De två populära moddarna innehåller skadlig programvara - så här upptäcker och raderar du den.

Sedan #Grand Theft Auto V släpptes till pc har modscenen fullkomligt exploderat och vi har sett allt från katter som kastar molotovcocktails till pistoler som skjuter bilar. Nu har det dock avslöjats att två populära moddar, Angry Planes och No Clip, innehåller så kallade keyloggers som spelar in vad du skriver på ditt tangentbord. Om du använt dessa moddar rekommenderas du därför att omedelbart byta dina lösenord.

På GTAForums är stämningen såklart upprörd och en hjälpsam medlem ger följande instruktioner till alla som har använt Angry Planes eller No Clip.

Instructions on virus removal:

If these files do not exist, do not assume you weren't affected. The virus could have deleted itself after grabbing what it needed to cover its tracks, or your anti-virus could have deleted it after it grabbed what it needed.

If you have used the mods Angry Planes and/or Noclip mod, then here is how to get rid of the virus, or check if it is still on your computer.

1. Press Ctrl+Shift+Esc, go to processes, and end the csc.exe process.

2. Go to your Temp folder at "C:\Users\*YOUR USER NAME*\AppData\Local\Temp"

3. Sort the files by date added, and find .z and init..exe and delete those. Some reports say that .z might be named differently, like .x.

4. Some people also reported an unnamed archive file (.zip or .rar) that could not be opened that looks like this: http://i.imgur.com/5an5ARa.png If this exists, delete it.

5. Then find a recently made folder, should be named something like this: https://i.imgur.com/knF3dAB.png (I believe that this is a randomly generated name for each person hit) and should contain Fade.exe. Delete this folder.

6. Type in regedit in your Start menu search, or regedit.exe using run.

7. Go to the path located at the bottom of this screenshot: https://i.imgur.com/bBtk8HM.png HKEY_USERS is the first folder you expand, and the folder after it is a long string of characters, different for each person. Choose the one without "Classes" at the end. The key we are looking for is "Shell". If you are using a custom shell, remove the string after it that leads to Fade.exe. If it just contains explorer.exe and nothing after it, it should be fine to either remove it or keep it the way it is. If you have no idea what I'm talking about, just remove "Shell".

8. In registry go to "HKEY_CURRENT_USER\Software\Microsoft\" and look for "Fade" and "Leep" and delete them. "Leep" might only be related to the Noclip mod, as I did not have it.

9. There are also reports that a malicious GTA5.exe is placed inside the x64 in the GTA V directory, probably related to the Noclip mod. Go to "C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\x64" and delete GTA5.exe if it exists.

10. Of course, remove the mods from GTA V. Do not re-add them. If the server that was grabbing information comes back online, you could be affected again if you decide to keep using the mods.

11. Consider running an anti-virus at this point, just to make sure you got all the instances.

12. Restart your computer to make sure all instances of Fade.exe are no longer running.
This is all that I currently know of for removing the virus, and I will try to update if more information is presented.

With how new the information is, I have no idea if this is a complete removal.
If in doubt, and you still don't feel safe, format and reinstall Windows. I reinstalled Windows myself just to be on the safe side.

Som sagt, är det malware i syfte att skicka uppgifterna någonstans? 16/05 Följer man bara instruktionerna är det tvärlugnt. Sedan kan inga större problem uppkomma genom att i princip ta bort alla mappar/strängar där han är och pillar då alla utom 3:e part tillverkares strängar kommer återskapas vid nästa omstart per automatik... 15/05 Källa på hur det har upptäckts eller att det verkligen loggar och skickar vidare? Kan ju bara vara så att de är taskigt kodade. Det vill säga att de loggar alla knapptryckningar istället bara för de (dem?) som behövs. 15/05 På PC har man friheten att själv installera en mod som stjäl ens lösenord, på konsolsidan ger tillverkarna själva ut dessa (plus kreditkorts-info) och stänger ned online-funktionaliteten den följande månaden. PSN 2011, någon? 15/05 Ooooh made my day! 15/05 Wait Wait!! A appeal has come from the PC corner, saying: Even if the console has no functional legs it is not cheating if the PC uses his. :P 15/05 well he got banned for cheating so i wouldnt call that a win ;D 15/05 Oh what a shame it seems the console peasants connection dropped because the main services got DDoSed. We won't be seing him for a few days. The winner will have to be the cheating scum! 15/05 Även om det är för o hjälpa så är det alltid tveksamt med registry ändringar om man inte vet vad man håller på med. Borde inte ett vanlig malware program lösa detta bättre? 15/05 ooo but the pc master cheated so he can no longer be called hardcore and was disqualified from the game, what a shamefull display :O 15/05
Skicka en rättelse