Something hidden in my game causing unwanted activity?

lazymarkers · May 25, 2021, 1:55pm

Hello,

In one of my games there’s some mysterious things that I cannot find out what is causing. I think it’s some kind of virus, but I’ve used many antivirus plugins, and this one thing still persists even after a thorough inspection from myself.

In studio, I have used the script finder to remove all malicious uses of ‘require’, ‘getfenv()’, ‘loadstring’ etc, so if it was a script causing this, it must be obfuscated.

The issue is apparent when testing the game in studio. What I notice is that there is a RemoteEvent that appears in ReplicatedStorage. Shown below.

Screenshot 2021-05-25 094731

Within the RemoteEvent are StringValues and BoolValues, which contain strings of numbers in the Value. The name of the RemoteEvent is such that it cannot be searched as roblox studio does not understand the characters used. So I can only locate it when I run the game.

Additionally, when the test is stopped, something odd appears in the output bar. Shown below.

Clicking on these errors does not do anything like they should, so I can’t see where they are coming from.

Using the Script Performance tab I see that there is a suspicious script running while the game is being tested. Shown below.

Screenshot 2021-05-25 095320

Clicking on it does not do anything.

So, in summary, there are a lot of mysterious things going on in my game that seem to be untraceable. I don’t want any kind of backdoor or virus in my game, so I was wondering if anyone has any ideas about what can be causing this. I do use Team Create with my friends, and none of them seem to have any malicious plugins installed that would be causing this, so I’m just saying I’m already aware of all the plugins used by me and my friends.

If you need any extra info please let me know.

Thanks for reading.

Crictoli · May 25, 2021, 2:03pm

I have fully read this so I am assuming It’s probably one of them messing with your game or it’s their plugin.

Even if you are aware, are you sure there aren’t any suspicious plugin or plugins with no rating or having a high amount of dislike on the plugin? You are probably not fully aware.

lazymarkers · May 25, 2021, 2:08pm

Could I possibly temporarily remove each contributor from Team Create to narrow down which person it is coming from?

Crictoli · May 25, 2021, 2:13pm

One way I would do was instead of giving them team create to their main game, why not make a copy of a place or baseplate depending on what you’re gonna do? This way, the contributor won’t bother to make one and will quickly be resolved if it’s one of them. Also If you haven’t ask all of the developers with access about this issue, ask them if they have been adding those things.

To answer to this question, you can do that. But I highly advise you to do what I wrote earlier unless you trust them.

FrazedGreatness2 · May 25, 2021, 2:22pm

Its a virus 100% just delete all your plugins and scripts you do not own because they are prob malisious

SkyWalk1n · May 25, 2021, 2:37pm

I’ve seen this in one of the team create projects, too. I suggest you review your partner’s plugins.

lazymarkers · May 25, 2021, 2:37pm

I removed all contributors and uninstalled my plugins, restarted studio and the things are still appearing.

So it’s probably something within the game. I think I am going to try reverting to past versions to see when the issue started appearing.

N3xcon · May 25, 2021, 2:39pm

@lazymarkers Is there anything in your game that is NOT made by your team like for example you admin script. Because many FMs have a hidden script within the actual script or hidden require scripts that will get stuff like this that can be used by exploiters or can harm your game. If there is make sure you find the correct module for them as people like to reupload modules with slight changes that seem minor but can cause a lot of problems.

SkyWalk1n · May 25, 2021, 2:39pm

That’s not really how it works, the scripts technically still should be there and removing EVERY plugin is too much. You could just review your partner’s plugins and try using a plugin to check for anything malicious going on. Check out your scripts manually, too.

Jhxan · May 25, 2021, 2:44pm

This is most likely not a backdoor (at least it’s not a malicious plugin). The remote event and value objects you see are part of Kohl’s Admin Infinite. You can find the source code here: MainModule - Roblox

lazymarkers · May 25, 2021, 2:47pm

Interesting… we did have Kohl’s Admin in the game, and when I deleted it, everything shown in my post was gone. So I guess that solves it.

I guess my question now would be why it looks so suspicious lol. The unsearchable characters and random strings of numbers certainly made me worry, but I guess if it’s harmless I shouldn’t do anything?

Jhxan · May 25, 2021, 2:48pm

The reason it “looks” suspicious is probably an effort made by the creator of the admin to deter exploiters from messing with the remotes.

lazymarkers · May 25, 2021, 2:51pm

I see. Thank you very much for the help, it turned out to be a lot less serious than I was anticipating!

b0r_4li5 · May 25, 2021, 2:53pm

aren’t you able to use all characters when using a string value.
like this:

for i , v in pairs(game:GetDescendants) do if v.Name = "···" then print("··· is parented to " .. v.Parent) end

you can run this in the command bar to see if it is actually there before running the game