • GTA Mods Staff
  • Joined: 01 Feb 2010
  • Poland
  • Contribution Award [Mods]
    Best Script/Plugin 2014 [SilentPatch]
    Most Respected 2014
    Most Helpful [Mods] 2014
    Most Helpful [GTA] 2013
    Most Helpful [Mods] 2013
    Most Talented [Modding] 2013
    Best Map 2013 [ViceCityStories PC Edition]
    Best Vehicle 2013 [III Aircraft]
    Most Helpful [Mods] 2012
    Modder of the Year 2012

#19

Posted 14 May 2015 - 12:09 PM

Cant you just match the md5 hash with the compiled source with the downloaded mod?


Doubt it. Especially if you use a different compiler than the author.
 
 

sh*t, I loved the Angry Planes mod. Does somebody know if it steals saved passwords (i.e. my Steam autologins because I saved my details and told the client to log at boot, not needing to enter any password) ?


Safer to change them, I guess. This seems like a well sealed malware, so f*ck knows what it does.
  • sasuke78200, RoachKiller_416 and FlyingSligGuard like this

Ss4gogeta0
  • Ss4gogeta0

    Modding again

  • Members
  • Joined: 24 May 2011
  • United-States

#20

Posted 14 May 2015 - 12:09 PM

i believe Fade.exe originated in belgium, no?

 

could someone possibly toss me the exe? I want to do some research into it.

  • Snoops27 and vicboh0413 like this

Jax765
  • Jax765

    .

  • Members
  • Joined: 29 Jan 2010
  • None

#21

Posted 14 May 2015 - 12:13 PM

Yeah, looking at my malwarebytes history, it quarantined a trojan called init.exe the same day I first used Angry Planes. f*ck that mod author.


Silent
  • Silent

    Altering R* Vision™ since 2008

  • GTA Mods Staff
  • Joined: 01 Feb 2010
  • Poland
  • Contribution Award [Mods]
    Best Script/Plugin 2014 [SilentPatch]
    Most Respected 2014
    Most Helpful [Mods] 2014
    Most Helpful [GTA] 2013
    Most Helpful [Mods] 2013
    Most Talented [Modding] 2013
    Best Map 2013 [ViceCityStories PC Edition]
    Best Vehicle 2013 [III Aircraft]
    Most Helpful [Mods] 2012
    Modder of the Year 2012

#22

Posted 14 May 2015 - 12:14 PM Edited by Silent, 14 May 2015 - 12:14 PM.

could someone possibly toss me the exe? I want to do some research into it.


> implying you can do RE


Yeah, looking at my malwarebytes history, it quarantined a trojan called init.exe the same day I first used Angry Planes. f*ck that mod author.


Well indeed. init.exe IS a thing inside this ASI too.
  • sasuke78200, Ss4gogeta0 and Murray Bunyan like this

MagikarpIsOP
  • MagikarpIsOP

    Player Hater

  • Members
  • Joined: 14 May 2015
  • None

#23

Posted 14 May 2015 - 12:18 PM

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.


Jax765
  • Jax765

    .

  • Members
  • Joined: 29 Jan 2010
  • None

#24

Posted 14 May 2015 - 12:19 PM

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?


Silent
  • Silent

    Altering R* Vision™ since 2008

  • GTA Mods Staff
  • Joined: 01 Feb 2010
  • Poland
  • Contribution Award [Mods]
    Best Script/Plugin 2014 [SilentPatch]
    Most Respected 2014
    Most Helpful [Mods] 2014
    Most Helpful [GTA] 2013
    Most Helpful [Mods] 2013
    Most Talented [Modding] 2013
    Best Map 2013 [ViceCityStories PC Edition]
    Best Vehicle 2013 [III Aircraft]
    Most Helpful [Mods] 2012
    Modder of the Year 2012

#25

Posted 14 May 2015 - 12:19 PM

The malware might as well be self-nuking. It's safer to assume you did get infected.
  • Snoops27 likes this

MagikarpIsOP
  • MagikarpIsOP

    Player Hater

  • Members
  • Joined: 14 May 2015
  • None

#26

Posted 14 May 2015 - 12:20 PM

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.


Jax765
  • Jax765

    .

  • Members
  • Joined: 29 Jan 2010
  • None

#27

Posted 14 May 2015 - 12:22 PM

 

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

 

 

Check your malwarebytes history. See if it's got a quarantined trojan in there.


MagikarpIsOP
  • MagikarpIsOP

    Player Hater

  • Members
  • Joined: 14 May 2015
  • None

#28

Posted 14 May 2015 - 12:23 PM

 

 

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

 

 

Check your malwarebytes history. See if it's got a quarantined trojan in there.

 

I instaled malwaresbytes now.. Im running a scan.

 

Kaspersky detected nothing and the .asi file seemed "clean". Maybe he updated the mod recently and added this? (I had the files from some days ago)


Jax765
  • Jax765

    .

  • Members
  • Joined: 29 Jan 2010
  • None

#29

Posted 14 May 2015 - 12:24 PM

 

 

 

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

 

 

Check your malwarebytes history. See if it's got a quarantined trojan in there.

 

I instaled malwaresbytes now.. Im running a scan.

 

Kaspersky detected nothing and the .asi file seemed "clean". Maybe he updated the mod recently and added this? (I had the files from some days ago)

 

 

I mean check your history. At the top of the window, next to settings. It should show your quarantine.


MagikarpIsOP
  • MagikarpIsOP

    Player Hater

  • Members
  • Joined: 14 May 2015
  • None

#30

Posted 14 May 2015 - 12:26 PM

Once again, nothing from kaspersky and malwares is running the scan still.

 

We kinda need more info on this if possible. (And thanks for the help)





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users