MarshallRawR Posted May 14, 2015 Share Posted May 14, 2015 yeah a highly respected veteran whithin the modding community decided to go out of his way and put a virus on the website that makes him alot of money no rappo did not please never say that again I personally don't know the owner. Don't worry, I'm not directly accusing anyone, so far only the creator of those mods is on top of the list. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465063 Share on other sites More sharing options...
FlyingAce Posted May 14, 2015 Share Posted May 14, 2015 noentiendero thanks for checking and telling us your results though Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465065 Share on other sites More sharing options...
Drkz Posted May 14, 2015 Share Posted May 14, 2015 Who knows, maybe whoever owns GTA5-Mods.com is putting all those malwares. Hahaha. No. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465111 Share on other sites More sharing options...
rappo Posted May 14, 2015 Share Posted May 14, 2015 yeah a highly respected veteran whithin the modding community decided to go out of his way and put a virus on the website that makes him alot of money no rappo did not please never say that again I personally don't know the owner. Don't worry, I'm not directly accusing anyone, so far only the creator of those mods is on top of the list. Nice to meet you! No, it wasn't me, and this whole thing makes me very sad. Silent, can you please let me know how you're checking the .asi files for integrity? Is the only way to run them? Dock, Drkz, MarcusBlack and 4 others 7 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465118 Share on other sites More sharing options...
lipskamafia Posted May 14, 2015 Share Posted May 14, 2015 (edited) I used noclip and angry planes mod . my antivirus didnt notice any virus or other stuff so what's the best way to check if we're infected? the regedit and malwarebytes scan? edit : i got this in winlogon is it ok? Edited May 14, 2015 by lipskamafia Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465140 Share on other sites More sharing options...
MarshallRawR Posted May 14, 2015 Share Posted May 14, 2015 (edited) Nice to meet you! No, it wasn't me, and this whole thing makes me very sad. Seeing other's people opinion on you, I'm pretty sure that's not you. You know, it's never fun to get all of your passwords stolen, especially when there are sensible information involved (such as my credit card on a few websites, and the money on my account is used to pay my rents, and I don't got a lot of it). Anyways, I can also understand that it is bad for you too as it might (and probably will) attract some bad publicity. Sorry if you felt accused in any way, I just threw this in there. I used noclip and angry planes mod . my antivirus didnt notice any virus or other stuff so what's the best way to check if we're infected? the regedit and malwarebytes scan? My antivirus (ESET) picked the .exe by itself after a little while. Check the TEMP folders to see if you have any of those files. Edited May 14, 2015 by MarshallRawR rappo 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465149 Share on other sites More sharing options...
Silent Posted May 14, 2015 Share Posted May 14, 2015 Silent, can you please let me know how you're checking the .asi files for integrity? Is the only way to run them? Pure guesswork with the disassembly. If the code was released after the compilation, I would expect it to be somewhere near the end of the code section, whereas it's clearly in the middle of legit code: Since the ASI still has 0 hits on virustotal, I dooubt there is a reliable way to auto check for such cases without becoming an antiviruxs And no, I didn't launch the code and I don't plan to. Ss4gogeta0, rappo, MarcusBlack and 2 others 5 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465158 Share on other sites More sharing options...
Wayno717 Posted May 14, 2015 Share Posted May 14, 2015 I noticed that in the root of the GTA 5, in the x64 folder their is a file called GTA5.exe with the same icon as the fade.exe program. I removed it and validated all the files and found that that wasn't included with the base GTA game. I do believe that was part of the Fade malware so i would recommend removing it Snowshoe 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465164 Share on other sites More sharing options...
Drkz Posted May 14, 2015 Share Posted May 14, 2015 (edited) yeah a highly respected veteran whithin the modding community decided to go out of his way and put a virus on the website that makes him alot of money no rappo did not please never say that again I personally don't know the owner. Don't worry, I'm not directly accusing anyone, so far only the creator of those mods is on top of the list. Nice to meet you! No, it wasn't me, and this whole thing makes me very sad. Silent, can you please let me know how you're checking the .asi files for integrity? Is the only way to run them? Hey rappo since you're here, it would be great if you could add a way for users to download an older / alternate version of your mod without having to recreate brand new modpage for it. Similar to what the nexus is doing. Anyway, i know you guys are working hard so thanks for gta5-mods. Edited May 14, 2015 by Drkz rappo 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465167 Share on other sites More sharing options...
TheFlareEntercounter Posted May 14, 2015 Share Posted May 14, 2015 (edited) What a sh*tty day for GTA modding, I just hope this won't discourage people from modding the game. *disassembly program*Silent, what disassembly program is that? Edited May 14, 2015 by TheFlareEntercounter Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465178 Share on other sites More sharing options...
rappo Posted May 14, 2015 Share Posted May 14, 2015 Silent, can you please let me know how you're checking the .asi files for integrity? Is the only way to run them? Pure guesswork with the disassembly. If the code was released after the compilation, I would expect it to be somewhere near the end of the code section, whereas it's clearly in the middle of legit code: [image] Since the ASI still has 0 hits on virustotal, I dooubt there is a reliable way to auto check for such cases without becoming an antiviruxs And no, I didn't launch the code and I don't plan to. Thanks! It's clear that our community is under a bit of an attack here. I'll be sure to seriously scrutinize compiled scripts from unrecognized names. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465180 Share on other sites More sharing options...
TJGM Posted May 14, 2015 Share Posted May 14, 2015 What a sh*tty day for GTA modding, good thing I don't have any of these mods installed. *disassembly program* Silent, what disassembly program is that? IDA. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465181 Share on other sites More sharing options...
sasuke78200 Posted May 14, 2015 Share Posted May 14, 2015 (edited) Who knows, maybe whoever owns GTA5-Mods.com is putting all those malwares. yeah a highly respected veteran whithin the modding community decided to go out of his way and put a virus on the website that makes him alot of money no rappo did not please never say that again The way the code is infecting the PC means that it was added by the mod developper, I'm 100% sure about that. GTA5 Mods has nothing to do with this. (I'm not one of their friends, I don't know them). Edited May 14, 2015 by sasuke78200 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465186 Share on other sites More sharing options...
Silent Posted May 14, 2015 Share Posted May 14, 2015 Silent, can you please let me know how you're checking the .asi files for integrity? Is the only way to run them? Same with the strings actually, it makes so little sense to be bundled post-compilation. OR the malware maker is VERY experienced, but then he wouldn't target GTA, right? I'm rather expecting this is some open source proof-of-concept malware. Silent, what disassembly program is that? IDA 6.6 rappo, MarcusBlack and Ss4gogeta0 3 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465189 Share on other sites More sharing options...
nplaim Posted May 14, 2015 Share Posted May 14, 2015 Maybe that'll help, sent sh*t for analysis. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465191 Share on other sites More sharing options...
LoneMerc Posted May 14, 2015 Share Posted May 14, 2015 (edited) Since this is a bad thing, anyone want an unlimited use malwarebytes premium code? Lord I would love one around about now! All my AV's are free xD I did notice this actually, fade.exe appearing and deleted it myself but I guess that was too late. I oddly though had my free version of Avast pick up that GTA5.exe inside the steam folder for GTA /x64 has another GTA5.exe that was picked up as malware. Can anyone check their own steam GTA V folder and tell me if they too find a GTA5.exe inside x64 that is a virus? I had this deleted too when I found it for caution! Oh well, I was going to reinstall windows the other day anyway... Better get around to that now + change my passwords! I too auto-save all my own Pws but according to previous posts, nobody truly knows if it's stole them locally from the SSD. Twats! Edited May 14, 2015 by LoneMerc Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465199 Share on other sites More sharing options...
MR.GREY Posted May 14, 2015 Share Posted May 14, 2015 thank God i Didn't install this mods....lol Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465214 Share on other sites More sharing options...
TJGM Posted May 14, 2015 Share Posted May 14, 2015 To the guy who keeps mentioning he has a pirated version of GTA V, stop. We don't allow piracy here and that's why your posts are being removed. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465222 Share on other sites More sharing options...
jippa_lippa Posted May 14, 2015 Share Posted May 14, 2015 (edited) PLEASE ANSWER, IF YOU CAN! I don't want to take any chances, i'm not even going to check for the virus...i'm formatting my SSD and changing the passwords on an other PC. I only have 2 important questions: 1- Is this virus capable of remaining in the hard disk (SSD) even after complete formatting? I know some viruses can 2- If that's the case, can the virus spread to other drives in the computer. Anyway i find all the thread confusing. If i wanted to check if i'm infected (for curiosity), how can i do it? I have avast, but i can install an other antivirus if needed. Thanks...i'm freaking out...really worried!!!!!!!! Edited May 14, 2015 by jippa_lippa Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465227 Share on other sites More sharing options...
Op1e Posted May 14, 2015 Share Posted May 14, 2015 Well this suck, no one will trust modders anymore. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465232 Share on other sites More sharing options...
iOnlyEatCops Posted May 14, 2015 Share Posted May 14, 2015 Wow this is messed up. Found this in my registry. How do I delete the shell and the userinit correctly? Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465235 Share on other sites More sharing options...
Link2012 Posted May 14, 2015 Share Posted May 14, 2015 Prehaps it's time for OpenIV to be open source. SilverRST 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465240 Share on other sites More sharing options...
MarshallRawR Posted May 14, 2015 Share Posted May 14, 2015 (edited) --pic-- Maybe that'll help, sent sh*t for analysis. Huh, you have a dat[1].jpg and I had a dat[1].bin Still no traces of that init..exe here. EDIT: I wonder if there is any way to analyze those Edited May 14, 2015 by MarshallRawR Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465241 Share on other sites More sharing options...
ZZCOOL Posted May 14, 2015 Share Posted May 14, 2015 PLEASE ANSWER, IF YOU CAN! I don't want to take any chances, i'm not even going to check for the virus...i'm formatting my SSD and changing the passwords on an other PC. I only have 2 important questions: 1- Is this virus capable of remaining in the hard disk (SSD) even after complete formatting? I know some viruses can 2- If that's the case, can the virus spread to other drives in the computer. Anyway i find all the thread confusing. If i wanted to check if i'm infected (for curiosity), how can i do it? I have avast, but i can install an other antivirus if needed. Thanks...i'm freaking out...really worried!!!!!!!! you can be absolutely sure that formating is going to erase it jippa_lippa 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465247 Share on other sites More sharing options...
iOnlyEatCops Posted May 14, 2015 Share Posted May 14, 2015 Wow this is messed up. Found this in my registry. How do I delete the shell and the userinit correctly? Any help? Is right clicking and pressing delete good? Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465258 Share on other sites More sharing options...
jippa_lippa Posted May 14, 2015 Share Posted May 14, 2015 PLEASE ANSWER, IF YOU CAN! I don't want to take any chances, i'm not even going to check for the virus...i'm formatting my SSD and changing the passwords on an other PC. I only have 2 important questions: 1- Is this virus capable of remaining in the hard disk (SSD) even after complete formatting? I know some viruses can 2- If that's the case, can the virus spread to other drives in the computer. Anyway i find all the thread confusing. If i wanted to check if i'm infected (for curiosity), how can i do it? I have avast, but i can install an other antivirus if needed. Thanks...i'm freaking out...really worried!!!!!!!! you can be absolutely sure that formating is going to erase it Ok thanks. How to check for its presence? Need to imput some special type of scan to my antivirus? I also heard you can check for the fade.exe and others on your own, but how? Simply using the "SEARCH" feature in windows? Also last question. Can i move some files from documents (GTA V SAVEGAMES) to an other drive without transporting the virus. I know...i'm a virus n00b but i'm super anxious right now :S Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465260 Share on other sites More sharing options...
Driver333 Posted May 14, 2015 Share Posted May 14, 2015 Is it possible that this malware was only added in later versions of the script? As I have the first release version and I can find no trace of the fade.exe, the game doesn't start in windowed mode, there is no csc.exe running in the background and there is no trace of the added "shell" that linked to it, as the op posted So is it possible this was added in a later version? I never had the noclip mod installed so i cant say for that. But i run the game right after i read this to make sure that it wasnt running in the background and I've had it installed and running for a few weeks now Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465264 Share on other sites More sharing options...
BS_BlackScout Posted May 14, 2015 Share Posted May 14, 2015 (edited) @iOnlyEatCops You aren't supposed to remove userinit.exe from Registry. https://technet.microsoft.com/en-us/library/cc939862.aspx I also suggest people to take care when deleting anything from Registry, you can harm Windows if you don't know exactly what you are messing with. Edited May 14, 2015 by TrustedInstaller Ss4gogeta0 1 Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465267 Share on other sites More sharing options...
Aerion Posted May 14, 2015 Share Posted May 14, 2015 (edited) PLEASE ANSWER, IF YOU CAN! I don't want to take any chances, i'm not even going to check for the virus...i'm formatting my SSD and changing the passwords on an other PC. I only have 2 important questions: 1- Is this virus capable of remaining in the hard disk (SSD) even after complete formatting? I know some viruses can not this one, it's "made" when you run gta5 with the asi, doesn't exist otherwise, and doesn't pop up again (to anyone's knowledge) if you delete it 2- If that's the case, can the virus spread to other drives in the computer. Anyway i find all the thread confusing. If i wanted to check if i'm infected (for curiosity), how can i do it? I have avast, but i can install an other antivirus if needed. Thanks...i'm freaking out...really worried!!!!!!!! So, can someone please answer 2 questions for me? • how many of the people with a verified infection use some sort of mod "manager" or "installer"? (longshot, I know, had to try) • why exactly do .asi have so much power? why can they access my PC outside the game folder or running memory without express admin permissions? and why use this format as a default for the script injector instead of something that can be verified by the layman? Edited May 14, 2015 by Aerion Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465268 Share on other sites More sharing options...
zJordan Posted May 14, 2015 Share Posted May 14, 2015 Running a scan with 360 Total Security which uses five different engines 360 Cloud Scan Engine, 360 QVMII AI Engine, Avira and Bitdefender. I seem clean from my registry and local temp files but running a full scan to make sure. I don't recall using Angry Planes or NoClip. This has admittedly made me way more cautious of non-OpenIV mods. Link to comment https://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page/6/#findComment-1067465271 Share on other sites More sharing options...
Recommended Posts