Is this method effective for deleting viruses?

I have been using free models (from the toolbox) for a long time. Then once I read that the viruses are in the scripts so if you delete all their scripts you also delete all the viruses.

Is this true? Is there a possibility that the viruses are in something other than a script?


They have to originate in a script. The most common one is fire spread. Just search for fire or spread in the search bar above workspace.

1 Like

If you download a malicious plugin, then I believe it’s possible for them to linger around even after deleting them, you’ll have to just reinstall Roblox Studio to completely get rid of them. Some malicious plugins are even capable of creating virus scripts and hiding them deep inside your game where you can’t get rid of them. You should be VERY careful when downloading plugins and make sure they’re from a reputable source (better yet, just look over the plugin’s code yourself)

For virus models, only scripts can be harmful, deleting them will completely get rid of the virus.


Actually now serversides have already started spreading the most.

1 Like

Kind of.
Yes, on models such as signs or campfires deleting scripts usually is the best thing to do.
But some models need scripts to work, like a car or a weapon.
Do CTRL + SHIFT + F to look for code in all available scripts. Then look for require and env. Any script containing these which shouldn’t, (i.e. Admin Client, which you should make sure is from the original creator) is most likely a virus.

1 Like

Also “getfenv”, is something you should search for as it could be abused with bytecode to load a serverside. However the problem is that there is new serverside that does not use any known method to spread, no “getfenv”, “require”, “insertservice” or anything like that… and they are spreading quite fast.

1 Like

How even is one capable of coming up with so much evil… These viruses actively discourage new developers that don’t have the budget or the skill to do everything without the help of toolbox models.

Hit CTRL + Shift + F, and search like require(), string.reverse(), Fire, Spread, it should give enough information, but I would ALWAYS recommend to search every script manually as you can detect more sketchy stuff, like obfuscated scripts.

I do not understand their method, all scripts in the toolbox models must really be checked.

The only problem is a serverside that is not using any getfenv, require, insertservice, setfenv, string.reverse or anything known like that. It is a mystery how this serverside has spreaded already to 300 large or semi-large games. The serverside is spreading really fastly.

It can be an obfuscated backdoor script because most of the serversides use webhooks as a notification where they can use their serverside. No one wants their webhook link leaked, eh?

1 Like

Nobody knows, the issue however is that it does not spread with classic “getfenv” or “require” or any known methods, also backdoors do not have the webhook sender straight in the loader, its usually in the source and most people obfuscate it though.

The attack is quite serious right now as they have spreaded to 300+ 20-30 player games… also around 50+ of 75-250 player games.

What if they are using InsertService to put the virus script in?

Just search for “script” in the explorer, and delete any scripts that look suspicious, or ones that you don’t know what they do.

Most are named like these:
“Spread”,”Anti-Lag”, and any scripts that have a bunch of random characters are most definitely viruses. That is not to say that ALL scripts are viruses, just some,

They are not using InsertService. They are not using any known method. Already told you that…

It is not a mystery. In fact the way they use to infect games is really simple. They simply have the malicious scripts in a model. Then bot that model and have people accidentally add it to their games. Or bot malicious plugins which puts the code into their games.

If you remember when everyone talked about the thanos models being botted. Yeah that was the first instance of the ServerSide creators doing it.

Yes. They are often hidden inside of parts, so just search for them by typing “Script” into the Explorer.

Indeed but this one serverside is so hard to find, I have been hunting the toolbox for like a month now. Starting to give up as I really want to see a model that has it.

It is probably a plugin and not a model as most of these does not seem to use any free models. Also I indeed know that they are botting it as they have leaked a screenshot where they launch up a bot script.

If said server side is (the most popular serverside which I am not going to name here) then you can pm me for the partially cracked source.

The only way for malware to spread are through Free Models or Plugins. If you delete all the scripts of a free model, that free model will not be able to affect your game.

If you don’t have any free model scripts but your game is acting weird and you don’t think it’s your fault, it may also be a plugin with malware.