Malware inside Angry Planes & Noclip Mod

[MarshallRawR]

I did use the noclip mod but I don't have any fade.exe or the BAE2BCEE folder, I also searched for the fade.exe on my computer.

 

I've had the mod for ages and nothing has happened, but nonetheless I deleted the mod.

 

Mmmh...

I the few other mods I used are the PalmBeach's Rapid Reponse (police) mod and also the Ambulance Missions mod.

[ZZCOOL]

appears i don't have it on my system shame that gta modding has to be so tainted iv days those were the days

[FlyingAce]

Fade.exe sometimes is automatically caught by your AV and it doesnt tell you search for the other init.exe as well and the registry string and change passwords

 

also could someone please remake this mod? xD

[Microbots]

Well, gta5-mods came out with a statement.

 

They're going to beef up the process of testing scripts and recommend people use lua and cs scripts so that it's faster to verify.

[Drkz]

@TJGM

 

Which is funny since Windows doesn't label everything as unsafe.

 

As for the rest of your post : at this point you're obviously just moving goalposts. I don't even know why i bother anymore, and i just don't know how someone could not learn from his mistakes.

 

We'll enjoy, this has happened before and the flood gates have been open for years and years, it rarely happens. You keep acting like this will frequently happen now because of this one incident and if that's the case, why didn't it become more common when this previously happened? People who want to upload viruses know how easy it is to upload them among the modding communities, how come it's only going to become frequent to the GTA modding community? Why isn't it common among the Fallout/Skyrim modding community?

 

I'm acting like it will be more frequent now for multiple reasons. The first one being that GTA V is by far the most popular GTA title, both in numbers, players and everything, the second one being that the game and the modding scene has way more media coverage (reddit, websites, and especially Youtube) than before, with the implications it brings, and the third one because there's nobody to check your sh*t, no security, and no consequences.

 

It's a free win on multiple aspects, there's like close to absolutely no downsides whatsoever. If you were looking for easy Steam accounts, or just to ruin peoples day, ignoring such an easy way to infect people would be retarded.

 

It's not a niche business anymore. Mods are being featured on PCGamer, all over internet and all over Youtube. Hell, if Steam maintained the paying mods you could even live out of your mods.

 

how come it's only going to become frequent to the GTA modding community? Why isn't it common among the Fallout/Skyrim modding community?

 

Because close to no mods for Skyrim / Fallout / ArmA / whatever are coming in a potentially dangerous format like .exe or .asi. Simple as that. 99.99 % of the time it's loose files inside an archive. And go away with your sh*tty "anyone could include a virus in any files anyway !!!!!!", while this is true to a very marginal extent, doing so is far more complicated and far less accessible than packing your sh*tty password stealer in a .asi file and calling it a day. Accessibility and simplicity, this is what makes the biggest difference here.

Edited May 14, 2015 by Drkz

[Silent]

EDIT: Asked around, turns out you can store viruses into GTA file types. It's possible to store and execute a virus via a model file, texture archive file etc.. (this was done for Vice City's file types, which would've been .dff and .txd)

But this can be patched... with an ASI mod.

 

[boswellboxer]

f*ck I HAVE FADE.EXE

[Nah nah nah Gta 6]

I'm starting to think that someone else is adding the malware and not the creators, some people have the malware and some people don't, I don't think a modder woul go out of his way to make a mod to f*ck with people (they probably would with simple mods like noclip).

Edited May 14, 2015 by Stoney0503

[TJGM]

@TJGM

 

Which is funny since Windows doesn't label everything as unsafe.

 

As for the rest of your post : at this point you're obviously just moving goalposts. I don't even know why i bother anymore, and i just don't know how someone could not learn from his mistakes.

 

We'll enjoy, this has happened before and the flood gates have been open for years and years, it rarely happens. You keep acting like this will frequently happen now because of this one incident and if that's the case, why didn't it become more common when this previously happened? People who want to upload viruses know how easy it is to upload them among the modding communities, how come it's only going to become frequent to the GTA modding community? Why isn't it common among the Fallout/Skyrim modding community?

 

I'm acting like it will be more frequent now for multiple reasons. The first one being that GTA V is by far the most popular GTA title, both in numbers, players and everything, the second one being that the game and the modding scene has way more media coverage (reddit, websites, and especially Youtube) than before, with the implications it brings, and the third one because there's nobody to check your sh*t, no security, and no consequences. It's a free win on multiple aspects, there's like close to absolutely no downsides whatsoever. It's not a niche business anymore. Mods are being featured on PCGamer and all over Youtube.

 

how come it's only going to become frequent to the GTA modding community? Why isn't it common among the Fallout/Skyrim modding community?

 

 

Because close to no mods for Skyrim / Fallout / ArmA / whatever are coming in a potentially dangerous format like .exe or .asi. Simple as that. 99.99 % of the time it's loose files inside an archive. And go away with your sh*tty "anyone could include a virus in any files anyway !!!!!!", while this is true to a very marginal extent, doing so is far more complicated and far less accessible than packing your sh*tty password stealer in a .asi file and calling it a day.

Okay, fine, you've some what won me over and clearly won this argument. But still, I don't think you need to label mods as unsafe, we should be able to trust mod hosters to do decent testing with these mods before they get approved, especially ASI mods.

 

I probably should've admitted I didn't have facts to back up my argument about two posts ago or so, but nobody likes to admit they're wrong.

[Silent]

I'm starting to think that someone else is adding the malware and not the creators, some people have the malware and some people don't, I don't think a modder woul go out of his way to make a mod to f*ck with people (they probably would with simple mods like noclip).

Too integrated with the ASI to be added post-compilation. Most definitely was added to the original source code.

Edited May 14, 2015 by Silent

[ZZCOOL]

I'm starting to think that someone else is adding the malware and not the creators, some people have the malware and some people don't, I don't think a modder woul go out of his way to make a mod to f*ck with people (they probably would with simple mods like noclip).

maybe it was the reuploads that contained the malware makes a whole lot more sense

[BS_BlackScout]

I feel so happy I haven't actually went into all this modding thing, I was almost doing it.

I mean, I won't stay away from it, but that was big luck.

No viruses here, I am clean

Sad to hear about the others whose are in a bad situation =/

[Drkz]

 

@TJGM

 

Which is funny since Windows doesn't label everything as unsafe.

 

As for the rest of your post : at this point you're obviously just moving goalposts. I don't even know why i bother anymore, and i just don't know how someone could not learn from his mistakes.

 

We'll enjoy, this has happened before and the flood gates have been open for years and years, it rarely happens. You keep acting like this will frequently happen now because of this one incident and if that's the case, why didn't it become more common when this previously happened? People who want to upload viruses know how easy it is to upload them among the modding communities, how come it's only going to become frequent to the GTA modding community? Why isn't it common among the Fallout/Skyrim modding community?

 

I'm acting like it will be more frequent now for multiple reasons. The first one being that GTA V is by far the most popular GTA title, both in numbers, players and everything, the second one being that the game and the modding scene has way more media coverage (reddit, websites, and especially Youtube) than before, with the implications it brings, and the third one because there's nobody to check your sh*t, no security, and no consequences. It's a free win on multiple aspects, there's like close to absolutely no downsides whatsoever. It's not a niche business anymore. Mods are being featured on PCGamer and all over Youtube.

 

how come it's only going to become frequent to the GTA modding community? Why isn't it common among the Fallout/Skyrim modding community?

 

 

Because close to no mods for Skyrim / Fallout / ArmA / whatever are coming in a potentially dangerous format like .exe or .asi. Simple as that. 99.99 % of the time it's loose files inside an archive. And go away with your sh*tty "anyone could include a virus in any files anyway !!!!!!", while this is true to a very marginal extent, doing so is far more complicated and far less accessible than packing your sh*tty password stealer in a .asi file and calling it a day.

Okay, fine, you've some what won me over and clearly won this argument. But still, I don't think you need to label mods as unsafe, we should be able to trust mod hosters to do decent testing with these mods before they get approved, especially ASI mods.

 

I probably should've admitted I didn't have facts to back up my argument about two posts ago or so, but nobody likes to admit they're wrong.

 

 

It's okay mate, no problems. In the end i just want the same thing as you : healthy modding community without the fear of being infected.

 

As for trust, well it can works in a small modding community or a niche one, where everyone knows everyone. But i don't think it's the case with GTA V anymore.

Edited May 14, 2015 by Drkz

[Igor Bogdanoff]

MBAM also said http://www.thegtaplace.com/downloads/f455-gta-mod-installer-v50-betathis is malware too. (or Trojan.dropper)

[Shaunr]

 

WTF.. Thanks for the Post OP. guys i deleted init.exe and fade.exe also i cleared the registry as MarshallRawR said is there anything i need to do ? I'm really worried right now

Change all your passwords.

 

ok, some people like me can't possibly change all their passwords.

 

This is just a keylogger, right? so my stored passwords are safe? I've only been using this since last night, and I haven't actually typed in any passwords.

 

 

Please someone give some more details on this.

[ZZCOOL]

MBAM also said http://www.thegtaplace.com/downloads/f455-gta-mod-installer-v50-betathis is malware too. (or Trojan.dropper)

i guess get used to this noone cared about gta before but the people who actually cared now that gta is mainstream it's going to turn into a total mess it's not what it used to be any more

[Igor Bogdanoff]

 

MBAM also said http://www.thegtaplace.com/downloads/f455-gta-mod-installer-v50-betathis is malware too. (or Trojan.dropper)

i guess get used to this noone cared about gta before but the people who actually cared now that gta is mainstream it's going to turn into a total mess it's not what it used to be any more

 

Gaming in general turned into mainstream. AND THAT IS LAME.

[ZZCOOL]

yup look at that fade.exe is in the quarantine and since day 1

Edited May 14, 2015 by ZZCOOL

[FlyingAce]

someone on reddit said these two might also be dangerous

 

EnforcerZhukovReallistic Mods plz :V 1 point

an hour ago

WTF this is reaaaaally curious, GTAForums' got now a 403 error o.O

BTW i scanned with Panda Free and Malwarebytes my AppData folder and looks clean (despite of some typical cookies). My mods folder is also clean, BUT Panda found 2 suspicious files: Tank.asi (the first version of this mod: https://www.gta5-mods.com/scripts/tanks-spawn-at-five-stars) and this too (https://www.gta5-mods.com/scripts/working-restaurants).

[ZZCOOL]

 

someone on reddit said these two might also be dangerous

 

EnforcerZhukovReallistic Mods plz :V 1 point

an hour ago

WTF this is reaaaaally curious, GTAForums' got now a 403 error o.O

BTW i scanned with Panda Free and Malwarebytes my AppData folder and looks clean (despite of some typical cookies). My mods folder is also clean, BUT Panda found 2 suspicious files: Tank.asi (the first version of this mod: https://www.gta5-mods.com/scripts/tanks-spawn-at-five-stars) and this too (https://www.gta5-mods.com/scripts/working-restaurants).

 

plastic tangerine is in my eyes a highly respected modder no way he'd put a virus in his mods

[MarshallRawR]

Who knows, maybe whoever owns GTA5-Mods.com is putting all those malwares.

[FlyingAce]

exactly my thought ZZCOOL just putting it out there... maybe he had a reupload from someone...

Edited May 14, 2015 by FlyingAce

[Silent]

Who knows, maybe whoever owns GTA5-Mods.com is putting all those malwares.

Still seems too well integrated with the binary to be doable without the source code.

[visionglid]

At least four times, when i run GTA 5, the Avast grab a malware trying to access external sites. But i wasn't worried. That sucks.

[Igor Bogdanoff]

 

Who knows, maybe whoever owns GTA5-Mods.com is putting all those malwares.

Still seems too well integrated with the binary to be doable without the source code.

 

Maybe some very clever cyber criminal

[EnforcerZhukov]

 

someone on reddit said these two might also be dangerous

 

EnforcerZhukovReallistic Mods plz :V 1 point

an hour ago

WTF this is reaaaaally curious, GTAForums' got now a 403 error o.O

BTW i scanned with Panda Free and Malwarebytes my AppData folder and looks clean (despite of some typical cookies). My mods folder is also clean, BUT Panda found 2 suspicious files: Tank.asi (the first version of this mod: https://www.gta5-mods.com/scripts/tanks-spawn-at-five-stars) and this too (https://www.gta5-mods.com/scripts/working-restaurants).

 

Was me

That's what Panda Free found, but Malwarebytes don't. I can't say if they're infected. i just scanned my mods folder and Panda found that. Probably those results can be false positives.

[ZZCOOL]

Who knows, maybe whoever owns GTA5-Mods.com is putting all those malwares.

yeah a highly respected veteran whithin the modding community decided to go out of his way and put a virus on the website that makes him alot of money

 

no rappo did not please never say that again

[Flying Scotsman]

Please, please please, pretty please. answer my question.

 

Basically, I have done everything, check my reg, nothing found. Searched for Fade.exe, nothing found. Done everything, nothing found. I have the noclip mod, I directly downloaded after 1minute of it being uploaded. Please tell me I'm fine, if so please tell me what more to do to make sure that the keylogger didn't install. I have malware byte and avg, done a scan with both nothing found.

 

Please please please reply. Anything else that I can do to check that the keylogger didn't install? Thank you!

 

It only infects you if you run it. Just downloading it doesn't do anything.

 

It looks like it's compiled when you run it (hence the C# compiler) and it compiles non-GTA related code into the logger and stores it in the directories people have pointed out.

[Conwin]

This sucks. I'm only using Scripthook, FOV mod and Visual V currently, but have experimented with shaders a deformation mod and a LED lighting mod in the past. Hopefully none of those had any viruses on them..

[Silent]

That's what Panda Free found, but Malwarebytes don't. I can't say if they're infected. i just scanned my mods folder and Panda found that. Probably those results can be false positives.

They deffo don't have Fade inside.