Trojaner FiveM Windows Server

henryMITy · August 8, 2023, 4:32pm

Hello, I made myself a server and when I was online for 4 hours, my antivirus (Windows Defender) got the message:

Need answers why it is like this?

TheIndra · August 8, 2023, 4:32pm

Did you download an existing server base from somewhere? This file is not part of FXServer, but often seen coming from malware spread via resources.

henryMITy · August 8, 2023, 5:24pm

I downloadet it from here: /artifacts/fivem/build_server_windows/master/ / FiveM Artifacts i dont had any leaked scripts
only vMenu, Luxart Vehicle Control and Holster Script from LSPDFR not more idk why

TheIndra · August 8, 2023, 5:24pm

Did you download those servers yourself or did you use a server base from somewhere? Where did you download them?

henryMITy · August 8, 2023, 5:43pm

I use it for myself on my computer and what do you mean with where you download them?

TheIndra · August 8, 2023, 6:11pm

Those resources are not default, did you download them yourself or did you use an existing base?

MilkDrink · August 9, 2023, 6:04am

Hi, the following posts also reported this exe file, the common one being that they downloaded something from somewhere and ran it on their server that created this file. It is not there by default and is not generated by the fivem server.

That’s why we ask what you downloaded and where you downloaded it from, because it could have been hidden in something that generated/ran the subafivem.exe file.

But the official artifact does not contain this exe file!

What is this in script? - #21 by Dejv_Games
A weird Line gets added to some resources - #31 by AtlanticeRP

Dejv_Games · August 9, 2023, 6:48am

This virus is infection from script you could download a bad script from somewhere the best you can do track the resource that started doing this and delete it then go to files via Visual Studio Code find infection codes they look like something like this: local Fscssifjioaslwhoahfoakslkwiouafhaoh \62x\72x\50x\82x\ delete them and intall cfx-default from github because the resource most likely infected it
Link for cfx-default that i used: GitHub - citizenfx/cfx-server-data: Data repository for CitizenFX servers.

The resource infected file in cfx-default named system i recomend you uninstall the file and install a new one from the link i sended you.
Then if you found all the infection codes via Visual Studio Code you should be good to go.
Everything that i typed here helped me.

enty2.0 · August 9, 2023, 6:52am

Hello, as previously mentioned by others, this file is not official and appears to carry a risk of being a RAT/Malware.

Steps to take:

Remove the file immediately.
Ensure your Windows OS is up to date, along with your Defender/Antivirus Software.
Refrain from downloading any “base” files from individuals online unless they are sourced from the cfx.re Forum.

henryMITy · August 9, 2023, 10:01am

i dont know how but i downloadet it from here:

/artifacts/fivem/build_server_windows/master/ / FiveM Artifacts

henryMITy · August 9, 2023, 10:04am

Okay thanks for the help!

seba_3567 · December 9, 2023, 9:35pm

im make scripts for block in host file many ips and url for somes backdoor

henryMITy · December 10, 2023, 7:13am

It was a script with a virus i fixed the problem…

but Thanks for the help