Jump to content
    1. Welcome to GTAForums!

    1. GTANet.com

    1. GTA Online

      1. The Criminal Enterprises
      2. Updates
      3. Find Lobbies & Players
      4. Guides & Strategies
      5. Vehicles
      6. Content Creator
      7. Help & Support
    2. Red Dead Online

      1. Blood Money
      2. Frontier Pursuits
      3. Find Lobbies & Outlaws
      4. Help & Support
    3. Crews

    1. Grand Theft Auto Series

      1. Bugs*
      2. St. Andrews Cathedral
    2. GTA VI

    3. GTA V

      1. Guides & Strategies
      2. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. GTA San Andreas

      1. Classic GTA SA
      2. Guides & Strategies
      3. Help & Support
    6. GTA Vice City

      1. Classic GTA VC
      2. Guides & Strategies
      3. Help & Support
    7. GTA III

      1. Classic GTA III
      2. Guides & Strategies
      3. Help & Support
    8. Portable Games

      1. GTA Chinatown Wars
      2. GTA Vice City Stories
      3. GTA Liberty City Stories
    9. Top-Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. Red Dead Redemption 2

      1. PC
      2. Help & Support
    2. Red Dead Redemption

    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. Design Your Own Mission
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Movies & TV
      5. Music
      6. Sports
      7. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Announcements

    2. Support

    3. Suggestions

USP10.DLL Trojan.vawtrak.ED Suspected to Come From ANOTHER GTAV Mod


KingDong
 Share

Recommended Posts

So today i woke up this morning to see that malwarebytes was flipping the fuk out blocking the same detection over and over

2b442bcdb3.png

 

I did some research on the detection apparently Vawtrak is a password stealer keylogger ect

Once executed in the victim’s machine, Vawtrak performs the following actions:
  • Disables antivirus protection.
  • Inject custom code in a user-displayed web pages (this is mostly related to online banking)
  • Steals passwords, digital certificates, browser history, and cookies.
  • Surveillance of the victim (key logging, taking screenshots, capturing video)
  • Creates a remote access to a user’s machine (VNC, SOCKS)
  • Automatic updating.

http://thehackernews.com/2015/03/vawtrak-banking-trojan.html

 

So my guess the constant detection is the program trying to activate itself

I tried to remove it but all windows programs including my AV is using it and thats why malwarebytes is unable to quarantine it

 

I dont know much yet but what i can provide is all the mods i downloaded for GTAV a few days ago

 

 

 

fa79e74865.png

a234879b9f.png

 

 

 

Once im done moving my files to my USB im going to attempt to kill the process and remove the file

but if that backfires i will perform a full reinstall of Win7

Link to comment
Share on other sites

If you do get the virus removed, run GTA V and see if it shows up again. If it does, it's one of those mods. You test any of the ASI mods, and possibly the .NET ones, if the mods are where the virus spawns from.

Oh and I would suggest changing passwords.

Edited by LetsPlayOrDy
Link to comment
Share on other sites

Sounds like it's a false positive. You may not have to be as worried.

https://forums.malwarebytes.org/index.php?/topic/169633-trojanvawtraked/

I played around with it for awhile

whenever i opened a page on chrome it trys to activate

whenever i open a folder or something on windows it trys to activate

I didnt want to take the risk of thinking it was a FP so i just formatted and reinstalled

Link to comment
Share on other sites

Victim_Crasher

I have this problem a couple days ago

mbam detects usp10.dll as a Trojan.Vawtrak.ED every time i open folder, launch a browser, etc.

 

So i did a full scan and it said that it has been solved (put the file into quarantine and such), and told me to restarted the computer

After i restarted the computer... the problem seems to dissapear :blink:

 

I don't really know if that was a false positive or the file just evolved into something stronger

But i assumed that it was just a false positive

 

But it leaves a lot of usp10.dll on my quarantine (supposed to be everytime the file was blocked, they put it on quarantine)

 

KTYbHbQw.jpg

 

Sorry for the UI language.. i put it in Bahasa

 

EDIT :

The first "blocked" pop up comes not after playing V, so i don't think it's from V :panic:

Edited by Victim_Crasher
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.