try @Jxl_s code it might work if all the scripts have been injected with exactly the same string otherwise my method
well the little comment block (it appears gray showing that its a comment) says last synced and a different date but I think thats okay bc the backdoor part which is the require() part just in some gibberish looking way is the same in every script. I see its allowing some model to be used in my game
1 Like
the comment part shouldn’t matter tho, right?
1 Like
As you can see, in the dev console, all of these scripts are being like executed if that’s the correct word I’m sorry I’m a beginner when it comes to Lua but i see all the getfenv and things like that like doing their things in each script but I also see an error message so to be safe imma just take the time and delete all of these. I also ran a security scan and deleted malicious scripts. Thanks for the help!
1 Like
Oh ok gavin must be mad now
RoSync Loader is safe, but not the one you’re using, you got a virus.
Try the script she showed?
It leads to this…?
[ Content Deleted ] - Roblox
Yea ik, I didn’t install RoSync Loader, I actually installed this intro creator plugin by rxdesire, which I have to say did give me a pretty cool intro, imma take the intro as I inspected the code for it and it seems fine, and manually delete the virus. It looks like they’re putting the Last Synced message and RoSync Loader in front of the code to make it look like it’s syncing your scripts, but the require module and the other numbers are obviously obfuscated and suspicious. Ill proceed with caution, and I probably wont give the dev credit for the intro as I don’t want to promote a virus.
1 Like
This is the model this virus was trying to insert into your game, it probably had some scripts and modules to mess with your game.
Oh ok. Iwe nt to a devforum post about this and it said the creator of this had like a bunch of different alts, some deleted. Also, the id in the script leads to a model called ROBLOX. Either way, it looked like an innocent intro creator that messed up your game with a virus, and now I have trust issues with plugins for life
2 Likes
Also, the model the script I had was leading to was probably similar to the model you sent me. They probably had many alts to spam create these models after they got content deleted. I sent a support ticket to roblox to report this group and the model.
2 Likes
That was the model it got redirected to- I literally got the model from the ID in the console screenshot lol
Oh okay. I didn’t want to look into the ROBLOX model because I didn’t know if it would mess up any other games. This is definitely weird, I’m just glad I have a way to delete it as my game is almost ready for release and this virus would allow exploiters with this model or webhook or whatever it leads toto have access to my game.
2 Likes
Wow. This same issue happens to me. But before I say anything else what is the plug-in that inserts these rosync scripts?
It’s multiple plugins. Look out for ones made by Creator Studio, or in the plugins tab on studio, say they are made by rxdesire. In my case, intro creator was the one that gave me the virus, but for others it was different. If you see Creator Studio or rxdesire or any other sketchy model by a throwaway looking bot account, it could be associated with them so I would watch out and only use trusted plugins.
2 Likes
They make the plugins seem innocent and then hide obfuscated gibberish code in the script that actually is a require() script to make it seem like its just syncing a script. Before researching this, I just assumed it was a feature Roblox added.
Well I searched up the model it’s attached to and it’s a poorly disguised mesh loader. See the attached images.
I’m assuming for now the person they were following was the person who created this virus and was actually an idiot and decided to follow themselves lol.
if the plugin says rxdesire, that definitely could be the group owner, but I think there are many alts and bots behind this. also, I think that the plugins are under the group and the models are the viruses with each different ID being inserted with each plugin you install, which was shown in my scripts.
That may be very true due to the fact load catalog items was made by ARTFVL (rxdesire) and I got a different model.
So yeah I’m just gonna cop their source code and maybe not make it a poorly disguised back door. Like bruh it legit infects itself 
EDITING THIS REALLY QUICK! AND THIS IS IMPORTANT!
Alright so basically moon animator is a virus
Proof? Well lemme tell you.
I downloaded moon animation on a alt in which I use for animating for a game I’m working on. And out of nowhere a bunch of those InFeCtIoN (or whatever it’s called) body color things popped up.
So basically moon is a virus 
Use legacy animation editor tbh.
It says the plug-in is under creation studio but idk who owns that bc rxdesire doesn’t but I think each plugin has a backdoor to it
Rxdesire is ARTFVL. Check their past usernames.