Find getfenv (extremely fast and easy backdoor / virus finder)

Resources Community Resources
#1

Here’s the plugin:

All it does is loop through the main services in explorer and find scripts with source code that contains “getfenv” which is almost always included in backdoor / virus scripts. It doesn’t do anything to these scripts, it just prints out their full name. I’ve also tested this vs more advanced “Anti-Virus” plugins like MightTea Cleaner 2 and Server Defender. The more advanced ones don’t even give you correct information / find viruses. For ex. “Server Defender” told me to get rid of the plugin “Paint On Click”. This is what the screen looked like when it found this “malicious plugin”:

image
image1456×611 171 KB

Using Plugin Importer I looked into the source code for Paint On Click and found nothing malicious whatsoever. It’s frustrating because there’s all these super decked out “Anti Virus” plugins / models that do absolutely nothing when it comes to finding backdoors / viruses in code get an incredible amount of attention when in fact a simple plugin, such as the one I made, with under 100 lines of code could actually tell you where viruses are in your game.

Disclaimer: This does the exact same thing as Ctrl+Shift+F and searching for "getfenv"

If you have any questions / concerns please reply to this post. I would glad to learn from or help you, thanks!

7 Likes
#2

Why not just Ctrl+Shift+F search all scripts for getfenv?

8 Likes
#3

That also will work great. I’d just prefer to have a button to click whenever I want to check

#4

I’ll give this plugin credit, it does have the added benefit of reminding users about scanning for viruses if they check the plugins menu.

1 Like
#6

image
image

If it had a better parser, there could have been a point in using this over ctrl+shift+f. But I don’t find it convenient to use a whole plugin rather than a keybind.

#8

Yes I realize that (as stated in the post). It’s more to bring awareness to these other fake anti virus plugins and the fact that all it takes it searching for a simple keyword. It also is handy to just click a button and search all your scripts then the two step CTRL + Shift + F and typing it. Not that it’s much more work at all, I just prefer the click of a button

#12

This is very helpful! Thank you for creating this plugin :grinning: