Yeah I suppose. I use private modules for certain things, and it sucks to not be able to keep them private, but oh well.
Iāve seen this attack using public modules. Also, you may need to reinstall Roblox to remove this backdoor. If you run my script above in a fresh, new place and still see the backdoor, then you must uninstall BOTH Roblox Player and Roblox Studio so that all of your installation files are removed. This has become a pretty common backdoor.
I was hoping to get it up today, but itās beginning to look like my third party service, RBXMod.com isnāt going to be ready until Monday. If this service gets big enough, it will provide a greater assurance that the modules you are using are safe because someone experienced has read through and approved it before it was released to the public. Hopefully the places for these back doors to hide will get smaller and smaller as more and more modules become certified.
I highly doubt you need to reinstall roblox. After deleting the fake plugin, it did not come back either way, so Iām not 100% sure though I just highly doubt it. Actually, I feel almost certain roblox player would not need to be uninstalled. There is no way for a plugin to modify the userās files. (And if there is, thatās probably not the best idea)
I personally rarely use any plugins or free models so in most cases I donāt have to worry about backdoors either way. It was another developer in the game I help on that had the plugin. Not 100% sure which plugin it was because he deleted them before I got online, but he had Camera light and Iāve heard about fakes of that.
Script found nothing in my disinfected game, and nothing in a brand new place.
Hopefully, this virus only contains those 2 parts; the random-name embedded scripts, and a ā?ā Module hidden inside of a service.
The ? module is the main one, there may be any number of the other ones.
Is there any way to remove it from the game; Besides going into each script and deleting it?
2 Likes
RoDefender can only remove the ones that are scripts on their own. From my experience, it looks more like only one script actually have that one-line virus injected straight into it, which I call āpatient zeroā.
But to be sure, yes, you have to scan every single script manually. Just look for lines of code that are extremely long, its a dead giveaway.
Yes. There was a public thread released some time ago discussing script injections. Besides going in-game, you can view the XML data of your place and see if anything looks out-of-place. Change the extension of a place file from .rbxl to .rbxlx.
See:
Iāve seen that exact script in a game I developed for a while ago. Strange.
Like @fireboltofdeath mentioned in an earlier message, reinstalling studio will have absolutely no effect on the backdoors whatsoever. Once a plugin gains access to your studio, it will most likely immediately (or upon first running) inject the scripts into your game. Once you hit the publish game button, the backdoor will be there forever until you remove it.
I will recommend to everyone to use Christbru01ās Backdoor/Infection Detector when trying to hunt down backdoors, as plugins have a higher security clearance on studio than users actually do. Doing a simple scan can probably reveal some backdoors you never knew existed in the services that are hidden from the explorer.
1 Like
That was the first plugin I tried when disinfecting the game. It never went through with the scan and just froze whenever initiated. RoDefender worked flawlessly (only after restarting studio) and found 6 or 7 Backpack containers for the hidden virus scripts that thankfully were already inert due to Robloxās recent patch.
I was surprised too when it persisted after removing the plugins and checking out a new place. Hopefully Roblox has patched what allowed them to do that, but Iām not crazy when I say that you had to uninstall Roblox and reinstall it to prevent it from coming back. Simply removing the plugin and scripts it wouldnāt do.
1 Like