aboutseven Posted May 21, 2015 Author Share Posted May 21, 2015 However When I searching through registry under Microsoft/Software under the key "fade" I found this,is this anything I should be worried about?7 Thanks. This is already stated as something you need to remove in the OP. i have this in my reg also but i cant find anything about in the op ok i have looked at a few different computers registry,ones that are on a dif network and no gta and no mods and they all have this so it has nothing to do with this malware so i wouldnt delete it I didn't realize you were just searching for "fade", I thought that this was what was located in the "Fade" directory at that registry location. My bad. richuf 1 Link to comment Share on other sites More sharing options...
JRC99 Posted May 21, 2015 Share Posted May 21, 2015 Is the trainer affected? Link to comment Share on other sites More sharing options...
Zhuocheng Tan Posted May 21, 2015 Share Posted May 21, 2015 Is the trainer affected? no Link to comment Share on other sites More sharing options...
JRC99 Posted May 21, 2015 Share Posted May 21, 2015 Is the trainer affected? no https://www.gta5-mods.com/tools/script-hook-vSo this is safe? I probably sound stupid, but I really don't want to risk it. Link to comment Share on other sites More sharing options...
Zhuocheng Tan Posted May 21, 2015 Share Posted May 21, 2015 Is the trainer affected? no https://www.gta5-mods.com/tools/script-hook-vSo this is safe? I probably sound stupid, but I really don't want to risk it. its safe JRC99 1 Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 21, 2015 Share Posted May 21, 2015 I have read them, along with the entire thread.. Which is why I want to know how some people are affected and some aren't.. I know this forum looks negatively on pirating, but there might me a connection between legit users being infected and non legit users not being affected by it.. (BTW I've purchased GTA V 3 separate times already, so morally I don't feel bad about not buying it again..) You say you have read them, but I've literally answered this right at the top. If you didn't find any files then don't assume you weren't affected. This is actually stated more than once in the OP. There is also no reason for there to be a different situation if you had a pirated copy. ScriptHook executes the asi files the same way on a pirated copy as a legit copy, there is no difference. If you ran the mods, and you know that you ran the mods, then you were infected. That is just how the mod worked. Once the game loads up, the mod is loaded by ScriptHook and executes its infection. Except that when I run GTA V my internet isn't connected. Running the game without internet (you are not connected to any wifi, router or data network) may have caused you to break the trojan, which needed internet access. Idk, it might be possible. Someone test this out pls seems weird maybe the virus does not work at all and does not even install anything with out internet,Test this out guys see what you find. this maybe a work around for some people instead of them saying"I am not infected with it there are no files here" try to remember if you were connected to the internet if you weren't you might just be in luck. Maybe they were not connected to the internet ? demologik and richuf 2 Link to comment Share on other sites More sharing options...
MarshallRawR Posted May 21, 2015 Share Posted May 21, 2015 (edited) I deleted Fade a while back from my registry, but this was still present as a sort of "reg backup".I hope it did nothing. Edited May 21, 2015 by MarshallRawR Link to comment Share on other sites More sharing options...
whorse Posted May 22, 2015 Share Posted May 22, 2015 So I finally got around to reinstalling GTAV after I got the virus from the noclip mod. This time, I am keeping my game directory squeaky-clean and free of mods, so I can play online. Before I found out I was infected and before I reformatted, I was unable to revert my game to vanilla in order to play online, and it was making me extremely frustrated. I had installed too many mods with OpenIV and -- even though I had backed up all my .rpf files and restored them all -- I just could not get online, try time after time. Rockstar kept saying my files were corrupted. I definitely still did want to mod, but I felt like I really needed to find some way to have two entirely separate installations/game folders (if I ever wanted to use OpenIV and still be able to play Online again). Then I discovered Sandboxie: it turns out that, using Sandboxie, I can switch back and forth between the the modded and vanilla game with only one installation while also keeping the modded installation from making any permanent changes to my computer. The free version of Sandboxie allows you to run the game entirely within something called a sandbox, where it is isolated from the rest of the computer. Here's an explanation:http://www.techsupportalert.com/content/introduction-and-quick-guide-sandboxie.htmI just used a sandboxed version of Windows Explorer to move my ASI scripthook+mods to the sandboxed-version of the game directory. I also use OpenIV to make changes to some the game's RPF files (to change stuff like car handling, police dispatch and weapons ballistics), and I installed some graphics mods and more. You can just run modded GTAV straight out of that sandbox, entirely encapsulated within Sandboxie processes/sub processes, and totally unable to write to your drive outside of the symbolic virtual-sandbox-directory that it is confined to. If you look at the files actually in the sandbox, it's just recording the modified and unique files you've made within the sandbox itself, everything else - all files duplicated and moved around from within the sandbox - are just symbolic links referencing the locations of the original files outside the sandbox. My GTAV-folder within my sandbox is only 300MB (size of my modified update.rpf) because all the asi mods I installed in the sandbox directory are just symlinks to the actual files in the real "mods" directory. And it runs great! I have an AMD FX-8320 CPU and a Nvidia Geforce GTX 680 and I've noticed zero performance penalty. Sh*t's amazing. Running Windows 8.1.But yeah, I just wanted to let it be known that this does work without slowdowns/errors, for those out there who aren't modding GTAV anymore because they are scared of inherently insecure nature of the ASI scripthook. A sandbox will protect you from that. Here, you can have two versions of one 60GB installation: one modded and one left untouched - and the modded installation is all in a virtual throwaway sandbox from which it can be played in, where a mod cannot give you a virus even if it tried. Fade.exe would be created within Sandboxie's locked-down "Defaultbox" directory if I'd tried the infected mods from Sandboxie, where it couldnt affect anything that wasn't also running in the sandbox.The pic below shows a Sandboxie-instance of Windows Explorer on the left (notice the [#] signs), showing the contents of the modded game folder. Sandboxed-Grand Theft Auto V is running minimized in the background, and you can see its processes running in the Sandboxie Control in the center. Underneath that is a sandboxed-version of OpenIV, ready to edit sandboxed rpf files. And on the right side is my real game directory in un-sandboxed Explorer: I could technically even launch both the sandboxed version and the normal version of the game at the same time (I hear people do this to play borderlands 2 split screen), but my computer would probably explode if it were GTA5. I am running everything from regular Sandboxie-"Defaultbox" (with its files set to never auto-purge), but I could create a GTA5 specific sandbox separate from Defaultbox if I wanted. PS: Sorry if people already all know about this, I just think its amazing that it even works at all for such a complex game as GTAV, and that it solves all these risks with unsigned ASI mods while simultaneously eliminating issues about going from modded->vanilla/online-mode, all in one fell swoop. And I'm not trying to shill Sandboxie, either (though I'm aware how much it probably looks like it). The free version is all you need to do this (plus there seem to be no sandbox-alternatives for Windows). Paid version offers a few minor benefits, but nothing major. Anyway, I hope someone finds this post useful. Benie 1 Link to comment Share on other sites More sharing options...
Executor32 Posted May 22, 2015 Share Posted May 22, 2015 I deleted Fade a while back from my registry, but this was still present as a sort of "reg backup". I hope it did nothing. That has nothing to do with this virus at all. That value name is just a hexadecimal number that happens to include the digits f (15), a (10), d (13), and e (14), in that order. I don't know what it actually pertains to, but it's generally not a good idea to go around deleting registry entries without being absolutely sure of what they are. Link to comment Share on other sites More sharing options...
FlyingAce Posted May 22, 2015 Share Posted May 22, 2015 (edited) Soo is this for SURE... confirmed clean yet? Angry planes "cleaned up" http://www.reddit.com/r/GrandTheftAutoV_PC/comments/36279w/cleaned_up_version_of_the_angry_planes_mod_info/ Edited May 24, 2015 by FlyingAce Link to comment Share on other sites More sharing options...
Microbots Posted May 24, 2015 Share Posted May 24, 2015 So I'm going through the basics of IDA and the relevant tutorials on youtube. In one of them, it says that you can see the importsand what they use like using like networking. Now I have no idea what ASI files need or how they work when they download viruses. But did Angry Planes mod need that import and would it show up on IDA? No, it used GetProcAddress and LoadLibrary which is a dynamic alternative to standard imports. I checked them too when I analysed them and noticed no internet related imports. It was not until I dug into the code and decrypted the strings that it became obvious what was really happening. So where the fade come from? Was it in the script itself ? Link to comment Share on other sites More sharing options...
iAmCrunchy1 Posted May 25, 2015 Share Posted May 25, 2015 (edited) Does anyone have a youtube tutorial video? I'm not a tech guy so I'm having a lot of trouble following the steps? When i tried looking for "Shell" i did not find it Edited May 25, 2015 by iAmCrunchy1 Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 26, 2015 Share Posted May 26, 2015 Does anyone have a youtube tutorial video? I'm not a tech guy so I'm having a lot of trouble following the steps? When i tried looking for "Shell" i did not find it Just do what it says step by step, also if you want to try and see if this can remove it, then try this offical post on how to remove malware : http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/ Although if this does not remove it all do not look at me this is just a helpful post I found on how to remove malware. hopefully this helps Link to comment Share on other sites More sharing options...
AB26 Posted May 26, 2015 Share Posted May 26, 2015 IT'S BETTER TO BAN THE AUTHOR OF SUCH MODS BY THE MODDING COMMUNITIES! Link to comment Share on other sites More sharing options...
86DX Posted May 26, 2015 Share Posted May 26, 2015 IT'S BETTER TO BAN THE AUTHOR OF SUCH MODS BY THE MODDING COMMUNITIES! It'd be better if you didn't post that. Link to comment Share on other sites More sharing options...
BS_BlackScout Posted May 26, 2015 Share Posted May 26, 2015 (edited) Well, whatever. Edited May 26, 2015 by TrustedInstaller Link to comment Share on other sites More sharing options...
Jakee. Posted May 26, 2015 Share Posted May 26, 2015 (edited) ALERT!!! https://twitter.com/Yan2295/status/603286101252546561 Read the entire conversation, it seems there are new infected modifications! Can't confirm it 100%, but stay cautious. Please don't spread false alarm, currently there is no proof or even suspicion behind the mods distributing malware - the Grappling Hook mod is completely clean, Spiderman mod is a OpenIV Mod and the source code of The Flash mod is clean - just investigating. Problem with ASI container is there is no way (afaik) to decompile it. Edited May 26, 2015 by Jakee. 86DX and Yan2295 2 Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 27, 2015 Share Posted May 27, 2015 (edited) ALERT!!! https://twitter.com/Yan2295/status/603286101252546561 Read the entire conversation, it seems there are new infected modifications! Can't confirm it 100%, but stay cautious. Please don't spread false alarm, currently there is no proof or even suspicion behind the mods distributing malware - the Grappling Hook mod is completely clean, Spiderman mod is a OpenIV Mod and the source code of The Flash mod is clean - just investigating. Problem with ASI container is there is no way (afaik) to decompile it. * THIS could be false, a troll OR he got the malware from some where else and not these 3 mods * BUT there could be malware in even more mods guys just because we found 2 does not mean the f*ckers who did this wont do it again, I myself has not even re installed gta 5 since this whole thing happened it completely ruined everything for me. I have a feeling there is still a couple mods out there and that twitter post kinda confirms it there is at least 1 more mod with malware and so far it is out of the 3 this guy (in the twitter post) has. Be careful guys... ( read the comments under the tweet to see what we are talking about ) Edit : ( I do not know why there is a white line over the text just highlight it to read ) "The Mods were Just Cause 2 Grappling Hook, The Flash Mod, and the Spider-Man skin." the mods he installed if you have these mods <-- and the noclip or angryplains please uni stall and follow the steps that the original post says (page 1 at the top, Step by step guide) do not panic chill out follow the steps and get it uni stalled change in portent passwords too * This could be a false positive but these are the mods that the guy said he had installed** mods that could possibly have malware are Just Cause 2 Grappling Hook, The Flash Mod, and the Spider-Man skin. one or all of these could have malware. the Noclip and angry plain mods (as every one knows ) have 100% confirmed malware. follow this guide also to remove all malware if the main post did not work :http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/ last time I am saying this.. Edited May 27, 2015 by TheMuffinManOP Link to comment Share on other sites More sharing options...
KingDong Posted May 27, 2015 Share Posted May 27, 2015 I think i found out where the hacker lives I forgot to change my facebook password and he tried to access my account Facebook say he logged in here Login near Bend, OR, United States from Firefox for Windows 7 (May 21 at 1:12am) Link to comment Share on other sites More sharing options...
cadeharrison Posted May 29, 2015 Share Posted May 29, 2015 Just found these files in my temp folder, should I be worried? Link to comment Share on other sites More sharing options...
Dillpick88 Posted May 29, 2015 Share Posted May 29, 2015 Oh sh*t they might see how much porn I've been looking up Voit Turyv 1 Link to comment Share on other sites More sharing options...
Daynja Posted May 29, 2015 Share Posted May 29, 2015 Is this the result of the keylogger found in Angryplanes and Noclip? http://www.reddit.com/r/GrandTheftAutoV_PC/comments/37llv4/new_ban_wave/ According to one of the posters many users are receiving this response from Rockstar "Sorry to hear that you are having a problem logging into GTAV for PC. We investigated your account and determined that GTAV login access was suspended because your Social Club login credentials were shared across a large number of computers. Please note that sharing your login credentials with others is a violation of the EULA and can result in permanent termination of your Social Club account and associated Rockstar Games" Link to comment Share on other sites More sharing options...
The Scout Posted May 30, 2015 Share Posted May 30, 2015 This mod clean? http://gtaxscripting.blogspot.com/2015/05/gta-v-just-cause-2-grappling-hook-mod.html Link to comment Share on other sites More sharing options...
The Scout Posted May 30, 2015 Share Posted May 30, 2015 is the tsunami mod clean because its starting to crash me alot Link to comment Share on other sites More sharing options...
Kizoky Posted June 3, 2015 Share Posted June 3, 2015 A mod is clean when other people has no issues with it. Why would someone do this anyway? What will he earn by stealing passwords? Link to comment Share on other sites More sharing options...
Joachim Posted June 4, 2015 Share Posted June 4, 2015 A mod is clean when other people has no issues with it. Why would someone do this anyway? What will he earn by stealing passwords? Bank accounts, for example? Link to comment Share on other sites More sharing options...
G0nx4 Posted June 4, 2015 Share Posted June 4, 2015 Is this mod clean?? https://www.gta5-mods.com/scripts/pc-trainer-v Link to comment Share on other sites More sharing options...
Joachim Posted June 4, 2015 Share Posted June 4, 2015 (edited) Is this mod clean?? https://www.gta5-mods.com/scripts/pc-trainer-v Its author doesn't look suspicious but, well, you can't trust anyone in this world. Edited June 4, 2015 by Joachim Benie 1 Link to comment Share on other sites More sharing options...
G0nx4 Posted June 4, 2015 Share Posted June 4, 2015 Is this mod clean?? https://www.gta5-mods.com/scripts/pc-trainer-v Its author doesn't look suspicious but, well, you can't trust anyone in this world. I had mods from this author before, and had no virus until noclip. I scanned the file from this trainer and it didn't show any risk. But I'm not 100% safe D: Link to comment Share on other sites More sharing options...
Guest Posted June 11, 2015 Share Posted June 11, 2015 (edited) could someone possibly toss me the exe? I want to do some research into it. > implying you can do RE >being this much of a retard and greentext/redtext somewhere that is not 4chan/8chan/lainchan Edited June 11, 2015 by Guest Link to comment Share on other sites More sharing options...
Recommended Posts