Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    1. GTA Online

      1. The Diamond Casino Heist
      2. Find Lobbies & Players
      3. Guides & Strategies
      4. Vehicles
      5. Content Creator
      6. Help & Support
    2. Red Dead Online

      1. Frontier Pursuits
      2. Find Lobbies & Outlaws
      3. Help & Support
    3. Crews

      1. Events
    1. Red Dead Redemption 2

      1. PC
      2. Gameplay
      3. Missions
      4. Help & Support
    2. Red Dead Redemption

    1. Grand Theft Auto Series

    2. GTA 6

    3. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. GTA Chinatown Wars

    6. GTA Vice City Stories

    7. GTA Liberty City Stories

    8. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
    9. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
    10. GTA III

      1. Guides & Strategies
      2. Help & Support
    11. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    3. Gangs

    1. News

    2. Forum Support

    3. Site Suggestions

aboutseven

Malware inside Angry Planes & Noclip Mod

Recommended Posts

Benie

I found a reported clean version of Angry Planes by a trusted Reddit user, who also wanted people to match the checksums of his version, and the version I got. All checked out. Did a Threat scan with Malwarebytes (my Premium free trial version), and it detected nothing (before and after playing with the mod). I'm also using Sandboxie for extra protection.

Ran the game for awhile, mod works great with my other mods. So I quit and tried to follow the virus removal (incase I actually had the adware). First off, there's no 'csc.exe' running that I can see in the Task Manager.

In my AppData folder (the Sandboxie version), I saw a strange file called 'Local' with a bunch of weird characters next to it (almost looked Chinese). File has been removed. It could had been placed by Sandboxie, but at this day and age... I can't take any chances.

In my regular version (outside of Sandboxie), the weird file isn't there.

 

Anyway, continuing Step 3, I found no .z or init files in the Local/Temp folder. Didn't see an unnamed zip file, and no recently created folders with Fade.exe in them.

But this is where it starts to get... interesting. I checked regedit, and didn't find a 'Shell' entry where the picture said to go. I checked all of them, and I see no Shell folder. Is this bad?

http://puu.sh/ivDbG/fb9a0e3a39.png

 

Lastly, I checked HKEY_CURRENT_USER/Software/Microsoft and see no entries or folders of 'Fade' or 'Leep'.

 

So, am I still good? Did a restart, and still no Fade.exe anywhere. So, looks like it's actually clean. I won't be giving the link out due to someone could potentially put that virus in again.

Edited by Benie

Share this post


Link to post
Share on other sites
Bloody Mary

That weird "Local" file with Chinese characters after it is normal and was found/reported by many players after installing GTA V long before mods were even made for it. According to Rockstar it's a file that deals with profiles that have unexpected/strange characters in them, so it's perfectly safe; if you deleted it, GTA V automatically makes another.

 

Personally I'm extremely cautious about all mods, even now. I never got Angry Planes or Noclip, but I'm still quite wary of files from authors whom I don't trust. The GTA V modsite's heavier testing and longer approval periods help, but still, I'd stay away from anything related to Angry Planes or Noclip, no matter how "clean" a Reddit user claims it to be.

Edited by Bloody Mary

Share this post


Link to post
Share on other sites
Benie

I get the message loud and clear. I don't blame you. I was REALLY.. really hesitant to even try (nomatter how 'clean' it claimed), but I saw a video of Sandboxie, and how it's able to even keep your computer safe from that Cryptlocker virus. That sold me.

 

But like I said, here's the weird thing about that 'Local' file in my Appdata folder. You claim that it's perfectly normal and the game creates it. Then how come I never saw it before? I checked my normal un-Sandboxie version of Appdata and never saw this file.

Anyway, yeah. I never even owned GTA V for PC when I heard about this virus. I even hesitated if it was worth paying the $60 for it, as I have it on my PS4. But I really wanted to play with mods.

But that fear of the next top mod that may or may not have a virus... yeah.

 

There is a mod on GTAV-mods.com, called 'Planes Hails'. Author wants it to be the next Angry Planes mod. Immediately, people thought it was more adware (with plenty of reason), but the mod author defended their mod, giving access to the source code. No viruses with it.

Edited by Benie

Share this post


Link to post
Share on other sites
Bloody Mary

I get the message loud and clear. I don't blame you. I was REALLY.. really hesitant to even try (nomatter how 'clean' it claimed), but I saw a video of Sandboxie, and how it's able to even keep your computer safe from that Cryptlocker virus. That sold me.

 

But like I said, here's the weird thing about that 'Local' file in my Appdata folder. You claim that it's perfectly normal and the game creates it. Then how come I never saw it before? I checked my normal un-Sandboxie version of Appdata and never saw this file.

Anyway, yeah. I never even owned GTA V for PC when I heard about this virus. I even hesitated if it was worth paying the $60 for it, as I have it on my PS4. But I really wanted to play with mods.

But that fear of the next top mod that may or may not have a virus... yeah.

 

There is a mod on GTAV-mods.com, called 'Planes Hails'. Author wants it to be the next Angry Planes mod. Immediately, people thought it was more adware (with plenty of reason), but the mod author defended their mod, giving access to the source code. No viruses with it.

 

Again, not too sure about the Local file, but it was reported around launch throughout the Rockstar and GTA forums. According to Rockstar themselves it's normal. Maybe it's with the Steam version only? Most of the forum topics regarding it are from Steam. However, multiple people have scanned it with various anti-virus and anti-malware software, including Malwarebytes, and it's squeaky clean.

 

http://www.sevenforums.com/general-discussion/367307-local-what.html

http://www.neogaf.com/forum/showthread.php?t=1028101&page=64

https://www.reddit.com/r/GrandTheftAutoV_PC/comments/34k60e/new_file_created_in_appdata_called/

http://steamcommunity.com/app/271590/discussions/0/611703999971057114/

http://www.bleepingcomputer.com/forums/t/578397/file-in-appdata-with-strange-japanese-characters-1kb/

Edited by Bloody Mary
  • Like 1

Share this post


Link to post
Share on other sites
Enumerator

This is an easy fix...

Alex...

Update your loader to prevent

1) system registry access.

2) file creation.

3) network access

4) scan asi files for imports and marshals before loading

  • Like 1

Share this post


Link to post
Share on other sites
syn_gatez

does anyone know what version of angry plane mod and it's clean from malware or viruses??
plz reply :D

Share this post


Link to post
Share on other sites
Benie

does anyone know what version of angry plane mod and it's clean from malware or viruses??

plz reply :D

All I can tell you is to look it up. You shouldn't really be asking. People are still on edge here.

Edited by Benie

Share this post


Link to post
Share on other sites
Beannn

Hi Guys, Just to Check is Native trainer by Alexander Blade safe??? (New to gta V mods) If this is the only mods i had downloaded for gta v, am i safe from the virus mentioned in this thread??? I do not have any files inside my Temp folder.

Edited by Beannn

Share this post


Link to post
Share on other sites
Stoney0503

Hi Guys, Just to Check is Native trainer by Alexander Blade safe???

It's safe, millions of people have used it, if it had a virus it would of been reported a while ago.

Edited by Stoney0503
  • Like 2

Share this post


Link to post
Share on other sites
Beannn

Thanks for the reply. got so worried after reading this thread. thought i would have to reformat my comp.

Share this post


Link to post
Share on other sites
RM76

 

Hi Guys, Just to Check is Native trainer by Alexander Blade safe???

It's safe, millions of people have used it, if it had a virus it would of been reported a while ago.

 

Exactly, should be common sense.

Share this post


Link to post
Share on other sites
Bloody Mary

Long time no bump. Figured I might as well do it to ask something several others have elsewhere: any reports of malware in any mods recently?

Share this post


Link to post
Share on other sites
RM76

Long time no bump. Figured I might as well do it to ask something several others have elsewhere: any reports of malware in any mods recently?

That was a really, really dumb bump. If there was reports, the topic would've been revived long before this.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • 2 Users Currently Viewing
    0 members, 0 Anonymous, 2 Guests

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.