Plugin, look for any unknown plugins you may have installed.
im sorry to hear that!
In studio, do Ctrl + Shift + F and a little popup will appear like this:
type in these terms one at a time:
require
getfenv
fenv
loader
look through all the scripts that pop up.
if nothing is sus, then please take a look at @flarezhuâs post (link below):
let me know if this helps!
â It is 100% a virus. â
It could be a plugin or a script, but a lot of scripts in these virus models have getfenv()
in them and trying basically lag your game with a bunch of useless lines with getfenv()
in them.
Like, a lot of these getfenv()
scripts come in TestService or ServerScriptService. (it is a plugin then)
But what hidden is in these getfenv()
scripts? They actually added a line that basically requires something. Hereâs an example: require(34238904329042)
If you see one of these scripts, just delete them. Another thing is just searching in the explorer any useless scripts that you did not add.
Just delete the virus plugin if you find virus scripts in serverscriptservice, or other.
(and if you find anything with loader, delete it too.)
Thanks for all your advice, I installed a another plugin named âVenomâ wich is mentionned in another devforum post on how to clean games from this kind of things⌠I quarantained all the script, deleted the one I didnât need but it seems that during the game, in the serverScriptService a module script appears. It is called âMainModuleâ do you think it is from roblox or it is still this virus ?
How do I know its safe ? A lot of those âAnti-virusâ are virus.
By looking at how big the community is, how many likes on the devforum it has, and maybe even looking at that source.
Ok I am gonna install it today !
But is it normal your plugin has -1 dislikes ? LOL
The virus may come from a Plugin. Uninstall some Plugins
Then you can use the Plugin I made for finding any Scripts in your game.
After installation find Massive Find option in your Plugins, click on it and in the Type window type Script. Note: the Plugin only checks the Workspace!
THANK YOU SO MUCH @deluc_t, you really saved me with your plugin, I deleted all the âgetfenv()â script and all of those virus from my game ! Again, thank you !
I just saw that my post got marked as a solution- are you able to tell me exactly which plugin was causing the problem? (So that I and others can avoid it in the future)
itâs a plugin called roblox plus that you installed in roblox studio that creates a backdoor for exploiters
EDIT: that happened to me and delete the bot and you have to delete that script in all the scripts you have in the game
Not only, also other plugins uses this because I donât even know what is roblox plus.
It was named model scopes by woot3.
Rosync is a backdoor used to provide exploiters a way to exploit on server-side, by giving them ability to run stuff under server code. Rosync also likely has a list of all backdoors games on a discord or something for exploiters to find backdoored games to cheat into, if you have a plugin named âVirus Destroyerâ I suggest you to remove it asap, and look over every single plugin you own. Look at the like ratio, comments, and the creator. Be careful!
Well, by one donât get any âAnti-Virusâ. Unless your adding free models or something to your game, you shouldnât get it or need it.
Me and my partner have removed all our plugins and this line of the script keeps showing back up.
RoSync is a backdoor virus that comes from a plugin. Example; If you are in team create with friends and when they create a script and RoSync appears outta nowhere, that would mean that one of your devs has a fake/suspicious plugin or a plugin that has a backdoor. If you want to get rid of it, you would have to tell your friends to uninstall each plugin, and make sure itâs made by the original owner and not made by a new user or by an alt/group.
You could either remove the virus or itâs hiding itself by deleting itself when RunService returns true from the function :IsStudio().
getfenv() returns a table of the functions and variables in the current environment. This can be used to easily attempt to hide a function.
In this case, it indexes string.reverse(â\101\114\105\117\113\101\114â). If you see what this ascii code corresponds to âeriuqerâ, which when put through the reverse function gives you ârequireâ.
When the script uses getfenv() and escapes ascii code to hide the require index in that table that is returned. It calls the require function with the asset id. Upon further inspection this is a quote on quote ârequire chainâ, which basically hooks up module scripts in a chain to require each other in an attempt to hide the final script in the chain.
The script uses require to get a chain of module scripts, which will eventually lead to a server-sided backdoor.