When you’re a person like me who frequently uses free models or scripts from the Toolbox, you run into quite a lot of viruses. Of course, there’s nothing wrong with using free things from the Toolbox, but it gets a bad rap because of the sheer amount of viruses.
If you’re not vigilant, it’s not safe to use the Toolbox. It certainly doesn’t help that Roblox isn’t doing anything about viruses and hasn’t really expressed interest in doing so, leaving backdoors wide open and allowing TOS breakers to run free while innocent people who do nothing wrong get banned.
The issue I’ve come across, though, is that… there’s never really a list to tell you what specific items are viruses. Sure, it’s easy to catch them yourself (even easier if you have an antivirus plugin- I use Venom), but some can always slip through the cracks, and on big games, having to look through everything by hand is frustrating. And some viruses look completely harmless.
Also, things are just easier to go through when you have a masterlist. One-and-done.
So, here’s a (constantly unfinished, probably) masterlist on viruses and backdoors found within the Toolbox. (If you’ve found one not listed or have an explanation as to what one is/does, let me know! The more we list, the safer we’ll all be.)
Viruses come in a few flavors- the traditional Script (of any kind) and disguised as other items, often Hidden Classes (Rotates, Snaps, Motors, Joints, Geometry, etc.), Fire, or Values.
Note that these are the names of the virus scripts!
- Vaccine - Often comorbid with: Script… Or is it… + Spread
- Spread - Often comorbid with: Fire + Vaccine - Lag generator, almost always comes with Fire.
- Script… Or is it… - Often comorbid with: Vaccine - Generates other viruses.
- ProperGr�mmerNeededInPhilosiphalLocations;insertNoobHere (aka “ProperGrammar”, “Proper Grammar”)
- WelderPart - ALWAYS check any “Weld” scripts for backdoors. A lot of Weld scripts are genuine, though! If you know a bit about Lua, you can more easily tell which Weld scripts are genuine and which aren’t.
- Anti-Lag, AntiLag, or Anti Lag- Not to be confused with actual anti-lag.
- Webhook - Not to be confused with actual webhooks. Connects your game to another game or something on the Marketplace, or an external Discord server used to rip models or hack into games.
- MainModule - Not to be confused with actual, harmless modules.
- ??? command
- API - Not to be confused with actual APIs.
- Wildfire - Often comorbid with: 4D Being - Lag generator.
- dââââââââng you got owned
- join teh moovment! - Same as Wildfire.
- Kill tem! - Same as Wildfire.
- Virus or VIRUS
- SnapReducer or Snap-Reducer
- Guest_Talking_Script or GuestTalking
- N00B 4TT4CK!
- Fire - Often comorbid with: Spread - Almost exclusively seen with Spread. Fire appears as a Fire particle, will be present on everything it can exist on in a model. Scripts might exist within Fire too. Lag generator.
- OHAI - Virus container.
- No samurai plzzz - Virus container.
- OH SNAP YOU GOT INFECTED XD XD XD - Virus container.
- 4D Being - Container for Wildfire. Normally a VelocityMotor. Used as a gateway for other viruses. Lag generator.
- Deth 2 teh samurai! - Virus container.
- Hello…I �m Your New Lord Lolz - Often comorbid with: Script… Or is it…
- d��������������ng…you got owned… - Often comorbid with: Script… Or is it…
What gives viruses away?
- If a script contains obfuscated code (example), that’s ALWAYS a sign it’s a virus. Run.
- If a plugin or a model is based off a popular, genuine one, but it wasn’t created/published by its creator (ie: Kohl’s Infinite Admin, but it wasn’t published by Kohl himself), that’s generally the sign of a virus.
- If a script has a very long scroll bar (you’ll be able to tell if the scrollbar dragger is rather small), that may be a sign of obfuscation. Check the extremes of the scroll for suspicious code, like obfuscation, require(), or getfenv().
- Almost anything with a broken symbol in it. Broken symbols will look like a question mark inside a diamond: �
- Many scripts with require() and/or getfenv() - Remember that sometimes these are legitimate though. If it has a long scrollbar that’s hiding a require or getfenv, it’s probably a virus. (UPDATE: require() introspection is here! This allows you to see if any scripts in your game are sending a require(), which ones are doing so, and what asset they’re calling.)
- If you input a model from the Toolbox and your Studio lags massively or temporarily freezes, check what’s inside the model. Scriptless models, no matter how large, shouldn’t lag Studio that much.
- Hidden Classes and Fire that seem to exist in model’s children for no reason at all- Hidden Classes will often have odd names. This may occur with Values too, but check if the Value is legitimate or not.
List of users whose Toolbox items are normally viruses:
A lot of the users/groups listed here just dump viruses into the Toolbox. Normally bots.
- Totally Not An Exploiter Group
If you have any info to add onto this, let me know! I’m just one person, after all, I can’t find everything.
I don’t know technical speak or scripting all that well, so if you ask me about any of these in regards to specifics (what they do, etc.), I can’t really answer you. I’m just an artist, man! If people who do have more info about these want to answer though, they can.