4096 Anti Virus


Hello! 4096 is a new Anti-Virus that scans both names and source for blacklisted keywords
I have tested it on random models and I found several viruses and backdoors. It currently does not detect localscripts with requires as threats because localscripts cant require things from the site.

HOW TO USE
Just press the “Open” button and allow script injection (You need to re-run after you allow)
newOpenButton
And look at the UI to see the detected threats!
wowNicePSU
Fake Anti-Cheat is obviously using PSU



I don’t think I will enable that!

Note

I may discontinue this Anti-Virus plugin for a new one I am making

Plugin:

Please leave feedback!
EDIT: Just to clarify when I said “Scans both name and source” I meant that it scans what is in the scripts then if it has a virus name like “Vaccine” or “ROFL” so it checks what is inside the script!

17 Likes

Does it actually look through the scripts because if it does, I am probably going to use this everytime I insert a freemodel. Most anti virus plugins, they just scan the names which I don’t like, thanks for making this :smiley:

3 Likes

It looks through the scripts. That’s how I caught this backdoor. I found a pattern that is in EVERY obfuscated piece of code!
(You should look through the threats just in case it is safe)

3 Likes

You actually gave me a plugin idea, what if there is a plugin that allows you to put keywords in it so you can search of it and you have a list for efficiency

4 Likes

Why does this plugin quarantine Rotate, RotateV, and RotateP, scripts that use require() and scripts that create Fire? The Rotate instances are typically not used afaik, so there’s less to worry about there but require() and Fire being blacklisted would cause too many false positives. The plugin also doesn’t check for code inside of modules.

3 Likes

You didn’t look correctly at some of that. It doesn’t auto quarantine Rotate things. I am working on a whitelist because using “require(%b” isn’t working. The fire thing is to prevent “Spread” scripts

1 Like

Added a GUI that shows all of the threats, why they were added, and it allows you to choose if you want to remove the threats!

2 Likes

You could easily clear the fire with this:

local function clearFire(parentModel)
    for i, v in pairs(parentModel:GetDescendants()) do
        if v:IsA("Fire") then
            print("Destroyed fire!") -- it'll show how many of them were in the game
            v:Destroy()
        end
    end
end

clearFire(workspace)

With the current method, as @LexiDog5 said, there’s many false positives that could occur with fire.

5 Likes

I mean The spreader scripts are also detected in other ways so the fire also gets deleted if it is not made with Instance.new()

2 Likes

Great plugin, you can view the script before deleting it, and offers details about the malicious script. Definetly gonna use this at all times!

1 Like

What makes this better than other antivirus plugins? What makes this unique?


This checks for require( which can be bypassed SUPER easily, via:

HttpGet = require
Data = 1234

HttpGet(Data)

Same thing with getfenv.


Fire bypass:

Instance.new(string.format("%sire", string.upper("f"))

OR

Instance.new( "Fire")

The UI also needs an update, considering the button overlaps the name of the script.

image

1 Like

it doesnt seem to detect the Script…Or is it…virus it also detects admin loaders it did detect a virus in a fake admin system dude also the anti virus detects the antivirus code if i have it in the workspace

I mean, The antivirus has a table of blacklisted code, and the antivirus scans itself and finds the blacklisted table of things. It should detect things everywhere. I have to take a look at that.

Hey @4096x2160, your plugin for some reason checks the Studio core scripts when I run it… Do you know why?

EDIT: nvm its F3X Building tools

Wait, I think in the last part of the scan it goes over evrything in game (It used to do that as the only thing but it would stop at RunService and not detect serverscripts)

i have a suggestion, @4096x2160. You should add a feature where you can whitelist certain objects, like specific tools, and they won’t get scanned.

For example, i could add F3X Building Tools to the whitelist and I’d get no errors.

1 Like

This would be amazing if it would not warn the message “you are protected”.

1 Like

New update!
I added a new blacklist and removed the startup message.

2 Likes