Hello. I’ve been noticing that a lot of models on the toolbox contain viruses that ruin game performance, so I wanted to share with everyone how to identify these models, in order to make sure that people don’t infect their game with these viruses.
The viruses in the models don’t affect your computer in any negative way, and the only thing that they do is decrease game performance, sell something or provide serverside access to exploiters.
Models endorsed by ROBLOX(they have a little badge icon on them in the toolbox) do not contain any of these viruses, so you can use them safely.
So how do I identify a malicious model?
Normally, the people who make infected models hide the viruses very well, by obfuscating the malicious code inside the scripts. The quickest way to identify an infected model is by going into the scripts(don’t worry, we won’t need to do any scripting yet), and check if the scrollbars on the right or on the bottom are bigger than they should be. A good example of this would be:
The scrollbars are way bigger than they should be, since these model makers actually hide code beyond what you first see when you open the script. If I scroll the right amount, I can actually find this piece of code:
The first thing you should notice, is the number between these parentheses.
This is actually a ROBLOX model ID, and if we go check out what it is,
We find a script titled MainModule, which means that the script is a module. Uploaded modules can have its functions be run by using
require(ModuleID), which can be used to do malicious actions without you(before seeing this post) ever seeing it in Studio.
You may be asking, “How do you know if he’s running the require() function?”, and my answer to you would be that using
getfenv() is very suspicious, since it’s unnecessary in many cases. I’d then go on to say that
\114\101\113\117\105\114\101 actually means “require” for the Lua compiler, so you can pretty much see that the model maker’s trying to require his module.
I actually checked his module, and for some reason it just contains a function that’s basically a clone of the print() function… I used this model since it was a good example of what could be malicious.
Another thing, if you see
PromptPurchase() being run without you being aware that the script sells things to the player, then delete it. A good example of this would be Kohl’s Admin model that sold the chair model to everyone.
Rookie viruses include but are not limited to:
while 1/true doloops without a yielding function
repeat untilloops where the until statement is always false, and the repeat statement contains no yielding function
- A loop that iterates through all players and runs
player:Kick()without you being aware of such.
Yielding functions include but are not limited to:
Hope I helped! And if I forgot something or made an error in my post, please tell me!