USP10.DLL Trojan.vawtrak.ED Suspected to Come From ANOTHER GTAV Mod


So today i woke up this morning to see that malwarebytes was flipping the fuk out blocking the same detection over and over



I did some research on the detection apparently Vawtrak is a password stealer keylogger ect

Once executed in the victim’s machine, Vawtrak performs the following actions:
  • Disables antivirus protection.
  • Inject custom code in a user-displayed web pages (this is mostly related to online banking)
  • Steals passwords, digital certificates, browser history, and cookies.
  • Surveillance of the victim (key logging, taking screenshots, capturing video)
  • Creates a remote access to a user’s machine (VNC, SOCKS)
  • Automatic updating.



So my guess the constant detection is the program trying to activate itself

I tried to remove it but all windows programs including my AV is using it and thats why malwarebytes is unable to quarantine it


I dont know much yet but what i can provide is all the mods i downloaded for GTAV a few days ago









Once im done moving my files to my USB im going to attempt to kill the process and remove the file

but if that backfires i will perform a full reinstall of Win7

If you do get the virus removed, run GTA V and see if it shows up again. If it does, it's one of those mods. You test any of the ASI mods, and possibly the .NET ones, if the mods are where the virus spawns from.

Oh and I would suggest changing passwords.

Edited by LetsPlayOrDy
Sounds like it's a false positive. You may not have to be as worried.


I played around with it for awhile

whenever i opened a page on chrome it trys to activate

whenever i open a folder or something on windows it trys to activate

I didnt want to take the risk of thinking it was a FP so i just formatted and reinstalled

I have this problem a couple days ago

mbam detects usp10.dll as a Trojan.Vawtrak.ED every time i open folder, launch a browser, etc.


So i did a full scan and it said that it has been solved (put the file into quarantine and such), and told me to restarted the computer

After i restarted the computer... the problem seems to dissapear :blink:


I don't really know if that was a false positive or the file just evolved into something stronger

But i assumed that it was just a false positive


But it leaves a lot of usp10.dll on my quarantine (supposed to be everytime the file was blocked, they put it on quarantine)




Sorry for the UI language.. i put it in Bahasa



The first "blocked" pop up comes not after playing V, so i don't think it's from V :panic:

Edited by Victim_Crasher
