Hello! I’m thinking about making an antivirus plugin! Well, I ran into a problem since my plugin will scan for viruses. Sadly I only know a few things with which it could identify viruses: For example a weird name, require, getfnv and cloning fire or smoke. So my question is what other methods do viruses use to / what exactly do I need to detect in order to find them? (And yes I googled it multiple times and I found nothing) Thanks in advance!
maybe they insert a script that has a while loop without a wait which makes a lag?
They usually fire unprotected remoteevents or make invokes infinitely yield, this may not lag depending on what they do, but it’s a very big issue nonetheless.
My dumbful brain would say something like
while true do
local haha = Instance.new("Part")
haha.Parent = game.Workspace
haha.Position = Vector3.new(0, 0, 0)
haha.Anchored = false
haha.Transparency = 1
wait(0.01)
end
are kept in models or scripts or even disguise themselves with names such as Minigame1 Module Script
with their parent is the map and seeing the main script actually functional correctly is enough to fool a Studio newbie.
Another virus is cloning messages. This script will instantly makes your game lag. Just like the script above, they hid somewhere or disguise
Third are scripts that fools non-programmers:
local yuh = require(script.ModuleExample)
if [virus check thingy] then
DeleteVirus()
end
the module script in the other hand:
function DeleteVirus()
local checkOfidkScript = require(game.Workspace.game.Workspace.Antivirus.Settings.Values.Crap.RepeatMoreCrap --I'm not going to repeat the more setting here lmao
DeleteVirus()
end
the module referring to the other module omfg:
function DeleteVirus()
--Changes all the parts to blue. And i oop-
end
So, yeah that’s the stuff my dumb brain would think of.
that virus made my laptop lagged extremely lmao.
That would not work as the exhausted error will occur.
I sometimes see scripts with hundreds and thousands if whitespaces and then suddenly a require()
or getfenv()
. You might want to check for whitespaces more than 100 or so and mark it as a virus line.