I think that I have a backdoor script in my game

Hello, I’ve been having weird output messages lately in my game and it is starting to worry me. I suspect that it is a backdoor script, yet I can not figure out for the life of me how to find it, I really need help.
Here is the image of the output bar:


Please tell me what you think of it and if it is serious and how to remove this, also it occasionally tries to write to datastore.

1 Like

The unnatural spacing in the last error looks like something people would use to try to hide the name of a virus. If this is on a private project where only you have access, it’s likely in a free model unless it’s coming from a plugin. Check all free models for suspicious scripts. You can use the errors as guidelines for the names/lines of the scripts that may be causing this issue.

If you use a lot of plugins, make sure you check their validity. If they aren’t too popular and their creators aren’t too reputable then it’s also possible that they could be causing this.

Check your scripts for lines that require models.

I uninstalled all of my plugins, tested the game and the same thing happened. Also I only used free models for my particles ingame, and deleted them after getting them. This is a private project, also I just got this error message:
image

Also, is this normal to have?
image

maybe copy that script (so that you can put it back if needed) then delete it and test again. If that doesn’t fix anything just paste the CameraScript back.

Without the camera script, the camera, well, refuses to work.


I am still having error messages.

okay, I guess you should paste it back. Do you have any scripts in ServerScriptService that you don’t remember writing? I had a backdoor script once a couple years ago, and I finally found it in ServerScriptService.

I remember writing the one that says ‘Script’, however lava damage is supposed to be there as I am editing the jurrassic park event place.
image

Plugins can leave behind malicious scripts in your game even after being uninstalled. This may be true for some free models too, but it’s much less likely.

If you want to check for all the scripts in your game, you can run this in the command bar and check the output:

local check = workspace 
for _,v in pairs(check:GetDescendants()) do
	if v:IsA("LuaSourceContainer") then 
		local thing = v 
		local chain = thing.Name  
		while thing ~= check do 
			thing = thing.Parent 
			chain = thing.Name .. "->" .. chain 
		end 
		print(chain) 
	end 
end

You can change the ‘check’ variable to other things such as game.ServerScriptService to check inside of them instead of workspace.

As for the error, it’s possible that error in particular may have to do with ROBLOX’s recent 3-day outage. They are likely still recovering so occasional errors might be a side effect of it, but that isn’t guaranteed.

No, it is not to do with roblox, I have been having these errors for a very long time, only now have I seen them developing.
image

I think that these are all legit, I removed some of the useless ones now.

WAIT! I THINK I FOUND IT! I set up a print() script in replicatedfirst and it printed out something, then I found THIS INSIDE!


I just don’t know how to get rid of this permanently, as I have no clue what script is inserting this inside

1 Like

People who write viruses often attempt to make them blend in by naming them misleadingly. If this is truly an issue, it’s best to do a quick check yourself on all the scripts listed. The hierarchy is already listed for you, so it shouldn’t be hard to find them and open them up to check. If you’re familiar with scripting, you should be able to tell if anything doesn’t look right. Anything that uses require() in simple code is often a virus, too, but this isn’t necessarily always the case.

Whenever you check inside scripts, be sure to scroll as far to the right and/or down as possible. A common tactic for virus creators is that they’ll hide things out of plain sight by tabbing them off the screen.

I should also add that it’s extremely unlikely that the virus would be a backdoor for your own computer. While I wouldn’t say it’s absolutely impossible, it would be extremely unlikely to find viruses in a studio project malicious enough to access anything outside of studio itself. With that being said, any backdoor would just be a backdoor to the game itself rather than any of your other personal assets.

never mind, it was kohls admin infinite, I think I installed a corrupted version.

1 Like

Just delete it? Unless that’s actually an important script (which i seriously doubt) I don’t see the issue of just removing it.

I’m unfamiliar with Kohl’s admin, but this might be inserted by that, in which case it might not be a virus.

You can just run the code I gave you in studio while the game isn’t running. It’ll make it a bit more confusing to search for any viruses while the game is running. Any scripts created will be created by another script. Also, if you have the popular version of Kohl’s Admin and can confirm it’s the official version, then you can ignore it entirely because I know Kohl’s Admin uses functions such as require() and it’s not a virus.

Oh, well I am using the one by Scripth, the original developer with 60k likes, and it is the source of these problems, but why is it making the errors? I reinstalled it and it is still doing this.

What do I mark as the solution now? as I would love to keep kohl but I do not want constant errors appearing.

The errors likely aren’t viruses. It might just be a problem on their end. If the errors don’t seem to be doing any harm, then it’s likely safe. Viruses are often either named completely unusual things or generic things, and the former fit the huge spacing in the output which is why I thought it could be a virus. If the errors don’t appear in the output when Kohl’s admin is removed, then it’s likely just an issue on their part and not a virus.

1 Like

Ok, thanks for the help. (chars)

1 Like