If you download a malicious plugin, then I believe it’s possible for them to linger around even after deleting them, you’ll have to just reinstall Roblox Studio to completely get rid of them. Some malicious plugins are even capable of creating virus scripts and hiding them deep inside your game where you can’t get rid of them. You should be VERY careful when downloading plugins and make sure they’re from a reputable source (better yet, just look over the plugin’s code yourself)
For virus models, only scripts can be harmful, deleting them will completely get rid of the virus.
Yes, on models such as signs or campfires deleting scripts usually is the best thing to do.
But some models need scripts to work, like a car or a weapon.
Do CTRL + SHIFT + F to look for code in all available scripts. Then look for require and env. Any script containing these which shouldn’t, (i.e. Admin Client, which you should make sure is from the original creator) is most likely a virus.
Also “getfenv”, is something you should search for as it could be abused with bytecode to load a serverside. However the problem is that there is new serverside that does not use any known method to spread, no “getfenv”, “require”, “insertservice” or anything like that… and they are spreading quite fast.
Hit CTRL + Shift + F, and search like require(), string.reverse(), Fire, Spread, it should give enough information, but I would ALWAYS recommend to search every script manually as you can detect more sketchy stuff, like obfuscated scripts.
The only problem is a serverside that is not using any getfenv, require, insertservice, setfenv, string.reverse or anything known like that. It is a mystery how this serverside has spreaded already to 300 large or semi-large games. The serverside is spreading really fastly.
Nobody knows, the issue however is that it does not spread with classic “getfenv” or “require” or any known methods, also backdoors do not have the webhook sender straight in the loader, its usually in the source and most people obfuscate it though.
The attack is quite serious right now as they have spreaded to 300+ 20-30 player games… also around 50+ of 75-250 player games.
It is not a mystery. In fact the way they use to infect games is really simple. They simply have the malicious scripts in a model. Then bot that model and have people accidentally add it to their games. Or bot malicious plugins which puts the code into their games.
If you remember when everyone talked about the thanos models being botted. Yeah that was the first instance of the ServerSide creators doing it.
Indeed but this one serverside is so hard to find, I have been hunting the toolbox for like a month now. Starting to give up as I really want to see a model that has it.
It is probably a plugin and not a model as most of these does not seem to use any free models. Also I indeed know that they are botting it as they have leaked a screenshot where they launch up a bot script.