If I delete a plugin/backdoor/virus do I also have to delete the 4 scripts that have the same line of code?
If you have multiple scripts with the same line of code I suggest you remove the line of code if it is your script, and then disable any plugins you have and then restart studio.
Okay! Thanks for telling me. I was so confused on what this was. I didn’t know it was like a new update or feature.
With a quick look at your plugins I feel the problem is this plugin.
https://www.roblox.com/library/4110705448/Gui-to-Lua
Inside that I found this line of code
finalSource = ' ' .. finalSource .. scriptSource:sub(last)
local code = [[local function ]]..id..[[_fake_script() -- ]]..realParent..'.'.. script.Name..[[
local script = Instance.new(']]..script.ClassName..[[', ]]..realParent..[[)]]
if convert_module_scripts and Nmodulescripts ~= 0 then
code = code .. "\n\tlocal req = require\n\tlocal require = function(obj)\n\t"
code = code .. "\tlocal fake = fake_module_scripts[obj]\n\t"
code = code .. "\tif fake then\n\t"
code = code .. "\t\treturn fake()\n\t\tend\n\t\treturn req(obj)\n\tend"
end
code = code .. "\n\n" .. finalSource.. "\nend\ncoroutine.wrap("..id.."_fake_script)()"
return code or ''
I suggest you uninstall the Gui To Lua!
plugin specifically, but if that does not solve the issue install any other plugins you might have.
Okay. How do I check if it has a backdoor/virus in the plugin or not?
This is a multi step process, so listen carefully. (This can also be risky, so be careful when you’re doing this, if you install a plugin while doing this and studio keeps crashing I also made a post on how to remove the plugin: Studio not responding, a plugin's fault - #8 by DrKittyWaffles)
You will first have to install the plugin. Then you will want to open an empty baseplate so you don’t potentially infect one of your games. After that you will want to navigate to the folder on your computer containing where your plugins are located.
Your plugins are located at %localappdata%\Roblox\
which you can access by pressing the win + r
key if you’re on windows.
After that look for the folder that is named according to your ROBLOX UserId.
In this case we are looking for a folder named 527473047
. So when you find that folder you will want to open that folder. Inside the folder you will find an InstalledPlugins
folder. You will want to open that.
Now you will want to look or the plugin you are testing, to find it look for the folder named by the Id
in the URL on the site.
Inside that folder you will find another folder with a string of numbers. Just open that folder.
Now you have located the Plugin.rbxm
file. You will want to drag it into studio.
Now you should see the plugin’s source code.
I will try that more often when I install a plugin. One more thing before I go. Did you find anything else that had a backdoor/virus? Since the Gui to Lua!
had a backdoor/virus I was wondering if anything else had a backdoor/virus.
I am currently somewhat busy and I do not really have much time to go through all of your plugins; but since I showed you how to view the source code of a module, you can do it yourself.
Some plugins you don’t need to check because they’re created by what I would considered “trusted” are: CloneTrooper1019
, stravant
, Davidii
, Dued1
, EchoReaper
, memguy
, DaMrNelson
, OzzyPig
, and ROBLOX
. If you look at these people’s profiles you will probably quickly notice they all have popular games or something successful that would be in jeopardy if they were to just start releasing backdoors. (and some of them are just cool in general; cough CloneTrooper1019)
But of course you can check them if you don’t trust me. (I don’t even trust myself sometimes; “Did I lock the door when I left?”)
This is indeed quite hilarious to see a Luraph script here, especially as its a poor quality obfuscator. But yes you are right.
Luraph is a terribly written lua obfuscator that can be easily deobfuscated.
There is (what I consider to be) a faster way of doing this:
Step1: Open up ‘Command bar’ in studio (should be found under the view tab)
Step2: Paste following code into the command bar
local id = 4110705448;
game:GetObjects(“rbxassetid://”…id)[1]:Clone().Parent = workspace
Step3: Press enter then check workspace (it should be in there)
Oh thanks, that looks reasonable. @Enchanted_Tix you should consider that too.
If found this script that has an error about “Luraph Script”. I removed it. I think it was also making HTTP requests but I don’t have HTTPService enabled in that game at the moment.
I found a pastebin that has the same script: https://pastebin.com/raw/DA1z4yc6
Also, my first reply on the Dev Forum
Be careful when installing plugins there are other plugins like terrain editors that have installed backdoors into my game such as prompting everyone to purchase shirts and all that
I bought a game from someone and it has this “Luraph Script”.
The game is functional on his profile and not mine. Neither of us has the Gui to Lua plugin.
Does this virus have anything to do with this issue?
Looks malicious, try to find code along the lines of require(numberhere)
I found a few scripts named “Fix” that said “do not delete” and I believe they have a require. Is this the virus?
I don’t know, you have not given me enough information. The script is suspicious though, I suggest opening the script and checking. Use ctrl + f
to search for text. Try searching for require
I use Luraph Obfuscator for my products, the error that comes up saying about Loadstring is because when obfuscating someone has put the VM Bytecode compressor on. This just causes errors if the user doesn’t have loadstring enabled. Most of these are not backdoors but some sadly can be.