GTA 5 Mods Found Bundled With Malwares

GTA5 mods malware

Playing Grand Theft Auto 5 ? No Problem, but if you are going to install mods in it,  be careful!

Two GTA 5 mods namely "Angry Planes" and "No-Clip" have been found to be bundled with malware, according to a thread on the GTA forums. Both mods have been found to install a malicious file named fade.exe to steal users' login credentials of social networking accounts, spam other users, steal session cookies, make the machine participate in a UDP flood attack, and more.

If you downloaded and used one of these two mods and played GTA 5 with them, follow the below steps to remove the malicious program:

STEP 1:  Press Ctrl+Shift+Esc, go to processes, and end the csc.exe process.

STEP 2: Go to your Temp folder at "C:\Users\*YOUR USER NAME*\AppData\Local\Temp". Then sort the files by date added, and find .z and init..exe and delete those. Some reports say that .z might be named differently, like .x.

Some people also reported an unnamed archive file (.zip or .rar) that could not be opened (see the image below). If this exists, delete it.


STEP 3: Find a recently made folder named "5B9EF37A" (This may be a randomly generated name for each person). Remember, it contain Fade.exe. Delete it. (See the image below)


STEP 4: Type in regedit in your Start menu search, or regedit.exe using run. Then goto the path located at the bottom of the below image:


STEP 5: Choose the one without "Classes" at the end. Remove the "Shell".

STEP 6: In registry go to "HKEY_CURRENT_USER\Software\Microsoft\" and look for "Fade" and "Leep" and delete them.

STEP 7: Go to "C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\x64" and delete GTA5.exe if it exists.

STEP 8: Remove the mods from GTA V and then restart your computer to make sure all instances of Fade.exe are no longer running.

"Gamers need to be cautious when installing mods onto their computers, especially those that haven’t gone through any sort of quality check. Always make sure to scan a mod using anti-malware software before installing it to make sure you stay safe," Malware analyst Joshua Cannell advises in a blog post.

No comments

Powered by Blogger.