Mr Dazza Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464190 Share on other sites More sharing options...
Alexander Blade Posted May 14, 2015 Share Posted May 14, 2015 asi shows clean because antivirus has no signature match , so it goes into dynamic analysis i.e. emulating library execution and finds still nothing because this stuff is called only when script starts ingame (no proper environment for antivirus) , so there will be signatures in av bases soon for the downloader function inside asi , signatures for logger which it is downloading are already in 1/4 of antiviruses cowabunga, Darth_Clark and Inco 3 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464193 Share on other sites More sharing options...
MagikarpIsOP Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Same here. This is exactly my point. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464203 Share on other sites More sharing options...
TJGM Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Did you run the game with the mod installed? Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464205 Share on other sites More sharing options...
Mr Dazza Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Did you run the game with the mod installed? Yeah, a while back though.. maybe it deleted its self.. Why the f*ck would people do this, seriously. Benie 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464210 Share on other sites More sharing options...
TJGM Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Did you run the game with the mod installed? Yeah, a while back though.. maybe it deleted its self.. Why the f*ck would people do this, seriously. Possibly, or your anti-virus picked it up. Check your anti-virus history and see what files it picked up as malware over the past week or so. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464221 Share on other sites More sharing options...
MagikarpIsOP Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Did you run the game with the mod installed? Yeah, a while back though.. maybe it deleted its self.. Why the f*ck would people do this, seriously. Heisenberg is exactly saying what i wanna say. (Good words!) Im also worried it deleted itself, anyone that used this mod should change passwords anyway. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464224 Share on other sites More sharing options...
Jax765 Posted May 14, 2015 Share Posted May 14, 2015 Ive looked into my temp directories, scanned the asi and everything else, but i cant find any trace of the file doing what you are saying its done.. i cant see csc.exe, i cant see fade.exe anywhere either.. am I just blind or am I clean? Do I need the mod installed for it to do any harm? Ive had it installed once, but now its just sitting in my mod manager.. Did you run the game with the mod installed? Yeah, a while back though.. maybe it deleted its self.. Why the f*ck would people do this, seriously. Check your anti-virus history? Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464225 Share on other sites More sharing options...
Mr Dazza Posted May 14, 2015 Share Posted May 14, 2015 Oh f*ck.. http://prntscr.com/753boo What do? WAT DO? Am I okay if the antivirus picked it up? Has it ceased to go furhter? Are my passwords safe? Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464231 Share on other sites More sharing options...
MarshallRawR Posted May 14, 2015 Share Posted May 14, 2015 Oh f*ck.. http://prntscr.com/753boo What do? WAT DO? Am I okay if the antivirus picked it up? Has it ceased to go furhter? Are my passwords safe? There's some cleanup to do (regedit.exe, then search "Winlogon" and remove the extra it added Delete all of it traces and change password I my guess. Dock 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464234 Share on other sites More sharing options...
MagikarpIsOP Posted May 14, 2015 Share Posted May 14, 2015 Oh f*ck.. http://prntscr.com/753boo What do? WAT DO? Am I okay if the antivirus picked it up? Has it ceased to go furhter? Are my passwords safe? Change them asap. (Also, which software detected that?) Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464236 Share on other sites More sharing options...
Mr Dazza Posted May 14, 2015 Share Posted May 14, 2015 Oh f*ck.. http://prntscr.com/753boo What do? WAT DO? Am I okay if the antivirus picked it up? Has it ceased to go furhter? Are my passwords safe? Change them asap. (Also, which software detected that?) My antivirus is Avast. That detected it. Oh f*ck.. http://prntscr.com/753boo What do? WAT DO? Am I okay if the antivirus picked it up? Has it ceased to go furhter? Are my passwords safe? There's some cleanup to do (regedit.exe, then search "Winlogon" and remove the extra it added Delete all of it traces and change password I my guess. That file isn't there. Shell wasn't there, it seemed clean. Ill give it another look over and start changing my passwords for maximum safety. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464240 Share on other sites More sharing options...
Grichka Bogdanoff Posted May 14, 2015 Share Posted May 14, 2015 Just deleted both init.exe and fade.exe . Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464241 Share on other sites More sharing options...
MagikarpIsOP Posted May 14, 2015 Share Posted May 14, 2015 Is it possible that Kaspersky might stopped this? Im genuinely confused since im yet to find any of this files. Will keep scanning etc. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464245 Share on other sites More sharing options...
Mr.Arrow Posted May 14, 2015 Share Posted May 14, 2015 (edited) shiiiiit I got Fade.exe am I f*cked????? My computer has OS password too sh*t Edited May 14, 2015 by Cyberzone2 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464248 Share on other sites More sharing options...
Im So HM02 Posted May 14, 2015 Share Posted May 14, 2015 (edited) Hmm... I installed NoClip the day it came out and used it for about an hour all up. I have MBAM but don't have the active protection on. Nothing suspicious in my registry and no files in my temp folder (although I do a regular clean up of these). Is it possible it deleted its own registry keys? Edited May 14, 2015 by Im So HM02 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464252 Share on other sites More sharing options...
Mr.Arrow Posted May 14, 2015 Share Posted May 14, 2015 f*ck that mod author seriously Benie 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464261 Share on other sites More sharing options...
GtaGamer2222 Posted May 14, 2015 Share Posted May 14, 2015 (edited) WTF.. Thanks for the Post OP. guys i deleted init.exe and fade.exe also i cleared the registry as MarshallRawR said is there anything i need to do ? I'm really worried right now Edited May 14, 2015 by GtaGamer2222 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464263 Share on other sites More sharing options...
TJGM Posted May 14, 2015 Share Posted May 14, 2015 WTF.. Thanks for the Post OP. guys i deleted init.exe and fade.exe also i cleared the registry as MarshallRawR said is there anything i need to do ? I'm really worried right now Change all your passwords. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464275 Share on other sites More sharing options...
MagikarpIsOP Posted May 14, 2015 Share Posted May 14, 2015 (edited) Is it possible that Kaspersky might stopped this? Im genuinely confused since im yet to find any of this files. Will keep scanning etc. Nothing from a full scan of malwarebytes and also nothing from a scan in the appdata folder. I seem to be the only here that is "safe".. And i don't like that. Edited May 14, 2015 by MagikarpIsOP Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464278 Share on other sites More sharing options...
Grichka Bogdanoff Posted May 14, 2015 Share Posted May 14, 2015 (edited) Damn... Steam's asking my password does not recognise it... :| I just changed my Steam Guard setting btw. Now it send me an email if someone wants to log in. Edited May 14, 2015 by m3tal z_DKI Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464279 Share on other sites More sharing options...
Drkz Posted May 14, 2015 Share Posted May 14, 2015 (edited) And that's why i refuse to use .asi whatsoever for anything else than mandatory tools like OpenIV. If you want to do a menu or some easy script use .lua. There's no need to clutter everything with .asi files. Edited May 14, 2015 by Drkz Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464286 Share on other sites More sharing options...
Mr Dazza Posted May 14, 2015 Share Posted May 14, 2015 Damn... Steam's asking my password does not recognise it... :| Wait sh*t have they stolen your steam account? Check your emails for ANY changes to your account. Saame goes with everything else. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464287 Share on other sites More sharing options...
Mr.Arrow Posted May 14, 2015 Share Posted May 14, 2015 (edited) use virustotal because this malware is one sneaky bastard Edited May 14, 2015 by Cyberzone2 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464290 Share on other sites More sharing options...
Silent Posted May 14, 2015 Share Posted May 14, 2015 And that's why i refuse to use .asi whatsoever for anything else than mandatory tools like OpenIV. If you want to do a menu or some easy script use .lua. There's no need to clutter everything with .asi files. You realize .lua's are loaded by an .asi, right? lpgunit 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464296 Share on other sites More sharing options...
Mr.Arrow Posted May 14, 2015 Share Posted May 14, 2015 I wonder what happen with the other people especially GTASeries video and IGN since they used this mod too Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464304 Share on other sites More sharing options...
MagikarpIsOP Posted May 14, 2015 Share Posted May 14, 2015 Only thing related to init.exe or something like that is this. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464311 Share on other sites More sharing options...
Drkz Posted May 14, 2015 Share Posted May 14, 2015 (edited) And that's why i refuse to use .asi whatsoever for anything else than mandatory tools like OpenIV. If you want to do a menu or some easy script use .lua. There's no need to clutter everything with .asi files. You realize .lua's are loaded by an .asi, right? You realize you can't avoid .asi in GTA modding scene but you can atleast alleviate your exposition to it, right ? Use the necessary tools and then stick to .lua. Edited May 14, 2015 by Drkz Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464320 Share on other sites More sharing options...
Daynja Posted May 14, 2015 Share Posted May 14, 2015 Damn... Steam's asking my password does not recognise it... :| I just changed my Steam Guard setting btw. Now it send me an email if someone wants to log in. Best thing you could have done. I always set these guards up the moment they offer them. Same for gmail same for Origin.If anyone attempts to log in to my accounts i get a text message passcode sent to my mobile or email Grichka Bogdanoff 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464321 Share on other sites More sharing options...
Silent Posted May 14, 2015 Share Posted May 14, 2015 You realize you can't avoid .asi in GTA modding scene but you can atleast alleviate your exposition to it, right ? Of course I do, since I develop them myself. But I'm not that f*cked up in the head to include malware in them lpgunit and Drkz 2 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/2/#findComment-1067464328 Share on other sites More sharing options...
Recommended Posts