V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

studio

#41

I get an error that says attempt to call a nil value when I want to do a second scan, and have to reopen studio to be able to run another. I didn’t change any settings, except the notification sounds. I did notice, however, that the icon keeps spinning even after the scan’s finished.


#42

Is this the appropriate place to ask this?

How exactly do you scan Studio plugins?

I was recently redirected to this plugin after a group game I own started getting random take model prompts, and my best guess so far is one of my Studio plugins having a backdoor being used to insert a script or something, but I really don’t want to take the “shoot a fly” route by gutting all the plugins I have installed since I very much enjoy the features of some of the plugins I use.


#43

I’ll need the full error (line number and such) in order to debug this. Also be sure the plugin is at the latest version. (Plugins at the top -> Manage plugins -> Click “Update” if you see it to the right of the plugin’s name)


#44

I can’t scan the source of the plugin directly but I can scan your game’s files no matter where they are stored. Your best bet is to download the source of your plugins and look through to see if any of them are infected and if so remove them. Usually infected plugins are just copied plugins with an infection script added so simply search for the name of the plugin you were using and look for one with a more reputable creator and check it’s source and such.


#45

Here’s a recording of what happens.

As for the error, there’s not much to go on for it, as it just says 16:46:29.141 - attempt to call a nil value.

EDIT
For some reason OBS didn’t catch it, but the icon that spins keeps spinning.


#46

You can also do what @Christbru01 said,
What I did was uninstall plugins all at once in an empty place, scan for infections, delete current ones and then install plugins again but one by one, each time I installed a plugin I scanned for infections, took a while but it was worth it, until it only detected Character Creator.

I will look into the plugins’ source as well though as I haven’t done that yet, but I believe the developers whom I got the plugins from are trusted (Mostly Crazyman32, Quenty, CloneTrooper, etc)


#47

I believe I patched this. Please update to V2.0.5 and see if you can reproduce the issue.


#48

The error’s no longer popping up in V2.0.5.


#49

Did some searching of my plugins. It seems I installed a duplicate version of a plugin from a user named " djjagger". Searching the source code for the plugin he “made” shows that it’s a duplicate copy of the legitimate version of the same plugin except with a mess of obfuscated code toward the bottom, which I presume hides a backdoor.

Thought I’d mention this to you and to anyone else who’s reading through this thread to check their plugins and see if they’re made by this guy or anyone else who seems suspicious.

My friend tells me this djjagger fellow also got a WoT mod banned for having a keylogger inside of it. Hmmm…


#51

Script Injection Vulnerability (Link to reply) here are four malicious plugins uploaded by the same user


#52

Should I use it?

  • Use it
  • Do not use it

0 voters

:stuck_out_tongue:


#53

Even though I have been very cautious about this, this will be useful for people who were not-so-cautious about this. I always check the favorites, if it has little to no favorites but a lot of sales I know it’s been botted and could be a hidden backdoor or an infection script.


#54

Absolutely love this. thank you


#55

Thank you for this plugin!


#56

V2.1.0 is now released! The plugin will notify users if they own a known malicious plugin as well as list the original plugin’s ID if known.

If you have found a malicious plugin that isn’t already in the known malicious plugins table then please make a post to the megathread so that I may add it to the list. (Preferably with a link to the original non-malicious plugin as well.)


#57

The plugin seems like a neat anti-virus plugin.


#58

Out of curiosity is this searching for rogue Backpacks and PlayerGuis?


#59

Atm yes, if there is a Backpack or PlayerGui instance inside of any RL script context level 6 service then it will flag the backpack/playergui instance as an infection. If the area is not RL level 6 then it will scan all script/localscript/modulescript’s sources for any known infection code. This way developers can use backpacks without issue anywhere in their game (except in those RL level 6 areas that they shouldn’t be messing with in the first place.)


#60

Alright rad.


#61

Decided to see if this plugin worked, I didn’t even think the place I was in had any viruses until it scanned and returned 300 infected instances, thank-you so much for this plugin!