Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    1. GTANet.com

    1. GTA Online

      1. Los Santos Tuners
      2. Updates
      3. Find Lobbies & Players
      4. Guides & Strategies
      5. Vehicles
      6. Content Creator
      7. Help & Support
    2. Red Dead Online

      1. Blood Money
      2. Frontier Pursuits
      3. Find Lobbies & Outlaws
      4. Help & Support
    3. Crews

    1. GTA San Andreas

      1. Classic GTA SA
      2. Guides & Strategies
      3. Help & Support
    2. GTA Vice City

      1. Classic GTA VC
      2. Guides & Strategies
      3. Help & Support
    3. GTA III

      1. Classic GTA III
      2. Guides & Strategies
      3. Help & Support
    1. Grand Theft Auto Series

      1. St. Andrews Cathedral
    2. GTA VI

    3. GTA V

      1. Guides & Strategies
      2. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. Portable Games

      1. GTA Chinatown Wars
      2. GTA Vice City Stories
      3. GTA Liberty City Stories
    6. Top-Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. Red Dead Redemption 2

      1. PC
      2. Help & Support
    2. Red Dead Redemption

    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. Design Your Own Mission
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Movies & TV
      5. Music
      6. Sports
      7. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Announcements

      1. GTANet 20th Anniversary
    2. Support

    3. Suggestions

Malware inside Angry Planes & Noclip Mod


aboutseven
 Share

Recommended Posts

That's the second time I see someone associating this Fade thing with V mods, yet this time it's a different mod... Interesting.

 

EDIT:

 

The other rogue mod was this:

http://gtaforums.com/topic/790315-vrel-simple-noclip/

 

Need to look into this matter as it seems quite suspicious. Sucks.

Edited by Silent
Link to comment
Share on other sites

I analyzed the .asi, and yes it seems to be installing a malware on the temp directory.

Don't run it !

 

 

(For those who want to see it, right after the .asi register the script thread, it create a Thread (with CreateThread), look at this thread you'll see the thing)

Edited by sasuke78200
Link to comment
Share on other sites

Confirmed , noclip as well as angry planes are with malware , Fade.exe is password stealer , chage every password you have including steam .

Edited by Alexander Blade
Link to comment
Share on other sites

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

Edited by Zer0w5
Link to comment
Share on other sites

DarklyinDarkness

OK, wow, this actually really sucks. I only ran the NoClip mod once, so there's no Fade.exe sh*t anywhere on my system except a .ini file which i got rid of quick.

Link to comment
Share on other sites

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

  • Like 2
Link to comment
Share on other sites

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them. You're now essentially free to do whatever the heck you want in those dll files, and normal users won't reverse-engineer it. Edited by ikt
Link to comment
Share on other sites

Yeah now I wouldn't know which .asi files would be clean thanks to the bastards who are infecting it.

Link to comment
Share on other sites

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

can someone check if this one is clean too?
https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

  • Like 1
Link to comment
Share on other sites

DarklyinDarkness

 

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

 

Excuse me, but what are you using to check if the ASI files are without Fade.exe?

Link to comment
Share on other sites

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

 

It's easier for people to check if the compiled clean binary matches the released binary and red-flag the mod if it doesn't check out. It might even be integrateable on modding websites, which compiles the source on uploading on their servers, ensuring safety.

Link to comment
Share on other sites

What surprises me is that it gets 0 hits on virustotal. Also couldn't find anything weird in the disassembly.

 

f*cking c*nts.

 

 

EDIT:

 

Checked, it's indeed there. Thanks, @sasuke78200 :^:

Edited by Silent
Link to comment
Share on other sites

 

What will it change since they can publish clean source among with infected binary .

 

 

It's clean

I'm glad you researched into these files, now to make sure those files get removed on gta5-mods too.

 

can someone check if this one is clean too?

https://www.gta5-mods.com/scripts/airtaxi-helicopter-rappel-mod

 

If this becomes a really big problem, can't you force all ScriptHookV using mods to have their source code published? It'd make it harder to include malware in them.

 

 

Cant you just match the md5 hash with the compiled source with the downloaded mod?

Link to comment
Share on other sites

FlyingSligGuard

sh*t, I loved the Angry Planes mod. Does somebody know if it steals saved passwords (i.e. my Steam autologins because I saved my details and told the client to log at boot, not needing to enter any password) ?

 

 

What will it change since they can publish clean source among with infected binary .

 

Well, paranoid people would be able to read the code, see if contains any malware and then compile it themselves. If the modder published an infected binary and clean source, it would be one less infection for those who compiled in their machine.

Link to comment
Share on other sites

Having used the angry planes mod in the past.. I don't have any of those files "fade.exe" etc.. Can someone enlight me on this?

Link to comment
Share on other sites

sh*t, I loved the Angry Planes mod. Does somebody know if it steals saved passwords (i.e. my Steam autologins because I saved my details and told the client to log at boot, not needing to enter any password) ?

 

 

What will it change since they can publish clean source among with infected binary .

 

Well, paranoid people would be able to read the code, see if contains any malware and then compile it themselves. If the modder published an infected binary and clean source, it would be one less infection for those who compiled in their machine.

 

Change your steam credentials, since you use the autologin feature, it means that the password it stored somewhere in your HDD.

  • Like 1
Link to comment
Share on other sites

Cant you just match the md5 hash with the compiled source with the downloaded mod?

Doubt it. Especially if you use a different compiler than the author.

 

 

 

sh*t, I loved the Angry Planes mod. Does somebody know if it steals saved passwords (i.e. my Steam autologins because I saved my details and told the client to log at boot, not needing to enter any password) ?

Safer to change them, I guess. This seems like a well sealed malware, so f*ck knows what it does.

  • Like 3
Link to comment
Share on other sites

i believe Fade.exe originated in belgium, no?

 

could someone possibly toss me the exe? I want to do some research into it.

  • Like 2
Link to comment
Share on other sites

Yeah, looking at my malwarebytes history, it quarantined a trojan called init.exe the same day I first used Angry Planes. f*ck that mod author.

Link to comment
Share on other sites

could someone possibly toss me the exe? I want to do some research into it.

> implying you can do RE

 

 

 

Yeah, looking at my malwarebytes history, it quarantined a trojan called init.exe the same day I first used Angry Planes. f*ck that mod author.

Well indeed. init.exe IS a thing inside this ASI too.

Edited by Silent
  • Like 3
Link to comment
Share on other sites

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

Link to comment
Share on other sites

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

Link to comment
Share on other sites

The malware might as well be self-nuking. It's safer to assume you did get infected.

Link to comment
Share on other sites

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

Link to comment
Share on other sites

 

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

 

 

Check your malwarebytes history. See if it's got a quarantined trojan in there.

Link to comment
Share on other sites

 

 

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

 

 

Check your malwarebytes history. See if it's got a quarantined trojan in there.

 

I instaled malwaresbytes now.. Im running a scan.

 

Kaspersky detected nothing and the .asi file seemed "clean". Maybe he updated the mod recently and added this? (I had the files from some days ago)

Link to comment
Share on other sites

 

 

 

 

Sorry for bumping.. But this is a important question.

 

Like many people, i've used that mod.. But i don't have any of those files in my system.. Why is it different for me then? Can't really understant that.

 

Do you have malwarebytes or any other anti-malware software?

 

 

Im running malwarebytes now and i use Kaspersky.. But since this comes from a mod im kinda sceptical, this is a new low.

 

 

Check your malwarebytes history. See if it's got a quarantined trojan in there.

 

I instaled malwaresbytes now.. Im running a scan.

 

Kaspersky detected nothing and the .asi file seemed "clean". Maybe he updated the mod recently and added this? (I had the files from some days ago)

 

 

I mean check your history. At the top of the window, next to settings. It should show your quarantine.

Link to comment
Share on other sites

Once again, nothing from kaspersky and malwares is running the scan still.

 

We kinda need more info on this if possible. (And thanks for the help)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • 3 Users Currently Viewing
    0 members, 0 Anonymous, 3 Guests

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.