V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

studio

#21

I understand. Would you please send me one of these scripts? I’ll make it not detect as a virus anymore.


#22

The plugin is detecting RigEdit as an infection, but I believe this is a false positive.

Code: https://pastebin.com/BP3Jepdd


#23

I looked into it and saw that this plugin is parenting itself into “CoreGui” which is by default an unviewable location in ROBLOX Studio. I’ll work on making a whitelist system where if the plugin flags a script as infectious when it isn’t you can whitelist it (and send me the script so I can globally whitelist it if you want) to prevent the plugin from flagging it.

Until I push this update out you can stop this from removing it by disabling the setting for treat all nonviewable locations as infectious.


#24

Version 2.0.0 is now out. Featuring a full GUI overhaul, full control over what services you allow “Scripts” to be inside of, script whitelisting (Note that if the script’s source is changed then it will have to be readded to the whitelist and enabling the script whitelisting setting will slow down the scan speed quite a bit… though I did make it not lag studio so you can continue working while it scans), a few more settings, and audio cue/response when you click buttons or events happen (can be turned off in the settings.)

Soon to come in V2.1.0: Automated infected plugin detection and alert system to alert the user if they have a plugin in their inventory that is known to be infected/malicious.


#25

Awesome! Thank you for your efforts. :smiley:
I’m sure it will help a lot of developers.

edit: It’s looking really nice now :+1:


#26

I’m getting this error whenever I click Scan for Infection:

image


#27

Patched. Please update the plugin (Now version V2.0.1) and it won’t do this anymore. Made a small mistake when I was building the service whitelist system and if the game wasn’t able to resolve the whitelist name to a service with game:GetService it would cause that error. I’ve fixed it so it knows if it needs to use GetService or not.

Edit: Also added a “Reset to default” button for the Service whitelist. Soft update push. Still V2.0.1 but you can update it for this button if you want to.


#28

I’m on the latest version and still getting these errors.

image

Regardless, brilliant plugin, thank you so much!


#29

Hmm, I can only suspect that some service that is in the default list isn’t in the game by default or something. Either way I’ve just pushed another patch. Shouldn’t have that issue anymore as of V2.0.2


#30

On some larger games, the plugin uses lots of CPU and studio stops responding.


#31

Pushed a hotfix to correct this issue. V2.0.3 will slow the scan speed if the plugin sees a lot of instances. (What is happening is the plugin is looping through all instances in the game really quickly without yielding the thread so if the game has a large quantity of instances then it can slow down Studio rather heavily.

I’ll likely tweak this and make it not slow down as much if possible. (Introduce a random chance to the yield so that it will scan in short bursts instead of individually for this hotfix, increase/decreasable in settings) Expect this for V2.0.4


#32

Alright, Thanks!


#33

V2.0.4: New options are now available in Settings. You can now choose how many instances before the plugin starts delaying the scan to ease up on the CPU and the percentage chance that the delay will occur. (So if you have the game instance count set to 500 then the plugin will only start chancing the delay if the total number of instances in the game is above 500)


#34

Nice, Also when I did a scan, the plugin Character Creator was detected as an infection, I am not sure if this is a known issue or not.


#35

It likely puts a script into a non-viewable location (Such as CoreGui which is by default not visible in explorer.) This is why I added the script whitelist system. If you want you can enable the setting “Prevent scripts in script whitelist from being seen as infections” and when you finish the scan click the “Whitelist” button in the infections detected notification then check the box next to the script that is not infectious and clicking Accept. This will trigger a new scan which will no longer treat that script as an infection (unless the name, location, or source of the script is changed in which case the script must be re-whitelisted.) You can also view all scripts (and their source hash) that you have whitelisted by clicking the “Whitelists” button in the settings gui and selecting “Scripts” from the dropdown menu. This is where you can remove any whitelist you may have added by mistake.


#36

Thank you so much for this plugin. A few quick questions. The scan is taking a very long time (over 20 minutes). Is there anyway to stop a scan? Is it safe to close Studio while a scan is in progress? Also after a scan is complete, I assume I need to Publish To Roblox… to save the changes.


#37

There is no way to abort a scan though it sounds like a good idea so I’ll add in the ability to shortly.
The scan is entirely in memory which means you can close studio safely without worry. It only takes action after it notifies you if there are infections (and you choose what to do with them if you haven’t set a default.)
Yes, once the scan is complete you can choose to store the infections or have the plugin delete them. After you choose which one you will need to publish your game to get the uninfected place live.


#38

I’m getting a 403 error from this plugin at studio startup:

10:49:44.608 - DataModel Loading https://assetgame.roblox.com/Asset/?id=95206881
10:49:44.683 - HTTP 403
10:49:44.684 - Stack Begin
10:49:44.684 - Script 'Plugin_2670956620.Hidden/Infection Script Remover.Made by Christbru01', Line 2112     - upvalue CheckForUpdates
10:49:44.684 - Script 'Plugin_2670956620.Hidden/Infection Script Remover.Made by Christbru01', Line 2132
10:49:44.685 - Stack End

#39

That error is due to your logged in account not owning the plugin in the account’s inventory. Please login to the account you’re using for Studio and install the plugin (again) from here to add it the the account’s inventory: https://www.roblox.com/library/2670956620/Hidden-Infection-Script-Detector

Once you own it you should see a “Item Owned” message next the the creator’s name on the plugin for any plugin you have in your inventory.

I also pushed a soft update which will make it no longer put an error in the console for this.


#40

This is actually great, it helped me find 46 backdoors in my and my friend’s game due to me not knowing the Plugins I installed contain scripts that put backdoors in the game, thanks to this I found out which plugins were putting the backdoors/viruses and kept the clean plugins in my Studio.

Character Creator plugin is not a backdoor, but still be careful who uploaded them and look for the original creator,
for exmaple if you see a plugin with 30k+ takes and not a lot of favourites or likes that plugin is definitely a backdoor/virus.