lahma Posted May 16, 2015 Share Posted May 16, 2015 Though MD5 collisions have been demonstrated to be possible, actually doing so in practice would require a supercomputer and several decades at the minimum. Probably not something that the malware author (who is injecting his malware into a video game trainer) has the perseverance to carry out. Having said that, there is no sane reason to still be using MD5 checksums. Use SHA-1 and avoid the issue altogether. No, it's SHA-1 which has been cracked but has not had a collision generated yet. MD5 is utterly broken; this guy managed to create a chosen-prefix collision between two fixed images in 10 hours of AWS time (costing under a dollar). SHA-1 should *also* not be used in new applications, because although its break is theoretical at this point it is broken. The correct checksum to use is a SHA-2 family hash (like SHA-256) or SHA-3; probably SHA-256, since that's really well supported. Do not use MD5 for any application that collision-resistance matters for, like this one. Hey Silent, do you have any tips on how to check pre-compiled .dll files, which are used for the .NET Script Hook? Can you not just decompile them? Since this isn't an appropriate topic to debate about hashing functions, I'll refrain from further discussion, but you are absolutely right. SHA-256 would be a much better choice. The only reason I suggested SHA-1 is because a lot of software has support for it where SHA-256 is only now becoming more common (though it takes very very little effort to get a utility that will verify SHA-256.) The problem I find is that very few websites offer SHA-256 checksums of their downloadable files to verify against. Hell, many don't even offer SHA-1... This obviously needs to change. Link to comment Share on other sites More sharing options...
RainingAcid Posted May 16, 2015 Share Posted May 16, 2015 Saw this post on Reddit about a cleaned up version of Angry Planes: http://www.reddit.com/r/GrandTheftAutoV_PC/comments/36279w/cleaned_up_version_of_the_angry_planes_mod_info/ Is anyone able to test it an confirm whether it's clean? Many thanks Same here..... I wanna know. Link to comment Share on other sites More sharing options...
Foosmeels Posted May 16, 2015 Share Posted May 16, 2015 (edited) If someone wants to clean up the 1.2 version of Angry Planes. Here it is: https://mega.co.nz/#!0wQ3gaBI!Dm_ykHP_N0ZdPyL_NIctiwcbrzgSAveoeKiP-n85g4w Love this version. Version 3.0 Angry Planes: (Not as Fun, kinda... Bleh.... Planes mostly just fly above you and crash into each other) Version 2.0 Angry Planes: and Edited May 16, 2015 by Foosmeels Link to comment Share on other sites More sharing options...
Microbots Posted May 17, 2015 Share Posted May 17, 2015 Hey Im Worried about Sonic boom mod and innerforce mod how come it doesnt want to load through a mod manager? it preforms a check, it looks like to see if it's being run through the main directory or not local sonicboom = {} local mod = false local mod_toggle = false function sonicboom.unload() Bit shady?????? almost as if it doesn't want the mod to run through a mod manager that blocks the firewall hmmmmm THOUGH I COULD BE COMPLETELY MISSUNDERSTANDING THIS but its true both mods DONT work in the game when using a manager and this is what shows up in both of them. Seems like the norm for lua mods. If you're that scared of the unload function, just remove it. Then see if it works and see if it's needed. Link to comment Share on other sites More sharing options...
Loves GTA Posted May 17, 2015 Share Posted May 17, 2015 (edited) Windows Defender does not play well at all with the dinput8.dll. When it's in the game folder, real time protection causes my game to stutter when switching characters and occasionally in normal gameplay. If I disable real time protection, everything is smooth. Anyone else have the same issue, and if so, is there a way to avoid issues while real time protection is enabled? It's not a huge deal, but I'd much prefer to not have to remember to switch off the A/V every time I play and then back on when I'm done. Edited May 17, 2015 by Loves GTA Link to comment Share on other sites More sharing options...
ffzero58 Posted May 17, 2015 Share Posted May 17, 2015 Hey Im Worried about Sonic boom mod and innerforce mod how come it doesnt want to load through a mod manager? it preforms a check, it looks like to see if it's being run through the main directory or not local sonicboom = {} local mod = false local mod_toggle = false function sonicboom.unload() Bit shady?????? almost as if it doesn't want the mod to run through a mod manager that blocks the firewall hmmmmm THOUGH I COULD BE COMPLETELY MISSUNDERSTANDING THIS but its true both mods DONT work in the game when using a manager and this is what shows up in both of them. Seems like the norm for lua mods. If you're that scared of the unload function, just remove it. Then see if it works and see if it's needed. The unload function is normal and most times not required. Is there any more code within the function? See if the function is called later in the code. It could just be leftover from the LUA sample template. Link to comment Share on other sites More sharing options...
Spear64 Posted May 17, 2015 Share Posted May 17, 2015 (edited) Guys i know it sounds stupid and i already had one answer, but i'm really scared and i need at least an other person's point of view on 2 questions. 1- I have both Windows and Mac Os x on the same computer (on different drives). I can format windows but formatting the mac would be a true pain...has this virus even got a a 1% chance of working inside OS X, or am i safe keeping my MAC HD non formatted? (note i used the mac to backup savegames after i MIGHT have been hit by the virus) 2- Is it safe to backup and restore savegames, or might the Rockstar Games folder inside documents be linked to the virus? I know i'm paranoid, mad, and whiny...but i'm utterly terrified by viruses and i need an answer on those 2 questions before i can sleep safely (i suffer from MILD anxiety). Thank you so much for understanding, i really appreciate it 1. Well, in terms of strict *POSSIBILITY*, it can happen if it was coded to do so (AFAIK). But I'd say the chances of it happening are less then 1%. Even if it could somehow spread to your other drive, OS X is written much differently then windows, and the virus couldn't be able to operate. If this was a problem, any virus would be much more of an issue then they already are. Consider it practically impossible. Someone correct me if im wrong though 2. I don't see why that'd be an issue. If your that paranoid you can virus scan it. Edited May 17, 2015 by Spear64 Link to comment Share on other sites More sharing options...
Stewox Posted May 17, 2015 Share Posted May 17, 2015 (edited) Wow. Great community cooperative work, I would have downloaded and used this mod for sure if there was no warning. Also you guys might try using ProcessMonitor from sysinternals as well, if you don't already .. should detect what files and reg is the trojan through csc and vbc ..etc Maybe it's doing things through gta5.exe in the beginning ... Edited May 17, 2015 by Stewox ffzero58 1 Link to comment Share on other sites More sharing options...
ffzero58 Posted May 17, 2015 Share Posted May 17, 2015 Guys i know it sounds stupid and i already had one answer, but i'm really scared and i need at least an other person's point of view on 2 questions. 1- I have both Windows and Mac Os x on my computer (on different drives). I can format windows but formatting the mac would be a true pain...has this virus even got a a 1% chance of working inside OS X, or am i safe keeping my MAC HD non formatted? (note i used the mac to backup savegames after i MIGHT have been hit by the virus) 2- Is it safe to backup and restore savegames, or might the Rockstar Games folder inside documents be linked to the virus? I know i'm paranoid, mad, and whiny...but i'm utterly terrified by viruses and i need an answer on those 2 questions before i can sleep safely. (i suffer from mile anxiety) Thank you so much for understanding, i really appreciate it Don't format, you will be wasting your time. Just follow the guide and scan with an antivirus. Again, we don't fully understand what else the virus could have done. This was literally discovered two days ago with analysis verified within 24 hours. We're not security experts (correct me if I am wrong). Even in the OP, it says "If you're not sure, reformat". In your case, you could probably just format the windows OS drive. The possibility that the virus author thought about your scenario is next to nil. Link to comment Share on other sites More sharing options...
FlyingAce Posted May 17, 2015 Share Posted May 17, 2015 Hey guys.. I might have a problem... after closing gta v my computer RANDOMLLY booted up CS GO and said it was trying to launch from "out of steam" and therefore would not be able to connect to vac servers... IS someone trying to access our inventorys??? Link to comment Share on other sites More sharing options...
Spear64 Posted May 17, 2015 Share Posted May 17, 2015 Hey guys.. I might have a problem... after closing gta v my computer RANDOMLLY booted up CS GO and said it was trying to launch from "out of steam" and therefore would not be able to connect to vac servers... IS someone trying to access our inventorys??? If you can rule out any reason why you might've launched it on accident, its possible. ANYTHING is really possible at this moment. There's still a lot known about the virus at the moment. For the moment, its certain that it logs keystrokes and even your steam inventory. There's no confirmation its programmed to allow remote access to your PC. Formatting is really the only way to be very safe, IMO. Link to comment Share on other sites More sharing options...
FlyingAce Posted May 17, 2015 Share Posted May 17, 2015 I also found a ini in my temp folder called armui I googled and its related to malware aparently.... malwarebytes still hasnt caught anything and neither has my AV kind of concerned Link to comment Share on other sites More sharing options...
FlyingAce Posted May 17, 2015 Share Posted May 17, 2015 (edited) MY INVENTORY IS GONE I THOUGHT I REMOVED THE VIRUS Edited May 17, 2015 by FlyingAce Link to comment Share on other sites More sharing options...
PhillBellic Posted May 17, 2015 Share Posted May 17, 2015 All of this raises an important question, Just who do/can we trust to release Mods free of malware, and other nasty programs from this point onwards? Link to comment Share on other sites More sharing options...
Spear64 Posted May 17, 2015 Share Posted May 17, 2015 MY INVENTORY IS GONE I THOUGHT I REMOVED THE VIRUS Just because its removed doesn't mean your not at risk. For one, you don't KNOW that its fully removed just from the OP's instructions. Second, whatever the keylogger managed to get before the servers got shut down is already in his possession. Did you not change your passwords? Link to comment Share on other sites More sharing options...
G0nx4 Posted May 17, 2015 Share Posted May 17, 2015 (edited) Guys i know it sounds stupid and i already had one answer, but i'm really scared and i need at least an other person's point of view on 2 questions. 1- I have both Windows and Mac Os x on my computer (on different drives). I can format windows but formatting the mac would be a true pain...has this virus even got a a 1% chance of working inside OS X, or am i safe keeping my MAC HD non formatted? (note i used the mac to backup savegames after i MIGHT have been hit by the virus) 2- Is it safe to backup and restore savegames, or might the Rockstar Games folder inside documents be linked to the virus? I know i'm paranoid, mad, and whiny...but i'm utterly terrified by viruses and i need an answer on those 2 questions before i can sleep safely. (i suffer from mile anxiety) Thank you so much for understanding, i really appreciate it Don't format, you will be wasting your time. Just follow the guide and scan with an antivirus. Again, we don't fully understand what else the virus could have done. This was literally discovered two days ago with analysis verified within 24 hours. We're not security experts (correct me if I am wrong). Even in the OP, it says "If you're not sure, reformat". In your case, you could probably just format the windows OS drive. The possibility that the virus author thought about your scenario is next to nil. IMO there's too much paranoia about this virus. Formatting is just a waste of time. Following the OP guide is the solution. I've been scanning my pc after deleting the virus a lot of times and nothing is found. So, just downloading a good anti virus should do it and deleting the folders in regedit. Anyway for my security I'll stay away from mods Edited May 17, 2015 by G0nx4 BKnight 1 Link to comment Share on other sites More sharing options...
FlyingAce Posted May 17, 2015 Share Posted May 17, 2015 MY INVENTORY IS GONE I THOUGHT I REMOVED THE VIRUS Just because its removed doesn't mean your not at risk. For one, you don't KNOW that its fully removed just from the OP's instructions. Second, whatever the keylogger managed to get before the servers got shut down is already in his possession. Did you not change your passwords? I changed my passwords after I deleted it a few days ago.... then today CS:GO randomly launched after closing out gta v like some bot or some sort and now my inventory is gone I thought I already cleaned the malware out sh*t probably anyone that followed these instructions is still at risk Link to comment Share on other sites More sharing options...
Spear64 Posted May 17, 2015 Share Posted May 17, 2015 Guys i know it sounds stupid and i already had one answer, but i'm really scared and i need at least an other person's point of view on 2 questions. 1- I have both Windows and Mac Os x on my computer (on different drives). I can format windows but formatting the mac would be a true pain...has this virus even got a a 1% chance of working inside OS X, or am i safe keeping my MAC HD non formatted? (note i used the mac to backup savegames after i MIGHT have been hit by the virus) 2- Is it safe to backup and restore savegames, or might the Rockstar Games folder inside documents be linked to the virus? I know i'm paranoid, mad, and whiny...but i'm utterly terrified by viruses and i need an answer on those 2 questions before i can sleep safely. (i suffer from mile anxiety) Thank you so much for understanding, i really appreciate it Don't format, you will be wasting your time. Just follow the guide and scan with an antivirus. Again, we don't fully understand what else the virus could have done. This was literally discovered two days ago with analysis verified within 24 hours. We're not security experts (correct me if I am wrong). Even in the OP, it says "If you're not sure, reformat". In your case, you could probably just format the windows OS drive. The possibility that the virus author thought about your scenario is next to nil. IMO there's too much paranoia about this virus. Formatting is just a waste of time. Following the OP guide is the solution. I've been scanning my pc after deleting the virus a lot of times and nothing is found. So, just downloading a good anti virus should do it and deleting the folders in regedit. Anyway for my security I'll stay away from mods It's not if you value the security of your information, finances, etc. Not until some more information comes through, theres no telling if you truly removed the virus. I believe a few of the popular AV's don't detect it yet. I'm not saying you should still be paranoid so long as you followed the OP, and changed all passwords. But, theres so many people posting "am I still at risk". At this point the only thing left to do is to format. With that being said, I agree with the last part, I'd advise staying away from mods. Of course, there's a few trusted authors who you can download from. Link to comment Share on other sites More sharing options...
FlyingAce Posted May 17, 2015 Share Posted May 17, 2015 (edited) sh*t sh*t im afraid what if they get into peoples other accounts??? not just steam I mean they didnt even HAVE to steal my steam account to do this!! or even log into it!! LIST OF INSTALLED MODS bilagos mod managerand mods listedarmy responsecollectablescollectorenhancednative trainergravity gunhydraulics (the first one)lamar gunnernice flyradio offopen interriorsriot modescripthookdotnettankworking jb700luaambulence missionstrucking missionsvigilante missionsaddinssonic boominner_forcetrain driver Edited May 17, 2015 by FlyingAce Link to comment Share on other sites More sharing options...
ffzero58 Posted May 17, 2015 Share Posted May 17, 2015 Guys i know it sounds stupid and i already had one answer, but i'm really scared and i need at least an other person's point of view on 2 questions. 1- I have both Windows and Mac Os x on my computer (on different drives). I can format windows but formatting the mac would be a true pain...has this virus even got a a 1% chance of working inside OS X, or am i safe keeping my MAC HD non formatted? (note i used the mac to backup savegames after i MIGHT have been hit by the virus) 2- Is it safe to backup and restore savegames, or might the Rockstar Games folder inside documents be linked to the virus? I know i'm paranoid, mad, and whiny...but i'm utterly terrified by viruses and i need an answer on those 2 questions before i can sleep safely. (i suffer from mile anxiety) Thank you so much for understanding, i really appreciate it Don't format, you will be wasting your time. Just follow the guide and scan with an antivirus. Again, we don't fully understand what else the virus could have done. This was literally discovered two days ago with analysis verified within 24 hours. We're not security experts (correct me if I am wrong). Even in the OP, it says "If you're not sure, reformat". In your case, you could probably just format the windows OS drive. The possibility that the virus author thought about your scenario is next to nil. IMO there's too much paranoia about this virus. Formatting is just a waste of time. Following the OP guide is the solution. I've been scanning my pc after deleting the virus a lot of times and nothing is found. So, just downloading a good anti virus should do it and deleting the folders in regedit. Anyway for my security I'll stay away from mods That's all good. If you feel you're 100% safe then more power to you. For the other folks who are less tech savvy or overly paranoid... reformatting is the surest way. It was already proven that some popular a/v programs could not detect it. This was a 0-day virus and a cleverly made one at that, it seems. If anything, folks should be more self conscious about backups and security. Knowledge is power. I've definitely learned a lot from this event. BKnight 1 Link to comment Share on other sites More sharing options...
Silent Posted May 17, 2015 Share Posted May 17, 2015 Hey Silent, do you have any tips on how to check pre-compiled .dll files, which are used for the .NET Script Hook? I have little clue about managed code, sadly Link to comment Share on other sites More sharing options...
RedDagger Posted May 17, 2015 Share Posted May 17, 2015 MY INVENTORY IS GONE I THOUGHT I REMOVED THE VIRUS Go to Steam, go to inventory, click 'More' in the top right and choose, 'view inventory history', if all yo items were traded to a single person then your credentials were definitely stolen instead of some steam error. Link to comment Share on other sites More sharing options...
MarshallRawR Posted May 17, 2015 Share Posted May 17, 2015 (edited) Can someone tells me the hell is that? EDIT: On isn't it an update of Visual thingy. vcredist is a windows thing, but these logs are weird and I don't know much about them. It contains weird sh*t though. Maybe it's just me stalking the TEMP folder too much. Edited May 17, 2015 by MarshallRawR Link to comment Share on other sites More sharing options...
BossMannAU Posted May 17, 2015 Share Posted May 17, 2015 It looks as if our emails have also been sold to email spam companies. In the last 2 days I have got 40 spam emails vs the 1-2 that I would get previously. Link to comment Share on other sites More sharing options...
Smiley992 Posted May 17, 2015 Share Posted May 17, 2015 (edited) use Malwarebytes Anti-Malware) it's good have a nice day. Hello, Guys and i just wanted to tell you about some helpful tips to know if you are still hacked by The Keylogger, So, First Open up CMD and Write: net user What net user does is tells you how many people are connected in on your pc, if it's writes your pc name only, it's means you are safe, if it's gives another name, there is a big chance that you still hacked. and another thing is useful as well, for example This program Called (ApateDNS) Just Search ApateDNS On google So all you have to do is open ApateDNS As Administartor and Click Start Server , if you Recieve any Domains While you didn't open any website or other programs there is a big chance, you still been hacked.. And Just an Advice, use a Program Called, KeyScramble Which Encrypts every Thing you Write on your Keyboard and Send it False to The keylogger it's really a Useful program. i Hope i Helped, It's not That good but i hope it's a Useful Tips Thanks For Reading in that little voice in your Brain Thank you, I wrote net user and the only name that showed up on user accounts was my PC Name. I feel a lot safer now. Thank you )))))) Hello, Guys and i just wanted to tell you about some helpful tips to know if you are still hacked by The Keylogger, So, First Open up CMD and Write: net user What net user does is tells you how many people are connected in on your pc, if it's writes your pc name only, it's means you are safe, if it's gives another name, there is a big chance that you still hacked. and another thing is useful as well, for example This program Called (ApateDNS) Just Search ApateDNS On google So all you have to do is open ApateDNS As Administartor and Click Start Server , if you Recieve any Domains While you didn't open any website or other programs there is a big chance, you still been hacked.. And Just an Advice, use a Program Called, KeyScramble Which Encrypts every Thing you Write on your Keyboard and Send it False to The keylogger it's really a Useful program. i Hope i Helped, It's not That good but i hope it's a Useful Tips Thanks For Reading in that little voice in your Brain Thank you, I wrote net user and the only name that showed up on user accounts was my PC Name. I feel a lot safer now. Thank you )))))) You are welcome sir and i am always happy to help. And by the way make sure you always run a Strong Firewall Do you recommend me to pay for avast? Because it has interesting features like firewall, sandbox mode, etc. Hi, First you Should Try the Trial Version Of Avast if you liked it and it worked great then you can buy it if you want, but there is some other good anti viruses aswell , like, Bitdefender, or Dr.web these are some great anti-viruses and Malwarebytes is great as well This is not a keylogger only we are being used as net bots, so use Strong Firewalls to Disable Flooding i don't know if it could help but always use strong anti-viruses and firewalls i hope i helped have a nice day. Edited May 17, 2015 by Smiley992 Link to comment Share on other sites More sharing options...
human10 Posted May 17, 2015 Share Posted May 17, 2015 Here my picture on the 8th step as posted by OP. I also found that there's another Leep folder with random name in the Roaming folder instead of Local. It is really unsafe, no idea where else had it being hiding. Probably gonna reformat when I have spare time, and refrain any important logins for the the time being. Link to comment Share on other sites More sharing options...
EddieThePro Posted May 17, 2015 Share Posted May 17, 2015 So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA Everything is in the picture Link to comment Share on other sites More sharing options...
BKnight Posted May 17, 2015 Share Posted May 17, 2015 Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it? Sorry if this is f*cking stupid. I'm usually smarter than this, promise Link to comment Share on other sites More sharing options...
EddieThePro Posted May 17, 2015 Share Posted May 17, 2015 Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it? Sorry if this is f*cking stupid. I'm usually smarter than this, promise Some of the files are used by software/programs that are running Link to comment Share on other sites More sharing options...
BKnight Posted May 17, 2015 Share Posted May 17, 2015 Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it? Sorry if this is f*cking stupid. I'm usually smarter than this, promise Some of the files are used by software/programs that are running Cheers, I'll stay safe and avoid it for the time being. Regarding your picture: I think that's fine. Mine consists of 'Administrator - ASPNET - Guest - [My Name] Link to comment Share on other sites More sharing options...
Recommended Posts