I do not know where this topic should go. If it doesn’t belong in Scripting Support or should be in another category, please tell me so I can move it.
Recently I was hired as a scripter. I went into their game, opened ServerScriptService, and found like 20 scripts that looks like a virus. I used an antivirus plugin to scan their game, found 227 viruses, but this virus script in ServScriptService wasn’t detected.
I’m just wondering, is this a backdoor or a virus or just some weird looking script? Virus.lua (41.3 KB)
If this is a virus, I hope antivirus plugins can update and detect these viruses.
If you wanna check out this plugin, it’s here. This is the devforum post by the creator.
The code itself is obfuscated which likely means it is trying to hide the fact that it is doing malicious behavior. Unfortunately it uses Luraph and the constant dumper I use only works for certain obfuscators, and it doesn’t support Luraph sadly. I suggest that you just remove it.
And now I found another script that looks like a virus.
It only has require(5182026494) in it. https://www.roblox.com/library/5182026494/studio-detection
This is the module it’s requiring and it looks like a backdoor. I deleted the script but I also want to tell anyone that sees this post to check if your game has a script which requires this.
When I hold down the right arrow to move the cursor to the right it goes to the left instead. Special characters (like a right-to-left unicode character) are being used for this, unfortunately I don’t know about that magic
All I can really say is check your plugins and any free models
I don’t use free models, but the person hiring me uses free models. Also my friend’s account once got terminated because he used free models and people could just break into his game and play bad music.
When looking through games and looking for viruses there is one main rule: If you find an unfamiliar script, discard it. You could also check where the ID inside require() leads to. If you see no reason for it to be there, delete it. You should also ask the person who has hired you if that script was intentionally added, and if you’re both unfamiliar and don’t know how it got there then discarding it is your best option.
If it keeps coming back, it will be worth checking plugins and inside any free models. Automatic virus scanner plugins in Studio are usually alright but they are not always reliable and may not find absolutely everything. Although it’s inconvenient, it’s better to look inside models manually for anything that is not supposed to be there.
Yep, I know this. It’s only because this looks weird and I’ve never seen it before. The person who hired me is fairly sure that their builder just used free models and said he finished building.
If 227 viruses are removed in one season then i think you need to tell the person that hired you that they need to be careful what they put inside the game .
Also the script that you showed probably is a asset being loaded into the game.
I recommend not deleting the viruses though telling the owner that there game may have 1 or 2 security breaches. Such as backdoors Is the only major concern also put that plugin on a new baseplate to make sure that plugin is accurate.
The require script is reffering to this object Id.
Hello, I have a thing you could use, I once made a script that finds viruses and destroys them.
Here’s a easy thing you could do use the search thing and search Prop, the prop gear thing, that mainly has thing with viruses in it.
Hey, I took a look at my script. Do CTRL+SHIFT+F and search RotateP. If it shows something in the search output, then it mainly will have a virus in it.
Hi there,
The detection for Server Defender is updating daily. Those improvements happen automatically when the plugin starts up, however, we cannot guarantee everything malicious is being detected.
If you do not know what a script does you should remove it from your game.
Make sure you’ve got a copy of the game before removing it in-case the game doesn’t work without the script.
.
