Jump to content
Forum Rules
Official Modification Forum Rules
GTAMods Wiki
GRAND THEFT AUTO VI INFODUMP DISCUSSION FORUM - TRAILER, SCREENSHOTS, ARTWORK

Malware inside Angry Planes & Noclip Mod

aboutseven

By aboutseven
in GTA V

 Share

Recommended Posts

MHVuze

MHVuze

Posted
Posted

 

Do you happen to have a link to the information about x64/GTA5.exe? I couldn't find anything like that in my case, so I believe this might have been a different mod (NoClip?) that has done this.

 

Might be a noclip thing. I never had the plane mod installed and found the gta5.exe.

james_uk

james_uk

Posted
Posted

I got caught out by this one. In my case, it came from the Angry Planes mod. AVG flagged up the fade.exe and the init.exe files within temp when I started my computer the next day. Interestingly enough, the registry entries referred to in this thread weren't present in my registry so I don't know if the malware fully executed or not... I've changed my critical passwords just to play it safe. Can't believe these bastards would target the GTA V modding community in such an early stage of growth. All it serves to do is create distrust amongst others :(

Igor Bogdanoff

Igor Bogdanoff

Posted
Posted

 

Why don't just report him to right authorities?

 

Because it would make the same effect as throwing a small rock in the sea.

 

come on police cannot be that useless.

Silent

Silent

Posted
Posted

Where does Fade come from?

Angry Planes and one of NoClip flavours. ie. the original reason OP posted.

Snowshoe

Snowshoe

Posted
Posted (edited)

I see so many people asking the same questions over and over... Am I infected? If my antivirus caught it, am I good to go?

These are the things you need to look out for to see if you're infected, from my observation:

 

  • NoClip or Angry Planes ASI mods installed, and you ran the game at least once with these mods.
  • A process named "csc.exe" (Visual C# Compiler) running in Task Manager. This is a legit file but is being used/hijacked by the malware.
  • Suspicious files in AppData temp folder such as: Fade.exe, init..exe (also with nonsensical icons, such as the HTML5 logo :D )
  • File in GTAV's x64 folder named GTAV.exe
  • Registry entries pointing to a Fade.exe file

You might also see .bin files with the malware, basically logs that are being sent to the server every few days. They are encrypted so don't bother trying to read with a regular text editor.

Edited by Snowshoe
Michael5074

Michael5074

Posted
Posted (edited)

I knew it would be too good to be true to actually get mods so soon.And i avoided downloading any kind of modification for the game till now and i am proud i did so.Hopefully they will make The GTA modding community as good as it was when SA was a mainstream modding project

Edited by Michael5074
Silent

Silent

Posted
Posted

I mean web address (if it's being downloaded like GTA5.exe)

Probably embedded inside init.exe or so.

Naean

Naean

Posted
Posted (edited)

It's trying to mimic GTA V, but didn't even get it all right :p

 

*Images snip.*

The most glaring warning signs, even before opening the Details tab, is the incorrect file icon and the very apparent lack of a Digital Signatures tab.

Edited by Nez Man
Prof_Farnsworth

Prof_Farnsworth

Posted
Posted

 

Im just going to format, f*ck it.

at this moment i wish i had a dvd drive lol only time i actually need one why can't windows release on usb sticks or be cloud downloaded with settings and everything

 

OT but it is easy to install windows from usb, anything 7 and below that is. Haven't tried myself with 8 or 10 yet. PM me if you need a link.

bilago

bilago

Posted
Posted

Do you have to actively enable the mod in game for it to execute or just starting the game with the mod loaded by scripthook will do it? I cannot find any symptoms listed in the first post, but I used a mod folder from a user of my manager as a test to troubleshoot an issue and noclip.asi is one of the mods.

Silent

Silent

Posted
Posted

Do you have to actively enable the mod in game for it to execute or just starting the game with the mod loaded by scripthook will do it? I cannot find any symptoms listed in the first post, but I used a mod folder from a user of my manager as a test to troubleshoot an issue and noclip.asi is one of the mods.

Apparently you have to launch the game, ie. new game/load a save.

cp1dell

cp1dell

Posted
Posted (edited)

I knew it would be too good to be true to actually get mods so soon.And i avoided downloading any kind of modification for the game tillnow and i am proud i did so.Hopefully they will make The GTA modding community as good as it was when SA was a minstream modding project

It's not "too good to be true." We still got mods and scripts working within a few weeks of release. This is just a case of one asshole taking advantage of the trust modders are given when download scripts and such.

 

Has this ever happened before with GTA mods? First time I've heard of someone putting malware inside a script. Anything that can be done to prevent this from happening again?

Edited by cp1dell
aboutseven

aboutseven

Posted
  • Author
Posted

Do you have to actively enable the mod in game for it to execute or just starting the game with the mod loaded by scripthook will do it? I cannot find any symptoms listed in the first post, but I used a mod folder from a user of my manager as a test to troubleshoot an issue and noclip.asi is one of the mods.

From my experience, it wasn't until you were actually in the game. Going to the menu didn't seem to execute anything. I assume ScriptHook V works by waiting until you are in the game and then executing whatever scripts you have installed.

Sergeeeek

Sergeeeek

Posted
Posted (edited)

 

Do you have to actively enable the mod in game for it to execute or just starting the game with the mod loaded by scripthook will do it? I cannot find any symptoms listed in the first post, but I used a mod folder from a user of my manager as a test to troubleshoot an issue and noclip.asi is one of the mods.

Apparently you have to launch the game, ie. new game/load a save.

 

 

Looks the idiot has put it into the script logic so it executes only when you actually get into the game, not when asi loads, if I understand correctly.

Edited by Sergeeeek
Silent

Silent

Posted
Posted

Looks the idiot has put it into the script logic so it executes only when you actually get into the game, not when asi loads, if I understand correctly.

Yes, it's inside one of the defined functions or whatever. ScriptHook related stuff.

DxY

DxY

Posted
Posted

Maybe it was only me but my ".z" file didn't had a name (when I tried to open it, an error message appeared telling me that there was a problem opening .z) and it was a WinRar file

 

5an5ARa.png

 

This needs to be shown in the orignal post by OP

Mine was like a winrar file too with no name.

 

Also, do I have to delete csc.exe? Or is that a safe windows file?

I managed to remove everything OP said to remove, and for now my gta will remain unmodded and will be changing all passwords ASAP.

ZZCOOL

ZZCOOL

Posted
Posted

 

 

Im just going to format, f*ck it.

at this moment i wish i had a dvd drive lol only time i actually need one why can't windows release on usb sticks or be cloud downloaded with settings and everything

 

OT but it is easy to install windows from usb, anything 7 and below that is. Haven't tried myself with 8 or 10 yet. PM me if you need a link.

 

problem is my disc is somewhere stuck in some dvd drive somewhere in my room disconnected but sure i'll send a pm

 

also i loved your iv mods they were amazing hope to see you come back for v

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • 0 User Currently Viewing
    0 members, 0 Anonymous, 0 Guests

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.

  I accept