The internet is abuzz with news of various kinds of viruses and malware infecting computers after the installation of some lesser-known PC Mods for GTA 5 such as Angry Planes and No Clip mod, as renowned YouTuber iCrazyTeddy sheds more light on this issue, following a spate of recent user complaints on GTA Online forums.
As iCrazyTeddy reports, a certain section of hackers and modders are allegedly packing these mods with some Trojans, Keyloggers and other malware before re-releasing them to the community.
It is ascertained that the Angry Planes and No Clip mods are a few among the affected mods that need to be completely deleted or quarantined from your computer to prevent hackers from stealing your private information including credit and debit card details.
If you have used the mods Angry Planes and/or Noclip mod, then here is how to get rid of the virus, or check if it is still on your computer.
1. Press and hold Ctrl, Shift and Esc together, go to processes, and end the csc.exe process.
2. Navigate to Temp folder at "C:Users*YOUR USER NAME*AppDataLocalTemp"
3. Sort the files by date added, and find .z and init.exe and delete them. Some reports say that .z might be named differently, like .x.
4. Some reports also suggest an unnamed archive file (.zip or .rar) that cannot be opened which should look similar to the one in the image: http://i.imgur.com/5an5ARa.png. If you find this file, just delete it.
5. Then find a recently made folder, should be named something like this: https://i.imgur.com/knF3dAB.png and should contain Fade.exe. Delete this folder as well.
6. Type in regedit in your Start menu search, or run the command regedit.exe via Start menu.
7. Go to the path located at the bottom of this screenshot: https://i.imgur.com/bBtk8HM.png, wherein HKEY_USERS is the first folder you expand, and the folder after it is a long string of characters (different for each person). Choose the one without "Classes" at the end. The key we are looking for is "Shell". If you are using a custom shell, remove the string after it that leads to Fade.exe. If it just contains explorer.exe and nothing after it, it should be fine to either remove it or keep it the way it is. If you have no idea what you are doing, just delete the "Shell" key from registry.
8. In registry go to "HKEY_CURRENT_USERSoftwareMicrosoft" and look for "Fade" and "Leep" and delete them.
9. There are also reports that a malicious GTA5.exe is placed inside the x64 in the GTA V directory, probably related to the Noclip mod. Go to "C:Program Files (x86)SteamsteamappscommonGrand Theft Auto Vx64" and delete GTA5.exe if it exists.
10. Of course, remove the mods from GTA V. Do not re-add them. If the server that was grabbing information comes back online, you could be affected again if you decide to keep using the mods.
11. Consider running an anti-virus at this point, just to make sure you got all the instances.
12. Restart your computer to make sure all instances of Fade.exe are no longer running.
[Source: GTA forums]