Where does this settings script come from? I can’t figure out. No matter how many times I delete it it just comes back later on? I keep checking my plugins and I can’t figure out what it is or where it comes from.
Plugins toolbar:
Looks like something a group working together would get better use out of.
I found this … If you find any issues, please file an issue on the Rojo website issue tracker.
You can search the Explorer window for classname:script and it’ll show you every script in your game. If you don’t recognize one that’s stored in a strange location then it’s probably the issue.
You can also use the Find All of the script editor (I think that’s where it is) and enter getfenv() to see scripts (and their location) that use that line of code.
You mention you keep checking your plugins. Are you sure you’re checking them thoroughly enough and for the right thing?
It’s likely created via a plugin, since plugins have the ability to write script sources. It’ll detect whenever you delete it, and recreate it. It appears to load a larger malicious script via asset ID. Since plugins can’t do this themselves, it’s probably found a way around moderation if published, otherwise it’s a local plugin someone of the dev team made.
To locate your plugins folder, you can go to Studio > Plugins > Plugins folder. Or, if you’re on Windows, you could also do Windows + r to open Run, and then type %localappdata%\Roblox\Plugins. Scan each plugin source file carefully; it’s helpful if you have an IDE like VS Code which also has a find and replace feature. Or, you could paste it into a Roblox script and use Roblox’s find and replace feature.
The only local plugin I have is one I wrote. As far as other developers, I am the only scripter.
Maybe it wasn’t rojo and it was the converter. Still very annoying whatever is doing it.
Also I don’t use rojo I just have it installed.
I don’t use rojo although I have it.
If I do find out what is injecting this script, @Roblox needs to take some level of responsibility and investigate the asset id and find out what it does, potentially removing the plugin entirely.
Did you check the official-looking plugins too? A lot of the time, people will create malicious plugins disguised as legitimate and useful plugins, potentially impersonating another trusted plugin.
Just to be safe, I reviewed the version history of the plugins I wrote and saw that they weren’t re-published. ( My account was compromised for over a month )
Here is my plugins folder:
Check on a new empty Place if this keeps happening.
You’re also probably safe, the model it’s trying to require has been Content Deleted.
It’s very difficult for Roblox to moderate this kind of thing. A bot can’t tell exactly what the script is doing with this information and they probably get 100,000s of toolbox item submissions a day from 89 million daily users so having humans moderate that can’t be done.
If you do find something that’s malicious you can Report it though. It’s a pain that it you have to though.
When I googled the id I found this post
Turns out it was the other dev. He was using paint brush tool by ozzypigs that was injecting malicious scripts. The guy is banned already.
Thanks for the help guys.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
