Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    1. GTANet.com

    1. GTA Online

      1. The Cayo Perico Heist
      2. The Diamond Casino Heist
      3. Find Lobbies & Players
      4. Guides & Strategies
      5. Vehicles
      6. Content Creator
      7. Help & Support
    2. Red Dead Online

      1. Frontier Pursuits
      2. Find Lobbies & Outlaws
      3. Help & Support
    3. Crews

    1. Red Dead Redemption 2

      1. PC
      2. Help & Support
    2. Red Dead Redemption

    1. Grand Theft Auto Series

    2. GTA VI

      1. St. Andrews Cathedral
    3. GTA V

      1. Guides & Strategies
      2. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
    6. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
    7. GTA III

      1. Guides & Strategies
      2. Help & Support
    8. Portable Games

      1. GTA Chinatown Wars
      2. GTA Vice City Stories
      3. GTA Liberty City Stories
    9. Top-Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. Design Your Own Mission
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Movies & TV
      5. Music
      6. Sports
      7. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    3. Gangs

    1. Announcements

    2. Support

    3. Suggestions

Sign in to follow this  
KingDong

USP10.DLL Trojan.vawtrak.ED Suspected to Come From ANOTHER GTAV Mod

Recommended Posts

KingDong

So today i woke up this morning to see that malwarebytes was flipping the fuk out blocking the same detection over and over

2b442bcdb3.png

 

I did some research on the detection apparently Vawtrak is a password stealer keylogger ect

Once executed in the victim’s machine, Vawtrak performs the following actions:
  • Disables antivirus protection.
  • Inject custom code in a user-displayed web pages (this is mostly related to online banking)
  • Steals passwords, digital certificates, browser history, and cookies.
  • Surveillance of the victim (key logging, taking screenshots, capturing video)
  • Creates a remote access to a user’s machine (VNC, SOCKS)
  • Automatic updating.

http://thehackernews.com/2015/03/vawtrak-banking-trojan.html

 

So my guess the constant detection is the program trying to activate itself

I tried to remove it but all windows programs including my AV is using it and thats why malwarebytes is unable to quarantine it

 

I dont know much yet but what i can provide is all the mods i downloaded for GTAV a few days ago

 

 

 

fa79e74865.png

a234879b9f.png

 

 

 

Once im done moving my files to my USB im going to attempt to kill the process and remove the file

but if that backfires i will perform a full reinstall of Win7

Share this post


Link to post
Share on other sites
Jitnaught

If you do get the virus removed, run GTA V and see if it shows up again. If it does, it's one of those mods. You test any of the ASI mods, and possibly the .NET ones, if the mods are where the virus spawns from.

Oh and I would suggest changing passwords.

Edited by LetsPlayOrDy

Share this post


Link to post
Share on other sites
KingDong

Sounds like it's a false positive. You may not have to be as worried.

https://forums.malwarebytes.org/index.php?/topic/169633-trojanvawtraked/

I played around with it for awhile

whenever i opened a page on chrome it trys to activate

whenever i open a folder or something on windows it trys to activate

I didnt want to take the risk of thinking it was a FP so i just formatted and reinstalled

Share this post


Link to post
Share on other sites
Victim_Crasher

I have this problem a couple days ago

mbam detects usp10.dll as a Trojan.Vawtrak.ED every time i open folder, launch a browser, etc.

 

So i did a full scan and it said that it has been solved (put the file into quarantine and such), and told me to restarted the computer

After i restarted the computer... the problem seems to dissapear :blink:

 

I don't really know if that was a false positive or the file just evolved into something stronger

But i assumed that it was just a false positive

 

But it leaves a lot of usp10.dll on my quarantine (supposed to be everytime the file was blocked, they put it on quarantine)

 

KTYbHbQw.jpg

 

Sorry for the UI language.. i put it in Bahasa

 

EDIT :

The first "blocked" pop up comes not after playing V, so i don't think it's from V :panic:

Edited by Victim_Crasher

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • 2 Users Currently Viewing
    0 members, 0 Anonymous, 2 Guests

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.