Malware inside Angry Planes & Noclip Mod

[Benie]

I found a reported clean version of Angry Planes by a trusted Reddit user, who also wanted people to match the checksums of his version, and the version I got. All checked out. Did a Threat scan with Malwarebytes (my Premium free trial version), and it detected nothing (before and after playing with the mod). I'm also using Sandboxie for extra protection.

Ran the game for awhile, mod works great with my other mods. So I quit and tried to follow the virus removal (incase I actually had the adware). First off, there's no 'csc.exe' running that I can see in the Task Manager.

In my AppData folder (the Sandboxie version), I saw a strange file called 'Local' with a bunch of weird characters next to it (almost looked Chinese). File has been removed. It could had been placed by Sandboxie, but at this day and age... I can't take any chances.

In my regular version (outside of Sandboxie), the weird file isn't there.

 

Anyway, continuing Step 3, I found no .z or init files in the Local/Temp folder. Didn't see an unnamed zip file, and no recently created folders with Fade.exe in them.

But this is where it starts to get... interesting. I checked regedit, and didn't find a 'Shell' entry where the picture said to go. I checked all of them, and I see no Shell folder. Is this bad?

http://puu.sh/ivDbG/fb9a0e3a39.png

 

Lastly, I checked HKEY_CURRENT_USER/Software/Microsoft and see no entries or folders of 'Fade' or 'Leep'.

 

So, am I still good? Did a restart, and still no Fade.exe anywhere. So, looks like it's actually clean. I won't be giving the link out due to someone could potentially put that virus in again.

Edited June 20, 2015 by Benie

[Bloody Mary]

That weird "Local" file with Chinese characters after it is normal and was found/reported by many players after installing GTA V long before mods were even made for it. According to Rockstar it's a file that deals with profiles that have unexpected/strange characters in them, so it's perfectly safe; if you deleted it, GTA V automatically makes another.

 

Personally I'm extremely cautious about all mods, even now. I never got Angry Planes or Noclip, but I'm still quite wary of files from authors whom I don't trust. The GTA V modsite's heavier testing and longer approval periods help, but still, I'd stay away from anything related to Angry Planes or Noclip, no matter how "clean" a Reddit user claims it to be.

Edited June 20, 2015 by Bloody Mary

[Benie]

I get the message loud and clear. I don't blame you. I was REALLY.. really hesitant to even try (nomatter how 'clean' it claimed), but I saw a video of Sandboxie, and how it's able to even keep your computer safe from that Cryptlocker virus. That sold me.

 

But like I said, here's the weird thing about that 'Local' file in my Appdata folder. You claim that it's perfectly normal and the game creates it. Then how come I never saw it before? I checked my normal un-Sandboxie version of Appdata and never saw this file.

Anyway, yeah. I never even owned GTA V for PC when I heard about this virus. I even hesitated if it was worth paying the $60 for it, as I have it on my PS4. But I really wanted to play with mods.

But that fear of the next top mod that may or may not have a virus... yeah.

 

There is a mod on GTAV-mods.com, called 'Planes Hails'. Author wants it to be the next Angry Planes mod. Immediately, people thought it was more adware (with plenty of reason), but the mod author defended their mod, giving access to the source code. No viruses with it.

Edited June 20, 2015 by Benie

[Bloody Mary]

I get the message loud and clear. I don't blame you. I was REALLY.. really hesitant to even try (nomatter how 'clean' it claimed), but I saw a video of Sandboxie, and how it's able to even keep your computer safe from that Cryptlocker virus. That sold me.

 

But like I said, here's the weird thing about that 'Local' file in my Appdata folder. You claim that it's perfectly normal and the game creates it. Then how come I never saw it before? I checked my normal un-Sandboxie version of Appdata and never saw this file.

Anyway, yeah. I never even owned GTA V for PC when I heard about this virus. I even hesitated if it was worth paying the $60 for it, as I have it on my PS4. But I really wanted to play with mods.

But that fear of the next top mod that may or may not have a virus... yeah.

 

There is a mod on GTAV-mods.com, called 'Planes Hails'. Author wants it to be the next Angry Planes mod. Immediately, people thought it was more adware (with plenty of reason), but the mod author defended their mod, giving access to the source code. No viruses with it.

 

Again, not too sure about the Local file, but it was reported around launch throughout the Rockstar and GTA forums. According to Rockstar themselves it's normal. Maybe it's with the Steam version only? Most of the forum topics regarding it are from Steam. However, multiple people have scanned it with various anti-virus and anti-malware software, including Malwarebytes, and it's squeaky clean.

 

http://www.sevenforums.com/general-discussion/367307-local-what.html

http://www.neogaf.com/forum/showthread.php?t=1028101&page=64

https://www.reddit.com/r/GrandTheftAutoV_PC/comments/34k60e/new_file_created_in_appdata_called/

http://steamcommunity.com/app/271590/discussions/0/611703999971057114/

http://www.bleepingcomputer.com/forums/t/578397/file-in-appdata-with-strange-japanese-characters-1kb/

Edited June 20, 2015 by Bloody Mary

[Enumerator]

This is an easy fix...

Alex...

Update your loader to prevent

1) system registry access.

2) file creation.

3) network access

4) scan asi files for imports and marshals before loading

[syn_gatez]

does anyone know what version of angry plane mod and it's clean from malware or viruses??
plz reply

[Benie]

does anyone know what version of angry plane mod and it's clean from malware or viruses??

plz reply

All I can tell you is to look it up. You shouldn't really be asking. People are still on edge here.

Edited June 21, 2015 by Benie

[Beannn]

Hi Guys, Just to Check is Native trainer by Alexander Blade safe??? (New to gta V mods) If this is the only mods i had downloaded for gta v, am i safe from the virus mentioned in this thread??? I do not have any files inside my Temp folder.

Edited June 22, 2015 by Beannn

[Nah nah nah Gta 6]

Hi Guys, Just to Check is Native trainer by Alexander Blade safe???

It's safe, millions of people have used it, if it had a virus it would of been reported a while ago.

Edited June 22, 2015 by Stoney0503

[Beannn]

Thanks for the reply. got so worried after reading this thread. thought i would have to reformat my comp.

[86DX]

 

Hi Guys, Just to Check is Native trainer by Alexander Blade safe???

It's safe, millions of people have used it, if it had a virus it would of been reported a while ago.

 

Exactly, should be common sense.

[El Dorado]

Keep a close eye on this thread http://gtaforums.com/topic/791187-xbox360-ps3-pc-gta-v-save-editor-by-xb36hazard/page-4

[Bloody Mary]

Keep a close eye on this thread http://gtaforums.com/topic/791187-xbox360-ps3-pc-gta-v-save-editor-by-xb36hazard/page-4

 

Sad that some people think a save editor is really worth getting malware for.

[Bloody Mary]

Long time no bump. Figured I might as well do it to ask something several others have elsewhere: any reports of malware in any mods recently?

[86DX]

Long time no bump. Figured I might as well do it to ask something several others have elsewhere: any reports of malware in any mods recently?

That was a really, really dumb bump. If there was reports, the topic would've been revived long before this.