I did make a topic about getting weird gamepass prompts and from people’s answers, I tried what they said but I found nothing suspicious. (Like finding a malicious script)
Thankfully @DecodedString have told me to find scripts with the word ‘reverse’. (Thanks Decoded)
Now, I made a new topic because I have a few questions.
How could this happen?
All of our scripts are original. I also deleted unwanted plugins before I started this project.
What on earth is RoSync?
In these scripts, I found this line of code saying:
I have noticed for a long time now. I just never clicked if it was a virus or not.
This line of code has been in some of my scripts. What and how?
I have deleted the scripts (obviously) and I forgot to just COPY the code in here. But I have a screenshot. I couldn’t capture all of it since it was long. What it did have is reverse mentioned
If these are in your scripts, someone must have put them there.
Cause as far as I am concerned plugins etc are unable to interact with written code inside of scripts.
If there are scripts with malicious code appearing, you should maybe have a look at your plugins or the ones of people who have access to the devplace.
Check your plugins and make sure all of them are from their original creators.
I’m not sure about this, I had his same problem where random line of codes like the one in the picture were randomly written in my scripts, and nobody else had access to my game.
Hello there. Thanks for your answer! I always moderate my employees during work hours. Yet, they never do anything suspicious. I supervise and help and do my own work. So, employees are out for sure. I have also checked there plugins, nothing seemed suspicious.
Thanks for your comment! Like I have said, I checked the plugins and my employees plugins for extra security. Yet, nothing came up. Also, I hope your work is fine now.
I guess better than that you can’t do.
This is a pretty interesting case since stuff like that doesn’t happen out of the blue, maybe check the permissions of the devplace (very unlikely someome is trolling like that, but I had that happen to me once).
But other than really checking the employees and plugins there is not much you can do.
One more suggestion I have is maybe moving to a different devplace if you can’t figure out the cause on long term.
Then that’s reaaally weird. I don’t wanna be too negative but it’s possible that Studio has been infected with some kind of virus.
To solve the problem, I removed and reinstalled all my plugins, then reinstalled Roblox Studio.
And thanks for worrying! It’s ok right now, it’s an abandoned project anyways lmao.
I clearly understand that fact. ROBLOX should take responsibility into this situation because, developers ESPECIALLY SMALL DEVS LIKE ME have little to no capacity spreading about the issue. Although, ROBLOX is most likely working on it HOPEFULLY.
This happened to a group I was in before, Someone else had a plugin causing this. Idk what plugin, but one was inserting the same line of code as the one you’ve shown here.
So many topics were made about this already. There are only 3 possibilities, and only 3:
Someone put it in manually
It came from free model
It was inserted by a plugin
This should be nothing to worry about if you delete the script, because it won’t magically crash your studio or do anything to your computer or the game.
Maybe Script.Source.
Basically,
workspace.DescendantAdded:Connect(thing)
if thing:IsA(“Script”) then
thing.Source = “Virus xdd getfenv()[string.reverse(“viruseslol”)]”
end
Do you use models from toolbox, if so some of these could have a couple lines of code in let’s say a “Click to turn On/Off Light Script” (Example) and maybe there could be a require script that inserts something like this??
Malicious plugins, most likely.
I had this happen to me 2-3 months ago with a malicious copy of BrushTools, the formatting looks exactly the same to yours.
Later in the post you explain how you have a team of people working on the same project as you, and that you checked their plugins with everything seeming fine: the key word here is “seeming”. Malicious plugins are very, VERY hard to notice if you don’t know which plugin it is, so here are some crucial steps to take if you want to recognise one:
Check the author and upload date of the plugin in question, if there is another plugin that has been made before this or the author of the plugin isn’t the original, you’ve found your virus!
Check the description, sometimes the description is mostly tags to push it into the first results of the search.
Plugins cannot act if not started, so i recommend creating a new studio save file with 2-4 scripts and manually start up each plugin with each time checking the script, once you notice the RoSync virus appearing, you can safely assume the last plugin you opened is the malicious one.
If you could also edit the original post with the name of the plugins and the creator that you and your employees use, it would help us narrow down the problem a lot!
Hey there Aki,
I found the same RoSync virus in my commission. After a bit of digging, here’s what I found:
RoSync is a real thing made by NewFissy to backup his games.
Scam Plugins use a fake version of it to make you think your code is backed up. When you scroll sideways past the comment, it will use a GetFenv to require a module. The numbers are ASCII for require.
The module leads to a module chain, leading to this module. the module
The plugin that caused this issue was this Light Editor (Updated) - Roblox but there may be more.
Do CTRL+Shift+F and search for getfenv in your scripts to remove it.
(RoSync from what I understand steals your scripts, but I may be wrong)
What if one of your employees go into studio while you are offline? I suggest looking through your employees and ditching a few ones that aren’t loyal enough.