V2.1 - Plugin: Hidden Backdoor/Infection Script Detector (Detects/Removes infections from malicious plugins)

Wouldn’t you be able to go based off of certain words in the code or names? If not, that’s okay. But it’s kinda not a backdoor detector if it just detects litreally any script it finds…

“not a backdoor detector if it just detects litreally any script it finds” I strongly disagree. If there are scripts in locations not viewable to the client then it should be assumed to be an infection, especially since the exploit this plugin was originally intended to combat (which is now patched) would be located in an area where the plugin wouldn’t have the security context needed to be able to view the name or source of the script, only a rough estimate of it’s location thus leaving the plugin with no choice but to assume if a script is hidden away in an obscure location then it is a malicious script. I added the settings to customize the hidden locations for the sole reason that I understand that some services such as CoreGui are used by some developers and may be used by their plugins. If I only based it off of “certain words in the code or names” then that would open a giant vulnerability where a malicious script just has to add these words/names in order to bypass the scan entirely.

I think CoreGui should at least be more open to the user, and be turned off by default, or there should be a popup asking if u want it to scan that at setup.

otherwise plugin resources might get deleted, even yours. And i dont think plugin resources (mainly UI) come back that easily if they are deleted. Unless if you update or re-install the plugin.

The plugin follows the defaults of the ROBLOX studio which by default CoreGui is hidden unless enabled by the user. “plugin resources might get deleted, even yours” My plugin doesn’t inject any scripts into the game and there are multiple routes to prevent a false positive on a script you trust including allowing CoreGui or enabling script hashing whitelist. Also this plugin only scans for “Backpack” and script (Script, LocalScript, etc.) objects so it shouldn’t alter anyone’s UI. If you’d like to continue this I’d rather moving to the PMs/DMs so as not to continuously bump this thread with our disagreements.

k i have another arguement, ill dm u on roblox or on dev fourm

1 Like

This still work??? I got a hidden script that keep creating a RemoteEvent in ReplicatedStorage

What if the script is obfuscated though. Because I’m sure this plugin also looks for require’s and what if that require().load was obfuscated??

This no longer works. I get an infinite scan time.

It is better to just use the watch tool and search for ‘getfenv’ for ‘require’, as that is what most backdoors use.

These malicious scripts are normally named Fix, Weld, Debounce, and etc. They contain a comment that says something like “This is a script of ROBLOX”.

Sometimes the entire script looks blank, or there is a really long piece of code.

Just delete the right scripts and you will be fine! :smile:

3 Likes

Thank you, I was looking for something just like this. I recently ran into a plugin that ruins your game, thankfully my friend is a professional scripter and builder and noticed this immediately when I logged onto team create. Hopefully this can save me! Thanks!

2 Likes

Do you have the original Kohls Admin model in your game? Because kohls admin keeps adding RemoteEvents in ReplicatedStorage.

Doesn’t even do anything. It just keeps loading and loading and loading. Untrustable.

Would it be possible to opensource this plugin (provide an updated version of the scripts) to ensure that it’s doing exactly what it says it’s doing? I know the list of plugins is opensourced, but it would be nice to have more assurance on the plugin itself.

But the scripts are in places you can’t see

All plugins are open sourced (or used to be?) Just gotta insert the file that roblox downloads to your studio folder in a game. The plugin is very outdated and only moderately works now. I’m still debating on whether I want to rework it and bring it up to date or just leave it as is as the original exploit this was created to combat has been patched out.

2 Likes

I have found a virus script the plugin is not able to detect