Jump to content

View New Content
Forums
Photo
- - - - -

Gmod lua virus


  • Please log in to reply
9 replies to this topic

#1 Eclipse

Eclipse

  • 299 posts

    Regular User

Posted 19 April 2014 - 05:37

Don't know if anyone has been informed about this or not, but there is a lua virus going on around gmod at the moment, it will change your name and spam your friends saying stuff like "8cough* *cough*" meaning it could of spread (idontknow)

 

This has apparently reached a pretty good amount of servers.

 

And if you want to make sure you do not have it, go to your garrysmod/garrysmod folder and look for these files

 

/materials/cooltexture.vtf

/bin/game_shader_generic_engine.dll

/download/engine_win32.dll 

 

If you have ANY of those, delete it instantly. Wouldn't advise going onto gmod much. Facepunch has been spammed with people trying to find a fix to this.

 

http://facepunch.com...d.php?t=1386818

 

5200 people were reading it earlier.



#2 Fox

Fox

  • 1,203 posts

    Forum Regular

Posted 19 April 2014 - 06:28

In my gmod , there hid the game_shader_generic_engine.dll , tho i only play on LDT servers



#3 Sythen

Sythen

  • 604 posts

    I LOVE MY BRICK!

  • Steam:STEAM_0:1:7052825
  • LocationBirmingham, England

Posted 19 April 2014 - 06:38

@echo off
title Exploit file cleanup - MFSiNC

if exist "hl2.exe" (
    cd "garrysmod"
)

if not exist steam.inf (
    echo.
    echo You're running this from the wrong place!
    echo.
    echo Put this file in your garrysmod folder, either server or client, and re-run it.
    echo.
    echo.
    pause
    exit
)

echo.
echo This will remove the files used in the exploit/virus.
echo.
echo To see exactly what will be removed, open this batch file with Notepad.
echo.
pause

echo Cleaning..

taskkill /F /IM hl2.exe > nul
taskkill /F /IM srcds.exe > nul



::Files, clientside
if exist "engine_win32.dll" (
    attrib -h "engine_win32.dll"
    del /F /Q "engine_win32.dll"    
)

if exist "materials\cooltexture.vtf" (
    del /F /Q "materials\cooltexture.vtf"
)

if exist "bin\game_shader_generic_engine.dll" (
    attrib -h "bin\game_shader_generic_engine.dll"
    del /F /Q "bin\game_shader_generic_engine.dll"
)

if exist "download\engine_win32.dll" (
    attrib -h "download\engine_win32.dll"
    del /F /Q "download\engine_win32.dll"
)

::Dir
if exist "download\cfg" (
    RD /S /Q "download\cfg"
)



::Files, serverside
if exist "lua\autorun\server\default.lua" (
    attrib -h "lua\autorun\server\default.lua"
    del /F /Q "lua\autorun\server\default.lua"
)



echo.
echo Done.
echo.
pause

 

 

Copy and paste into a text file

Change the file type to .bat

Place in Gmod Folder

Run


  • Eclipse likes this

Posted Image

"Motoki: vaginas are gay"


#4 user

user

  • 765 posts

    Regular User

Posted 19 April 2014 - 08:49

Error: The process hl2.exe not found.

Error: The process srcds.exe not found.

Done.

Press any key to continue...

*closes*



#5 Bo98

Bo98

  • 274 posts

    aka BoA98

Posted 19 April 2014 - 10:11

It's patched now I believe. I don't know if servers need to be updated or not.

#6 microlander

microlander

  • 102 posts

    User

  • Steam:microlander

Posted 19 April 2014 - 10:44

"An exploit was released last night that took advantage of the Source Engine’s file sending mechanism which made it possible to send files with any extension to the client or server. This exploit is likely still active in all other Source Engine games so we’re not going to go into specific details about it. 

Needless to say that this was exploited in Garry’s Mod on Windows to send dlls to clients and servers. As far as we are aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names. But to be safe we recommend that you consider deleting your Garry’s Mod install and starting fresh. It might be a good idea to do an online virus scan too. 
The patch we released this morning attempts to clean up any mess left behind by these exploits and patches the variety of methods which they used. If anyone has further information about the exploits, or any exploits left un-patched please email Garry Newman personally at garrynewman@gmail.com."    From Garry on the forums

 

Ignore my copy n paste skill



76561198084161294.png


#7 Psycix

Psycix

  • 11,431 posts

    Owner

Posted 19 April 2014 - 12:20

This is an RCON exploit.

Some time ago I closed the LDT box's TCP ports because RCON is extremely vulnerable to all sorts of this shit.

RCON needs TCP.

 

We are invulnerable to this.

So yeah, for those worried, LDT and it's players are unaffected.


  • Trif, Commander, Slendy the Slenderman and 1 other like this

LDT is LDT.


#8 Trif

Trif

  • 1,586 posts

    Diceroller

Posted 19 April 2014 - 13:26

For a serious exploit that could've been used for much worse, I'm pretty happy with what these guys did.

Although just notifying the developers would've been best.


I think we should hook up an AI to the servers which is able to detect retards, displaying a message to them that they have to insert a coin to play.


#9 Psycix

Psycix

  • 11,431 posts

    Owner

Posted 19 April 2014 - 15:38

Although just notifying the developers would've been best.

 

No, they wouldn't have given a shit and fixed it in months. Now they HAD to push out an instant fix.


  • Marmite and Trif like this

LDT is LDT.


#10 Trif

Trif

  • 1,586 posts

    Diceroller

Posted 20 April 2014 - 22:07

Hmmm, I thought Valve was better than that.

Or at least Garry.


I think we should hook up an AI to the servers which is able to detect retards, displaying a message to them that they have to insert a coin to play.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users