I get this is a bit redundant, but check your plugins. Follow these steps:
Go to the Plugins tab, on the left you will see a Manage Plugins button. Click that.
The folder that pops up should be blank (or a “you don’t have any plugins message,” I’m not sure) if you have no plugins
EDIT: really redundant
Correct. Blank
(30 charssssssss)
Have you checked the system’s local plugin directory?
The Plugins Folder button should take you to it.
Yep, tried it. No success.
30charssssss
This thread is going way off track and I want to fix this.
Main thing to disclose, I currently have a diploma in cybersecurity and currently doing my undergraduate degree in cybersecurity. I am a security and privacy advocate. On top of this, an example of my work is from A Noob's Guide to (Online) Security in which I peer reviewed. I intend to talk from a position of knowledge.
I have not read every single reply. Apologies for any repetition if so.
FIrstly, that script in the original post provided should be removed. Validate that the script does not return after saving and playing the game as normal.
After checking everything, you may begin to slowly return back to normal. Check each plugin directly to validate the content of each plugin, ensure you use only the official plugin and check what each plugin is doing.
Check the content of each and every script to validate similar behaviour as above. Getfenv, HTTPService and require (require does not always use an ID) may highlight scripts and behaviours which you do not intent.
You may find it helpful to ensure you have enabled antimalware software on your device, you could scan the device to make sure (even if it’s a new device)
While this is a good idea in concept and does limit some specific issues to one week, depending on the nature of how your security model you may be actively harming your security based on NIST guidelines on this topic. You should be using passphrases (such as diceware passwords) or long complex passwords (from a password manager)
Oh and talking about security, take a peak at A Noob's Guide to (Online) Security
I can only think of one thing here, which is the plugins.
I didn’t see if this has been said earlier, but what i think what has happened is that one of the plugins, if not most of them, had their owner “hacked”, and could possibly have changed those, and inserted something malicious.
Though as you said, you turned off all of them, leading at least me, to have no other actual ideas on this case.
Also, just a question, what is the maximum amount of characters that you can put in “your”/a roblox password?
Always got to keep on top. Great to see you’ve gone to that level but good to make sure you are compliant and on top of the modern standard.
I don’t know what the max is but I have been able to use 2048 length password before.
I actually have a 64 digits password, should i use a 2048 digits one?
And sorry for being off-topic.
This is getting a bit off-topic. Can someone help me with solving this problem?
In short no. Refer to your security model for further details. Free feel to message me in other locations if you want to speak further on this. Either here on the DevForums, email or on other social media.
To refer to above, please go through the content of
to validate that the issue has been minimised or stopped. Please reply with any further details.
@recanman, did you try testing in-game? To check if it is like a backdoor, and has made your game vulnerable.
I’ve tried everything in this with no success.
It happens in game too
30 charssssssss
Just to make sure, that you have done…
- You have validated every single Roblox plugin on your Mac [including full source code review and validation of correct ownership]
- You have validated every single script (local, server or modular) for abnormal code action.
- You have deleted the script you provided from the game.
- You have active anti-malware technology running
- You have checked every single service in the game (including normally hidden ones)
Is this true?
That is these settings in Roblox Studio settings, which show this in the explorer
Could this work: Make a script inside studio (or a command) which deletes all the virus scripts at once (or as close as you can get to that) and see if it comes back
-
I have uninstalled all my plugins and I deleted all sources of code with malicious things in them (the original script), but it keeps replicating.
-
I have 4 scripts, 2 modules, 1 localscript, 1 script
They are validated and I have checked for whitespace and hidden places where code can be inserted -
I have deleted it, but it keeps replicating itself in a matter of less than a second.
-
I have malwarebytes, an anti-malware technology running. I did a deep scan a few minutes ago, and it has found 0 threats/viruses.
-
Yes. Looked up script in explorer with hidden services on, found nothing except 1 script I mentioned in serverscriptservice.
Those are on
30 charsssssssssss
Does this issues exist only in that game or in other games? Does this issue exist in previous versions of the game? (Refer to any backups you have)
I suggest going in place history, in place settings to restore to a previous version.