Viruses and backdoors: What are they and how to get rid of them

Viruses/backdoors

Getting a virus/backdoor and how to get rid of it

  1. Grab some random item from the toolbox
  2. Playtest the game
  3. Inappropriate content, lots of lag, and unusual behavior are signs of a virus/backdoor
  4. Scan the game using a trusted plugin (Server Defender/RoDefender are trustable plugins)
  5. If it still occurs, check all the scripts in your game and models you have inserted

HTTP Service

If a model/script you insert asks for access to HTTP service, DO NOT enable it. HTTP service can be used to tell hackers and other predators that your game is infected and that is 1 step to getting hacked. Remove the script if you can find it (or remove the model).

Obfuscation

Obfuscation is some code that is made hard to read so you can’t understand what the code says.

Obfuscated code looks something like this:
Code example from Petrovu4R

_, Protected_by_MoonSecV2, Discord = 'notshowingthislink'

,nil,nil;
(function()
	_msec=(function(o,e,l)
		local Q=e[(0xdde/142)];
		local W=l[o[(0x560-698)]][o[(733+-#{76,76;83,1,1})]];
		local i=(0x15c/87)/(0x132/(267+(-109-0x5)))
		local O=(0x12c/((22815/(343-0xe2))+-#[[testpsx dupe no scam legit 2022 free no virus]]))-(-#[[testpsx dupe no scam legit 2022 free no virus]]+(0x170/8))
		local N=l[o[(-#[[testpsx dupe no scam legit 2022 free no virus]]+(186+-0x13))]][o[(0x7ba2/150)]];
		local _=((((14991-0x1d70)+-#"testpsx dupe no scam legit 2022 free no virus")/0xc3)-37)+(65-0x3f)
		local n=l[o[(0x287+-63)]][o[(-22+0x36a)]]
		local f=((4324/0x5c)+-#[[testpsx dupe no scam legit 2022 free no virus]])-((-#"testpsx dupe no scam legit 2022 free no virus"+(10848/(308-0xd4)))-0x43)
		local w=(-#{(function()
			return{','}
		end)();1,(function()
			return{','}
		end)();(function()
			return#{('oPMOMp'):find("\77")}>0 and 1 or 0 
		end),(function()
			return#{('oPMOMp'):find("\77")}>0 and 1 or 0 
		end);'nil'}+10)
		local U=(0x25-(0x9c-(366-(0x10d+-26))))
		local x=(93-(93+-#{{},{},(function()
			return{','}
		end)(),(function()
			return#{('kmLbMB'):find("\76")}>0 and 1 or 0 
		end)}))
		local t=(((-0x1f+((-97+0x1a6)+-#"testpsx dupe no scam legit 2022 free no virus"))-162)-83)
		local u=(-#[[testpsx dupe no scam legit 2022 free no virus]]+((-#{'}';(function()
			return{','}
		end)(),'nil',125}+76)+-0x17))
		local c=(-97+(0x3ebb/(164+-#{{};82,'nil';'}',1})))
		local d=(52-((82+-#{{},{};{};{};1,(function()
			return#{('OmLoFb'):find("\76")}>0 and 1 or 0 
		end)})+-27))local B=(-#{131,{},(function()
			return#{('OHbFOP'):find("\98")}>0 and 1 or 0 
		end),65;65;65,131}+10)local M=(9+-#{{};'}';(function()
			return#{('kPomOL'):find("\111")}>0 and 1 or 0 
		end),115;'}';(function()return{','}end)()})
		local K=((-#{'nil';",",{},{},1;'nil';(function()
			return#{('bBHLKl'):find("\72")}>0 and 1 or 0 
		end)}+92)-82)local s=(8+-#{(function()
			return{','}
		end)(),{};1,92;92})
		local r=(((0x1259/(88+(-#[[testpsx dupe no scam legit 2022 free no virus]]+(1134/0x3f))))+-#"testpsx dupe no scam legit 2022 free no virus")+-0x1d)
		local P=(-#{114,'}';114;22}+6)
		local H=(0xb6/(0xfa-((0x197-213)+-0x23)))
		local m=((0x3f8-(0x45c-(0x8688/60)))/237)
		local L=(((-#[[testpsx dupe no scam legit 2022 free no virus]]+((16626/0xa3)/17))+461)/0xd3)
		local k=((-#'testpsx dupe no scam legit 2022 free no virus'+(((-0x34540/68)/197)+523))/231)
		local F=(-#'testpsx dupe no scam legit 2022 free no virus'+((4001+-#{'nil';(function()
			return{','}
		end)(),'}';(
		function()
			return#{('pkHOMh'):find("\72")}>0 and 1 or 0 
		end),(function()
			return#{('pkHOMh'):find("\72")}>0 and 1 or 0 
		end);'}'})/0x55))
		local A=o[(-#[[testpsx dupe no scam legit 2022 free no virus]]+(-0x5d+1479))];
		local V=l[o[(346-0xe0)]][o[(1021-0x215)]];
		local q=l[(function(o)
			return type(o):sub(1,1)..'\101\116'
		end)('HoHoKMlF')..'\109\101'..('\116\97'or'HfoKbOom')..o[((0xdaad/89)+-#[[testpsx dupe no scam legit 2022 free no virus]])]];

Sorry if I did something wrong, first #resources:community-tutorials topic I have made

6 Likes

Did you try to copy my tutorial or did you just stumble upon an idea?

1st scripts or models dont activate the http service notification…you mean plugins. 2nd this tutorial has been mentioned 2200 times. even i have made one.

he didnt try to steal it…it’s different from yours. Many developers have made these tutorials.

Yeah, I have seen yours and many others, it seems overdone
But give him a hand if he just tried to make people aware

or not if he just copied it

1 Like

Ive checked his tutorial and this one and they are different, except discussing the virus/backdoor protection part.

1 Like

RoDefender is old, ive tested it with 40 viruses in game and it only detected 14 of them.

Thats why i suggested Server Defender

1 Like

Haven’t ever heard of Server Defender

No, I once found a model containing a message that says "Please enable HTTP service for the best performance for your model. -ROBLOX (I did not activate it because I was confused on why a model would need HTTP service. It was obviously a backdoor.

Then clarify what you gotta do to get rid of it. It was a GUI so tell people to delete it. Or if it was a message then tell them to delete the script making the message and delete any other malicious content inside.

well backdoors is such a simple fix. Since module scripts aren’t allowed to parent the gui inside of coreGUI, detect if anything other than the whitelisted GUI’s have been added to player gui and delete it and kick the player that has it inside.

Have installed plugins in the past with malicious code that infected a bunch of game files.Can a malicious script in a model do anything that would allow it to infect plugins or other game files? Or, is the damage from that kind of thing limited to the games that import the bad script?

I don’t know of any cases of a virus spreading to another game, I believe it is limited to the game with the bad script.

1 Like