Dear Developers,
My friend added a script into his game called “AdminLoader” which was obfuscated and recently he has noticed scripts appearing in random parts called “Welding”, “MeshHandler”, “Fix” claiming that if you delete them it destroys the game. He attempted to delete these scripts but they respawn. What’s intresting is that these scripts spawn without the game running. So the virus managed to run a script in studio. How exactly do they do this and what’s the solution?
idk, js dont use obfuscated code bro, the free models might just give ur game backdoors, lemme explain what a backdoor does.
So basically, you got an executor and you run a script, that scripts runs on ur client, so its not affecting the server, u might delete the map using a custom script, but the map will be deleted only on ur screen, now imagine the same thing, but its serverside, and if you destroy a map, it gets destroyed for everyone. (you would need to run a backdoor executor script using ur executor app first)
So yeah, most free models with viruses just add backdoors to ur game
The virus might be somehow running in the Plugin context, all I can thing of is to just remove all scripts you find in the explorer (you can do that by typing Is:Script in the search bar)
All I can say is check every plugin used, just like the others said. For things like malicious scripts, don’t trust obfuscated code, disable LoadStringEnabled (ServerScriptService property) and disable HTTP requests. If you think one of your existing scripts requires a malicious module, you can run this in the command bar:
for _, script in next, game:GetDescendants(), nil do
if not script:IsA("BaseScript") then continue end
script.Source = string.gsub(script.Source, "require%(%d+%)", "")
end
Edit: you could also try and detect when a script is added by running this in the command bar: game.DescendantAdded:Connect(warn)
Sounds like a pugin is causing the issue, seperate to the “admin loader” (which is probably obfuscated to hide some other malicious code). Disable script injection for plugins, you or your friend might have installed a fake copy of one.
For anyone wondering it is not a plugin. In fact this happened to my studio a 4 years ago and the model caused a random script to keep spawning in my games all year before it stopped.