V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

studio
#84

I looked into the error. This is due to a misnamed variable which caused users who had require turned off (or who failed to load the required module for any reason) to error out partially through the scan. (At the point that it began checking for known malicious plugins.)

I’m pushing out a patch for this now. This will be fixed as of V2.1.1

2 Likes

#85

I’m still having to wait upwards to minutes to use this on ‘large games’. My computer is beefy, is there just a way to let the script run as fast as possible? Maybe use a tick() interval to check and wait on instead, I don’t mind an FPS drop, I just want it done fast.

Edit: Maybe have a modification like this?
Would just make studio look choppy, and help get the script done faster…
image

3 Likes

#86

Is there any way to make it scan other people’s inventories? I’ve found some reappearing infected scripts in a team create place and I don’t know who is causing it so being able to scan everyone’s inventory will really help.

1 Like

#87

I doubt, the plugin is installed on YOUR account, they might have to get it too and run a scan.

1 Like

#88

Batch processing would be a better way to go about it. Here’s an example using a numeric for loop.

for index = 1, 1000 do
    if index % 10 == 0 then
        wait() -- This would go through 10 iterations before waiting
        -- effectively 300/second
    end
    -- Code goes here
end

And for a recursive function

local iteration = 0

function apply(object)
	iteration = iteration + 1
	if (iteration%10 == 0) then
		wait()
	end
	-- do something to the object
end

function recurse(parent)
	for k, child in pairs(parent:GetChildren()) do
		recurse(child)
	end

	apply(parent)
end

recurse(workspace)

Edit: 300/s is honestly really slow. With a i7-7700k, I had 1% CPU usage at 6000/s with this code and 18,709 parts nested in each other.

2 Likes

#89

I have fixed this with my revised version you can find here: https://www.roblox.com/library/2846769233/Widgeons-Modified-Hidden-Script-Remover

It will take up 0.1 ms of CPU time per frame which will perform tons faster, as well as give you ETA updates and % done!
image

0 Likes

#90

i use rig edit to make rigs for animate.
your modified and @Christbru01 plugin detects the rig edit as malicious.
woud be nice if u guys coud check and remove rig edit from the list of malicious.

0 Likes

#91

I know of this which is why I added the script whitelist system. You can enable it in the settings and next time you run a scan which comes back as the script being a false positive you can click “Whitelist” and select the script from the list to prevent it from being treated as an infection in future scans. The reason I don’t make this inherently or globally treat the script as a false positive is because the only effective method to do this would be that I add another layer of source scanning specifically for preventing false positives which would require distributing known/trusted sources to the plugin. I don’t want to add more to the scan (which could slow down the scan) for stuff that the majority of users wouldn’t encounter though I do acknowledge the issue which is why I built the whitelist system so that users can prevent this false positive on a per-user level if they need it.

2 Likes

#92

Thanks for this, recently discovered this in one of my games. I’m guessing from a free model script line counting plugin (speaking of, anybody know of a good/safe plugin that will do this automatically?)

41-44 infections were removed in one map. 6 infections removed in another. Oof.

On that note, is there a difference in effectiveness between the versions by @Widgeon and @Christbru01? I’m thinking there isn’t, but Widgeon’s version is much faster. Like 1.5 minutes instead of 5+ minutes.

0 Likes

#93

Widgeon’s version is just faster as far as I’m aware.

2 Likes

#94

Seems like it’s broken, it outputs The current identity (5) cannot Class security check (lacking permission 6).

2 Likes

#95

That’s due to a recent change with tostring in Release 377. That being said, this plugin isn’t necessary anymore since the security flaw that was being exploited by malicious plugins was patched a while back (scripts no longer run in Backpack instances outside of a player).

3 Likes

#96

Yeah, the problem, in particular, is the one relating to new protections on locked instances.

Roblox%20Change%20Picture

It went live at the same time as the plugin broke.

4 Likes

#97

Hi, I recently got a backdoor in my game and I’m pretty upset.
When I try to load your plugin, I get this error:

The current identity (5) cannot Class security check (lacking permission 6
Stack Begin
Script ‘Plugin_2670956620.Hidden/Infection Script Remover.Made by Christbru01’, Line 493
Stack End

Help would be appreciated
Thanks

4 Likes

#98

This question was already answered. Please see the above post.
For your benefit, I have quoted it below.

1 Like

#99

Thanks, I guess this was just bad timing

0 Likes

#100

Did the patch get rid of already existing malicious scripts that used the flaw?

0 Likes

#101

The patch would make sure that any existing infections won’t run, and if any new infections are placed there, they won’t run either.

So, in short, yes. The patch makes this plugin redundant, but it couldn’t hurt to check and remove these.

1 Like

#102

It made it so they will not run, as CodeNinja said. If you want to directly inspect your game, you can go to Settings -> Studio and set Show Hidden Objects in Explorer to true. Among other things, this will show you the CSGDictionaryService and allow you to check inside to confirm there’s no scripts/backpacks. Leave the Value objects in there alone.

1 Like

#103

Building on this reply, there should be no scripts in places like TweenService or certain others. If you find scripts in there and they look suspicious, be sure to delete them.

However, make sure you do it when the game isn’t running. Sometimes, roblox puts scripts in these places at runtime, making it a bad idea to just delete them.

1 Like