WIP Beta released American Road 1.94

wait this mod had a malware
how
--- Post updated ---
when was the malware first installed
I only ever use the most recent version of the game
--- Post updated ---
how do I know if I have the malware

 

That’s strange I didn’t see any malicious files.

 

Prob cause you downloaded the mod after the malware was removed

 

i downloaded the mod in 27th april is there any issues with me (deleted mod and no malware and suspicious files found)

 

Nah your fine

 

few thak you

 

No problem man

 

So I have a question. On April 1st, I didnt turn on BeamNG at all. And since the 0.35 update was out on 2nd of April and I updated beamng to 0.35 before opening beamng in april at all am I safe? I dont know how the repository updates work so. But just to be sure I did the most precise Virus test Avast can do and its the one after restart.

 

hello i downloaded the 2019 and 2018 vers isthere a malware on that files (downloaded on 27th april) its on my usb and cant find any malware or sus files

 

The update with malware contained was removed 3-4 days ago. American Road old versions are safe to use, including the newest update

 

doing a full scan rn

 

Thank you for the update on the situation and for getting rid of the malware and banning the (possibly) hacked account.

However this brings a good point for transparency. Whilst we know you are all very busy and have good reasons for banning accounts, maybe when the account(s) start putting things like malware into their mods just tell us. Obviously you can only tell us once it's been found out and I'd only advise you (the devs/mods) telling us once the situation has been taken care of but not days after and only once we make enough of a talking point about it. (I'm not trying to be rude or sound like an arse, I just want what's best for the community)

 

Hi, I unfortunately downloaded the American Roads update on April 1st & added it to my Mods folder, but I don’t remember if I ran it in 0.34 before updating to 0.35. So I checked in C:\Users\Name\AppData\Local\Temp for the malware files listed in the blog post as:

“%TEMP%\tmp6FC15.tmp”
“%TEMP%\tmp6FC15.dll”
“%TEMP%\TMP785E.tmp”

But I only found “tmp6FC.tmp” & “tmp7852.tmp” in my C:\Users\Temp folder, with no similarly-named DLL files. Does this mean I am not infected? (Not sure if the “6FC” temp files have any relation to the malware “6FC15” file, or if the malware is just borrowing the name to avoid detection.)

And besides looking for specific .tmp and .DLL files in the Temp folder, are there any other ways we can check if our computer has been infected? I just ran a Windows Defender scan and that came up clean, but wanted to make completely sure that I dodged the infection.

Also one last question - is there any way to patch this vulnerability in 0.34 or older versions with a mod or something? I have a lot of saved replays & mods that only work on older versions of the game (like the DFA pack), but now I’m afraid to launch them in case someone in the future tries this exploit again but with a different mod. Could a patch possibly be backported so users stuck on older versions can stay safe? Thank you

 

So, I tried to find out if I played the game on April 1st, and the only clue I have are two log files ('beamng.log' and 'beamng-launcher.log') in 'AppData\local\BeamNG.drive\0.34'. These two files were last edited on April 1st at 02:44:05 local time in Germany (UTC+1 I think). The last time the 'beamng.log' mentions 'americanroad.zip' is around 40 seconds after the game was started at 01:35:27 local time according to the log, if I read it correctly ("40.71942|D|GELua.core_modmanager.initDB| mountEntry -- /mods/repo/americanroad.zip: MHFGSECKW : americanroad").

The next time BeamNG was started apparantly was on April 3rd, after the update to version 0.35, because that is when the '0.35' folder was created, and because the two log files in '0.34' are the last files edited in there.

Soo ... my question is: When exactly was the malicious version of the mod uploaded to the repository? Could the version I had back then be the malicious version at that specific time? Or did I miss the trojan by only hours?

 

Hi all, I downloaded American Road from the repo on April 3rd, at 3 PM EDT. I deleted it 3 hours later after being bored of it, but do I still have the virus?

 

that could be the reason for my norton popup issues

 

i remember the mod being updated, but since i had the refresh installed i didn't download it. thank god i didn't

 

is the mode safe now? (is every versions safe?)

 

Do we know if the author himself put the virus in it, or was the mod modified by someone else who managed to upload it through that account? Because putting a virus in a mod you've made and that's liked by thousands seems illogical