Skip to content
View in the app

A better way to browse. Learn more.
LCPDFR.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ATTENTION: A few mods contain malware

Kallecrash
in GTA V Discussion & Media

Featured Replies

http://gtaforums.com/topic/794383-possibility-of-trojan-downloaderspyware-installed-via-gta-v-mod/#entry1067463416
 

The mods "noclip" by Xenos and "Angry Planes" by Onsby have been confirmed to have malware in them! They install fade.exe wich is a password stealing software!

DO NOT DOWNLOAD THEM!

And if you already have here some tips to get rid of them: Reddit   GTAForums

Edited by ineseri
Title edited and topic featured

What?

  • Quote
    • Replies 62
    • Views 11.1k
    • Created
    • Last Reply

    Top Posters In This Topic

    Popular Days

    Most Popular Posts

    • Cyan
      Cyan

      Frankly shocked this hasn't happened sooner. Perhaps for now, only download mods from reputable sources and authors. We'll be stepping up security on LCPDFR.com, including a full re-scan of our entir

    • Sniper296
      Sniper296

      .asi mods are just C++ .dlls with a different file extension. They should be treated with no less suspicion than any other binary downloaded from the internet. I am seriously surprised that this has n

    • AlconH
      AlconH

      <snip>

    .asi mods are just C++ .dlls with a different file extension. They should be treated with no less suspicion than any other binary downloaded from the internet. I am seriously surprised that this has not happened before.

    You are using the WRONG right theme!

    [ WIPs | Donate | 🌌 Join Mod Multiverse!]
    Flashing LED lightbar in British configuration

  • Quote

    http://gtaforums.com/topic/794383-possibility-of-trojan-downloaderspyware-installed-via-gta-v-mod/#entry1067463416
     

    The mods "noclip" by Xenos and "Angry Planes" by Onsby have been confirmed to have malware in them! They install fade.exe wich is a password stealing software!

    DO NOT DOWNLOAD THEM!

    And if you already have here some tips to get rid of them: Reddit   GTAForums

    ​I've already used both of those. I don't see how such things can be stored within a .asi. Huh. this explains a lot, no wonder avast and Malwarebytes picked up some shit. Already deleted the registry key it made with MBAM and avast blocked the exe from running and ridded of it, I think I should be fine.Could of been unrelated though.  If this is true then report those downloads (Unless they are already taken down)

    Edited by Sonny236

  • Quote

    ​A .asi file is basically a .dll file. A .dll file is a collection of programs or pieces of code that the software can call upon when needed.

    If the malware is placed inside the .asi file, it can then be invoked when the script is run.

    ​Ah I see. Well I'm gonna do a boot time scan later anyways, I've already checked where this fade.exe is supposed to be located and theres nothing of suspcision in my temp or appdata at all. MBAM didn't find anything either. gonna avoid them from being downloaded though.

    EDIT: After reading through that thread fully it seems this sucker got as far as trying to run Init.exe which avast blocked. Which is when I scanned and found the startup registry key and ridded of that too. I never found fade.exe or anything alike which is strange, and it could still be lurking about my system. hope that scan works.

    Edited by Sonny236

  • Quote

    An ASI isn't basically a DLL, it's literally a (native, not .NET) DLL. The DLL-to-ASI process consists of renaming the DLL file from ".dll" to ".asi". DLL files in Windows are also essentially the same as executables; the file format is identical, the only real difference is that DLLs can't be launched into their own address space. Anything bad you can do with an EXE can be done just as easily in a DLL; you just have to get something to load the DLL and call a function.

  • Quote

    I hope this does not destroy confidence in the modding community. Now every mod people download will be questioned as to whether or not it is a virus.

    [img]http://www.lcpdfr.com/cops/forum/crimestats/user/2378/sig.jpg[/img]

  • Quote

    I've posted a PSA to a couple of subReddits now, let's hope that everyone has the sense to read it. Laziness saved my life, if I weren't too lazy to swap out RPFs I'd have probably fallen victim.

    O/T in spoiler.

    I also hope that modding isn't affected by this. It's not necessarily the modders that will be affected, more so the moddèè's, persè. 

    ​Moddee, per se. Neither are French - the former is pseudo-English, the latter is Latin.

    Edited by EvilJackCarver

    Wenn ich Deutsch sprechen, enschultigung: Mein Deutsch ist nicht sehr gut.

    gATXSNG.png

     If you are replying to something I have posted, you may wish to quote me for faster response times; I do not usually follow threads I reply to.
    My personal inbox is not the support forum. I don't mind helping  you with your issues, but you are responsible for your research.  I am not a page in a manual, Google, or the forum search function - look through all three before asking.
    A link to a handy how-to guide for getting useful solutions to your problems, and useful answers to your questions. A lot of it may seem irrelevant, but it outlines some great practices to use when seeking answers or solutions.

  • Quote

    ​I've already used both of those. I don't see how such things can be stored within a .asi. Huh. this explains a lot, no wonder avast and Malwarebytes picked up some shit. Already deleted the registry key it made with MBAM and avast blocked the exe from running and ridded of it, I think I should be fine.Could of been unrelated though.  If this is true then report those downloads (Unless they are already taken down)

    ​They were not actually stored inside the asi, the asi downloaded the malware, that is how it evaded all virus and malware scanners. Luckily, for some, the files it did download were caught before they could do any damage.

    asi shows clean because antivirus has no signature match , so it goes into dynamic analysis i.e. emulating library execution and finds still nothing because this stuff is called only when script starts ingame (no proper environment for antivirus) , so there will be signatures in av bases soon for the downloader function inside asi , signatures for logger which it is downloading are already in 1/4 of antiviruses

    You are using the WRONG right theme!

    [ WIPs | Donate | 🌌 Join Mod Multiverse!]
    Flashing LED lightbar in British configuration

  • Quote

    I've posted a PSA to a couple of subReddits now, let's hope that everyone has the sense to read it. Laziness saved my life, if I weren't too lazy to swap out RPFs I'd have probably fallen victim.

    O/T in spoiler.

    Hidden Content

    ​I did feel kinda weird typing that, thanks for the heads up man.

  • Quote
     

    ​They were not actually stored inside the asi, the asi downloaded the malware, that is how it evaded all virus and malware scanners. Luckily, for some, the files it did download were caught before they could do any damage.

    ​Oh, I see. Well I did change my passwords just incase, I never found any signs of life from "fade.exe" or any of its variants, nothing im temp besides init.exe which tried to run from AppData, then avast got rid of that. Already deleted all the registry keys associated with it. It's pretty sneaky, this is scary knowing such thing can not really be prevented just by scanning the .asi file, I wonder how gta5-mods and other sites are going to handle this.

  • Quote

    ​Oh, I see. Well I did change my passwords just incase, I never found any signs of life from "fade.exe" or any of its variants, nothing im temp besides init.exe which tried to run from AppData, then avast got rid of that. Already deleted all the registry keys associated with it. It's pretty sneaky, this is scary knowing such thing can not really be prevented just by scanning the .asi file, I wonder how gta5-mods and other sites are going to handle this.

    ​Yeah just make sure if you've ever used any Bank Companies such as PayPal or Visa change your passwords on those, or if you used someone else I would advise them to change them.

    If you need help with ANYTHING please feel free to contact me.

    Skype: Vorske11

    Email: lenora.rodney@yahoo.com

     

     

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing

    Similar Content

    Recently Browsing 0

    • No registered users viewing this page.

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.