I have noticed for a long time now. I just never clicked if it was a virus or not.
This line of code has been in some of my scripts. What and how?
I have deleted the scripts (obviously) and I forgot to just COPY the code in here. But I have a screenshot. I couldn’t capture all of it since it was long. What it did have is reverse mentioned
If these are in your scripts, someone must have put them there.
Cause as far as I am concerned plugins etc are unable to interact with written code inside of scripts.
If there are scripts with malicious code appearing, you should maybe have a look at your plugins or the ones of people who have access to the devplace.
Hello there. Thanks for your answer! I always moderate my employees during work hours. Yet, they never do anything suspicious. I supervise and help and do my own work. So, employees are out for sure. I have also checked there plugins, nothing seemed suspicious.
I guess better than that you can’t do.
This is a pretty interesting case since stuff like that doesn’t happen out of the blue, maybe check the permissions of the devplace (very unlikely someome is trolling like that, but I had that happen to me once).
But other than really checking the employees and plugins there is not much you can do.
One more suggestion I have is maybe moving to a different devplace if you can’t figure out the cause on long term.
Then that’s reaaally weird. I don’t wanna be too negative but it’s possible that Studio has been infected with some kind of virus.
To solve the problem, I removed and reinstalled all my plugins, then reinstalled Roblox Studio.
And thanks for worrying! It’s ok right now, it’s an abandoned project anyways lmao.
I clearly understand that fact. ROBLOX should take responsibility into this situation because, developers ESPECIALLY SMALL DEVS LIKE ME have little to no capacity spreading about the issue. Although, ROBLOX is most likely working on it HOPEFULLY.
Do you use models from toolbox, if so some of these could have a couple lines of code in let’s say a “Click to turn On/Off Light Script” (Example) and maybe there could be a require script that inserts something like this??
Malicious plugins, most likely.
I had this happen to me 2-3 months ago with a malicious copy of BrushTools, the formatting looks exactly the same to yours.
Later in the post you explain how you have a team of people working on the same project as you, and that you checked their plugins with everything seeming fine: the key word here is “seeming”. Malicious plugins are very, VERY hard to notice if you don’t know which plugin it is, so here are some crucial steps to take if you want to recognise one:
Check the author and upload date of the plugin in question, if there is another plugin that has been made before this or the author of the plugin isn’t the original, you’ve found your virus!
Check the description, sometimes the description is mostly tags to push it into the first results of the search.
Plugins cannot act if not started, so i recommend creating a new studio save file with 2-4 scripts and manually start up each plugin with each time checking the script, once you notice the RoSync virus appearing, you can safely assume the last plugin you opened is the malicious one.
If you could also edit the original post with the name of the plugins and the creator that you and your employees use, it would help us narrow down the problem a lot!
Hey there Aki,
I found the same RoSync virus in my commission. After a bit of digging, here’s what I found:
RoSync is a real thing made by NewFissy to backup his games.
Scam Plugins use a fake version of it to make you think your code is backed up. When you scroll sideways past the comment, it will use a GetFenv to require a module. The numbers are ASCII for require.
The module leads to a module chain, leading to this module. the module
The plugin that caused this issue was this Light Editor (Updated) - Roblox but there may be more.
Do CTRL+Shift+F and search for getfenv in your scripts to remove it.
(RoSync from what I understand steals your scripts, but I may be wrong)