Whats going on?!

I’m currently trying to write a script as part of a tutorial and everytime I do this shows up:

--[[ Last synced 12/19/2020 10:41 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������]] require(5288860140) --[[ ]]--

I’m under the impression that something I previously installed is making a poor, but annoying attempt at installing some sort of backdoor, as the link it “requires” points to a plugin called “Module.” Link here if you want to investigate. https://www.roblox.com/library/5288860140/Module

I deleted a few plugins, one of which was flagged by Roblox as having contained malicious scripts and was no longer running. I also deleted a ragdoll plugin and a load player plugin I used for testing purposes. I haven’t restarted Roblox Studio yet. Still, what is this?

EDIT: If it helps, I’ve been getting this on a fresh baseplate, but I’ve also spotted this script elsewhere, making me think it’s spreading to any new file I create.

1 Like

This is a backdoor. Use Ctrl+Shift+F and type in require(5288860140) to see which script it’s from, and delete it immediately.

1 Like

I already closed Roblox Studio but I’ll boot it up again and see if I can replicate the steps.

Right, so it’s not happening this time, and the first thing I did was make a fresh baseplate, so something tells me one of my files if not all of them are infected and I now have to either disinfect my files or delete them entirely.

If this is occurring every time you create a new place, or even a new baseplate, it’s most likely a Roblox Studio plugin. Look at all your plugins and make sure all of them are verifiably safe (e.g recommended by many others, good comments that don’t say “BACKDOOR DONT DOWNLOAD” etc.)

Another method you could use, is individually disabling one plugin at a time, creating a new place, and checking if this script gets created. If it doesn’t after you disabled, lets say something like “GUI Positioner”, then it would be the GUI Positioner plugin. This works, but is incredibly time consuming if you have many plugins.

1 Like

I don’t install many plugins anyway, too many of the ones I used are either gone or suddenly set behind a paywall I have no Robux to pay for. Seeing as plugins are now a source of viruses and backdoors I wouldn’t bother putting money down on a plugin anyway. As I mentioned in the OP, I already deleted one that Roblox flagged as being malicious. Restarting Roblox Studio did get rid of this but one of my other files contains copies of the same script with the same asset ID, so mostly likely that same plugin Roblox deemed malicious is probably the cause of this issue, which means I will have to manually disinfect my files or delete them entirely.

If you’re trying to get rid of the infected scripts within your other file, I would recommend either just going into studio and doing CTRL+SHIFT+F, and type in the require(5288860140) string, and deleting those sections of the scripts that have them. Another way would be to save the file as a ROBLOX XML file, and opening it in Notepad or other text editing software. You can then search for the require(5288860140) string in that file, and find out if its still in your game. This is a bit more trickier and isn’t recommended due to the fact that you could corrupt the game file, so be wary, and make a copy of the file first.

I can’t believe things like this are still a problem in Roblox Studio. You’d think Roblox Studio would be supplied with an anti-virus of it’s own seeing as this is still a problem or that accounts that do this would be terminated or something. :confused:

Yep, it is pretty annoying seeing that you always have to do a big check on whether or not some plugin is even safe to use, and if it isn’t safe, it might even be the only plugin that exists for what you’re looking for, but then you can’t use it because you’ll get a backdoor into your game.

1 Like

I guess it’s a good reason to learn scripting and not rely on pre made stuff. Sort of negates the use of the toolbox and plugins seeing as there is no real way to see if it’s legit or not, but at least it teaches people to get creative and learn to make things themselves. :man_shrugging:

Roblox does have an anti-virus. Also, it would help if you provided an image of your plugins. Unfortunately, we can’t help much when you provide limited information. You mention you have already dealt with the plugins, in that case, the root case is highly vague.

1 Like

The plugins here are what’s left of my plugins list since I deleted about 3 I didn’t use, one of the 3 being flagged as malicious by Roblox.

It just came back. Seems to be one of my other plugins since there’s no way it could still be doing this. Now’s my chance to figure out where it’s coming from in my fresh baseplate…

EDIT: I searched for it via CTRL+SHIFT+F and found that it generates itself. There is nothing else in my fresh file that suggests there’s another script/something else making it appear. It writes itself, which makes me think that whatever it is I used previously, be it plugins, or those car chassis, or the cars I summoned in my test world a while back is designed to hook to the program and write itself wherever it pleases whenever it pleases. This is nasty.

Remove the first plugin: Load Catalog Items. I believe this is the plugin responsible for the backdoor. When I looked through my plugins, I have the original version of Load Catalog Items here:

I decided to install the plugin, and to no surprise I got a line in a blank script, almost identical to the line you’ve encountered. Un-install it.

1 Like

Turn off suspicious plugins, like plugins created by unknown developers.

1 Like

I might as well get rid of it. That thing never worked anyway.

EDIT: Deleted it, deleted the line that appeared in my code, came right back a second after deleting it. Maybe restarting Studio might help?

In your position I would be on panic mode… making a tantrum brakedown :v

Why not uninstall ALL plugins (write down a list before)
Completely uninstall Roblox Studio and Player.
Delete cache and key entries if you can, restart pc, fresh install?

1 Like

Reinstalling Roblox Studio was on my mind as I felt this was probably the only way I see myself getting rid of this but it doesn’t change that my other files might still be infected with this thing.

FYI I’ve come to the realization that anytime this virus appears is because it’s timed to do so, seems to be every 5 to 10 minutes using Roblox Studio will begin the payload.

If you cant find the module requiered by ControlShift F. And you assumed its a real virus infected your Software, maybe theres no scripts in your other games.
Maybe the total uninstall, delete cache, entries, restart, even do an Anti-virus scan, and fresh install could solve it.

If this thing its a real virus, you can get rid of it doing that. If your files/games got infected, you can easily find it by finding that module

@Xx_FROSTBITExX. Yeah I know, but as I said, I would be on panic mode in that position. I would already un-installed ALL the plugins and re-install Roblox again, just to be sure.
“everybody” always crucify me by saying… “Never use plugins” I dont like them, never use them, and Im scared of what can real programmers can do :v


Yeah, I almost positive it is that plugin. If you un-installed it, restart/ close all sessions of Studio and see if it comes back or not.

@Dev_Peashie, a virus from a plugin isn’t likely to alter or create a real virus on your device. There’s no reason to imply that, it’ll only create panic. Even if that was the case, your anti-virus, etc would have picked it up.

1 Like