This man has made over 200k+ Robux by making this malicious script that inserts a (fake?) 50R$ admin command into infected games

mrbobbilly · July 3, 2020, 12:51am

All I’m seeing is this e.e

mrbobbilly · July 3, 2020, 12:54am

It has something to do with ThirdPartySales but the thing is I have it turned off so how is that even possible that they have a Marketplace product in my game?

redJuli21 · July 3, 2020, 1:00am

A method I use is by searching Welding, Fix, Weld or Debounce into explorer and delete any script with those names, they normally will appear “empty” or saying something about “this script is from ROBLOX” (which is not true) also any unnamed scripts could be the backdoor.

sjr04 · July 3, 2020, 1:07am

Can’t confirm.

The module seems to have been obfuscated with Luraph.
I am not sure of how to dump Luraph’s constants but what I could find is that it also requires this module

mrbobbilly · July 3, 2020, 1:07am

I found Debounce, but the script is blank, nothing inside the script. What do I do with it?

sjr04 · July 3, 2020, 1:08am

Are you absolutely sure?

Because a lot of these scripts just indent soooo much that the script has a horizontal scrollbar.

redJuli21 · July 3, 2020, 1:08am

Just delete the entire script.

mrbobbilly · July 3, 2020, 1:10am

Yes I’m absolutely sure because the script has no scroll bars it’s literally a blank script named Debounce inside a part that I have no idea how it got there. Also I can’t revert to an old version because I have no clue how long it’s been like this until I finally tested the game for a while, this is what my version history looks like:

mrbobbilly · July 3, 2020, 1:16am

Did you find anything? I tried to search what you wrote and it showed nothing for me…

cjjdawg · July 3, 2020, 1:17am

No its not a product Id, it a module script Id, why not just delete that script.

mrbobbilly · July 3, 2020, 1:19am

How do I find that module script id though?

cjjdawg · July 3, 2020, 1:20am

@sjr04 linked it in his post above.

mrbobbilly · July 3, 2020, 1:22am

I got the model, it looks like this

How do I decompile that

mrbobbilly · July 3, 2020, 1:23am

Also I did delete the script and nothing happened, the marketplace admin pop up still comes

cjjdawg · July 3, 2020, 1:24am

Did you delete the other one?The search results that you posted found two.

mrbobbilly · July 3, 2020, 1:26am

Yes that was the same script with the one I deleted

redJuli21 · July 3, 2020, 1:47am

I would try to print what it says in there.

boworzo · July 3, 2020, 10:09am

This may be an off-topic question but is this allowed or not on Roblox? Are they allowed to insert a script like this into an infected asset.

EDIT: It’s not like I want to do it myself, just curious.

mrbobbilly · July 3, 2020, 1:24pm

It shouldn’t be, I still can’t get rid of it. I researched and saw that ThirdPartySales is a broken feature…

NastyCore · July 3, 2020, 1:26pm

it might be bytecoded? like

\13\123\123\123\123\13

try searching