This is a multi step process, so listen carefully. (This can also be risky, so be careful when you’re doing this, if you install a plugin while doing this and studio keeps crashing I also made a post on how to remove the plugin: Studio not responding, a plugin's fault - #8 by DrKittyWaffles)
You will first have to install the plugin. Then you will want to open an empty baseplate so you don’t potentially infect one of your games. After that you will want to navigate to the folder on your computer containing where your plugins are located.
Your plugins are located at %localappdata%\Roblox\ which you can access by pressing the win + r key if you’re on windows.
After that look for the folder that is named according to your ROBLOX UserId.
In this case we are looking for a folder named 527473047. So when you find that folder you will want to open that folder. Inside the folder you will find an InstalledPlugins folder. You will want to open that.
Now you will want to look or the plugin you are testing, to find it look for the folder named by the Id in the URL on the site.
Inside that folder you will find another folder with a string of numbers. Just open that folder.
Now you have located the Plugin.rbxm file. You will want to drag it into studio.
I will try that more often when I install a plugin. One more thing before I go. Did you find anything else that had a backdoor/virus? Since the Gui to Lua! had a backdoor/virus I was wondering if anything else had a backdoor/virus.
I am currently somewhat busy and I do not really have much time to go through all of your plugins; but since I showed you how to view the source code of a module, you can do it yourself.
Some plugins you don’t need to check because they’re created by what I would considered “trusted” are: CloneTrooper1019, stravant, Davidii, Dued1, EchoReaper, memguy, DaMrNelson, OzzyPig, and ROBLOX. If you look at these people’s profiles you will probably quickly notice they all have popular games or something successful that would be in jeopardy if they were to just start releasing backdoors. (and some of them are just cool in general; cough CloneTrooper1019)
But of course you can check them if you don’t trust me. (I don’t even trust myself sometimes; “Did I lock the door when I left?”)
There is (what I consider to be) a faster way of doing this:
Step1: Open up ‘Command bar’ in studio (should be found under the view tab)
Step2: Paste following code into the command bar
local id = 4110705448;
game:GetObjects(“rbxassetid://”…id)[1]:Clone().Parent = workspace
Step3: Press enter then check workspace (it should be in there)
If found this script that has an error about “Luraph Script”. I removed it. I think it was also making HTTP requests but I don’t have HTTPService enabled in that game at the moment.
Be careful when installing plugins there are other plugins like terrain editors that have installed backdoors into my game such as prompting everyone to purchase shirts and all that
I don’t know, you have not given me enough information. The script is suspicious though, I suggest opening the script and checking. Use ctrl + f to search for text. Try searching for require
I use Luraph Obfuscator for my products, the error that comes up saying about Loadstring is because when obfuscating someone has put the VM Bytecode compressor on. This just causes errors if the user doesn’t have loadstring enabled. Most of these are not backdoors but some sadly can be.
Or even a faster way is to download Roblox+ or one of those roblox extensions and you’ll have a download button right next to the plugin (plus you dont even have to download it to look at the source code).
I do bet there are some sources out there that deobfuscate luraph, since luraph isn’t the best obfuscator. The only discovered way to detect it is through looking at your scripts, and if you see suspicious lines of code embedded in them that you don’t remember putting in, one of your plugins are an obfuscator.
