Installed a modding program for GTA5 (OpenIV) from two different sources and now not sure how to properly scrub windows in case there’s a virus

[TheSilverKing]

Here are the links I used (I used the first one first with the offline installer, then reinstalled windows as I wasn’t sure it was legit (the official site for the OpenIV program is down and has been for three months) and installed from the second one. My recent experience with Minecraft mods getting viruses made me a bit worried about this program so I then:

 

reinstalled windows 11 from a clean bootable usb

deleted all the partitions on my C drive and let the windows installer make a new one

deleted all the partitions on my storage drives and remade them in windows

 

a couple days later I realized I should probably reflash my BIOS just to be safe, so I used a clean laptop to make a BIOS flashing usb as well.

 

links

 

https://gta5mod.net/gta-5-mods/tools/openiv-3-1/

 

https://archive.org/details/openiv_202304
 

What made me so paranoid was this VirusTotal scan https://www.virustotal.com/gui/file/bb476bef066592e17b65ac5d12306ee55fc33065402bd3be3591cf5f04cdf6e6

 

did I do things backwards by reflashing the bios second?

 

mods, I’m unsure what forum this should go to, so please feel free to move it if I have put it in the wrong place.

[Bombastinator]

The standard “it’s infected! Scrub it!” Is to wipe everything that was connected.  Sometimes there are apps that can save parts, sometimes not.

[Alex Atkin UK]

Its worth noting that particular detection method seems prone to false positives, so there may be no infection at all.

[tkitch]

if you deleted all the partitions on the drive and made new ones, 99%+ you're safe.

 

very very very few viruses can live through that, and/or infect the bios.  

[r00tb33r]

In the future you can use shadow copy feature and restore points in Windows so you could roll back your games and the system if something goes wrong with mods.

[PDifolco]

53 minutes ago, TheSilverKing said:

Here are the links I used (I used the first one first with the offline installer, then reinstalled windows as I wasn’t sure it was legit (the official site for the OpenIV program is down and has been for three months) and installed from the second one. My recent experience with Minecraft mods getting viruses made me a bit worried about this program so I then:

 

reinstalled windows 11 from a clean bootable usb

deleted all the partitions on my C drive and let the windows installer make a new one

deleted all the partitions on my storage drives and remade them in windows

 

a couple days later I realized I should probably reflash my BIOS just to be safe, so I used a clean laptop to make a BIOS flashing usb as well.

 

links

 

https://gta5mod.net/gta-5-mods/tools/openiv-3-1/

 

https://archive.org/details/openiv_202304
 

What made me so paranoid was this VirusTotal scan https://www.virustotal.com/gui/file/bb476bef066592e17b65ac5d12306ee55fc33065402bd3be3591cf5f04cdf6e6

 

did I do things backwards by reflashing the bios second?

 

mods, I’m unsure what forum this should go to, so please feel free to move it if I have put it in the wrong place.

Looks like useless panic ... Most modding programs must look like "viruses" to work, and only one out of 20 antivirus gave a positive, one I've never heard of, so won't trust it...

[Bombastinator]

1 hour ago, PDifolco said:

Looks like useless panic ... Most modding programs must look like "viruses" to work, and only one out of 20 antivirus gave a positive, one I've never heard of, so won't trust it...

A point. There is such a thing as a fake malware trojan where they inject the package with the repair system instead of the thing being called malware.  These things usually trip every time though.  There are also fake “you have been infected” pop ups where there wasn’t even anything to trip.  1of 20 is a low number.  Malware is actually fairly rare.  Most people don’t have enough money to steal.  Some do though.

[Alex Atkin UK]

3 hours ago, r00tb33r said:

In the future you can use shadow copy feature and restore points in Windows so you could roll back your games and the system if something goes wrong with mods.

Yeah but trusting System Restore for an actual trojan infection is a bad idea, its only for a corrupt OS.

[Bombastinator]

10 minutes ago, Alex Atkin UK said:

Yeah but trusting System Restore for an actual trojan infection is a bad idea, its only for a corrupt OS.

I dunno.  Save points change everything don’t they?  If they don’t you’re totally right though.

[r00tb33r]

22 minutes ago, Alex Atkin UK said:

Yeah but trusting System Restore for an actual trojan infection is a bad idea, its only for a corrupt OS.

My ex-fiancee wanted me to wear two.

 

And she was right, one full-on ripped.

[Bombastinator]

5 minutes ago, r00tb33r said:

My ex-fiancee wanted me to wear two.

 

And she was right, one full-on ripped.

? (There needs to be an emoji for something sailing over your head)

[TheSilverKing]

18 hours ago, PDifolco said:

Looks like useless panic ... Most modding programs must look like "viruses" to work, and only one out of 20 antivirus gave a positive, one I've never heard of, so won't trust it...

Unless I’m missing something, 2/67 gave a positive. “Bkav Pro W32.AIDetectMalware” and “Trapmine Malicious.high.ml.score”

 

I’m not sure what these things mean and couldn’t find much about them when I looked. Malwarebytes and Windows Defender both didn’t find anything though.

[PDifolco]

2 hours ago, TheSilverKing said:

Unless I’m missing something, 2/67 gave a positive. “Bkav Pro W32.AIDetectMalware” and “Trapmine Malicious.high.ml.score”

 

I’m not sure what these things mean and couldn’t find much about them when I looked. Malwarebytes and Windows Defender both didn’t find anything though.

My feeling is that there's nothing dangerous here, only some byte sequences that may resemble some virus signature

I don't trust at all those unknown antiviruses, the guys are paid to detect stuff, so...

 

[r00tb33r]

The moral of this thread is celibacy is the answer for those who are afraid of STIs.

 

In other words, if you're afraid then don't download things off the Internet.