Hi there, today I was with my friend in the studio and I created a script and at the end of script this appears : --[[ Last synced 11/3/2020 05:18 || RoSync Loader ]] getfenv()string.reverse(“\101\114\105\117\113\101\114”)
It is certainly a virus. Do you think it has to be a plugin (what I think it is) or do you think it can also be a model ?
Update 1 : To solve this, download this plugin and scan your game to find bad functions like “getfenv()” who hack your game.But I think the most secured option is to check with CTRL + SHIFT + F and search for getfenv and require.
Update 2 : Roblox recently release this new feature so that you can accept or deny the requests of the plugins that want to manage and/or inject scripts in your game. I found the plugin that injected this thanks to this new feature. It was this plugin. It looked like a normal plugin and its not a copy but even the ORIGINAL one had viruses.
Conclusion : Try not to use plugins and if you do and you have viruses in your game, don’t forget that even if the plugin was installed 1000000 times and the creator is famous, that doesn’t mean this plugin is safe.
Obviously a virus. And one made by someone who wants to hide their original ID.
If you’re sure whoever you’re working with this project on is not willing to infect the game, then check for infected plugins. If these appear in all of your scripts, then a plugin is probably at fault.
(By checking, I mean seeing if the original creator made the version you have installed)
It is probably a Virus
They’re usually in plugins, if you can’t find any plugins that are backdoors, try to look in the models.
Try to search in all scripts for “require” most of the requires are very hidden just do CTRL + F then search for it in every script, if you need any help i’m here.
Malicious code that can modify the source of scripts are just about definitely caused by a malicious plugin.
Uninstall all fishy plugins, such as “Anti-Virus” plugins that have no trustworthy sources indicating that it’s an actual anti-virus. Free models with malicious scripts/code cannot modify things in the game unless they are a ModuleScript and are directly called by you or a plugin; essentially, they only run at runtime.
This is not useful if the malicious code is in a plugin as CTRL + F doesn’t scan installed plugins.
Instead, OP should uninstall fishy plugins, restart Studio and ultimately, if something is still wrong and it keeps happening, they should uninstall all but the built-in plugins.
Of course, i know, but sometimes in game models have it hidden pretty well.
and you should probably after uninstalling the plugin search in scripts just in case, don’t forget plugins can insert scripts and edit the source of it (Not existing ones)
Game models cannot change the code in a script because the context level for setting a script’s source is too high. Additionally, this is occurring in Edit Mode (not at run time), which means that it can’t be a game model script doing it.
(I’ve already stated this in my last post.)
If you want, I’ll expand on this in PMs.
If there are any free models which you have added then it’s maybe that but its most likely to be a plugin. I recommend you remove plugins you have installed which are suspicious.
I’ve experienced this issue before it is definitely a plugin. For me, this virus was caused by a plugin called 3D text maker. You can go to manage plugins and then disable ALL of your plugins. Then, open up a blank script- enable your plugins 1 by 1 and every time, type a few simple lines of code to see if Rosync appears. (I typed in game.Players:Connect- it doesn’t have to be really complicated or work.) If it does, disable that plugin immediately and delete it. If it doesn’t then the plugin you just reenabled is safe.