Whats going on?!

Roblox does have an anti-virus. Also, it would help if you provided an image of your plugins. Unfortunately, we can’t help much when you provide limited information. You mention you have already dealt with the plugins, in that case, the root case is highly vague.

1 Like

The plugins here are what’s left of my plugins list since I deleted about 3 I didn’t use, one of the 3 being flagged as malicious by Roblox.

It just came back. Seems to be one of my other plugins since there’s no way it could still be doing this. Now’s my chance to figure out where it’s coming from in my fresh baseplate…

EDIT: I searched for it via CTRL+SHIFT+F and found that it generates itself. There is nothing else in my fresh file that suggests there’s another script/something else making it appear. It writes itself, which makes me think that whatever it is I used previously, be it plugins, or those car chassis, or the cars I summoned in my test world a while back is designed to hook to the program and write itself wherever it pleases whenever it pleases. This is nasty.

Remove the first plugin: Load Catalog Items. I believe this is the plugin responsible for the backdoor. When I looked through my plugins, I have the original version of Load Catalog Items here:
https://www.roblox.com/library/866972013/Load-Catalog-Items?Category=Plugins&SortType=Relevance&SortAggregation=AllTime&SearchKeyword=Load+Catalog+Items&CreatorId=0&Page=1&Position=9&SearchId=8b8f7d37-a7aa-44aa-b306-9825b3d275d9

I decided to install the plugin, and to no surprise I got a line in a blank script, almost identical to the line you’ve encountered. Un-install it.

1 Like

Turn off suspicious plugins, like plugins created by unknown developers.

1 Like

I might as well get rid of it. That thing never worked anyway.

EDIT: Deleted it, deleted the line that appeared in my code, came right back a second after deleting it. Maybe restarting Studio might help?

In your position I would be on panic mode… making a tantrum brakedown :v

Why not uninstall ALL plugins (write down a list before)
Completely uninstall Roblox Studio and Player.
Delete cache and key entries if you can, restart pc, fresh install?

1 Like

Reinstalling Roblox Studio was on my mind as I felt this was probably the only way I see myself getting rid of this but it doesn’t change that my other files might still be infected with this thing.

FYI I’ve come to the realization that anytime this virus appears is because it’s timed to do so, seems to be every 5 to 10 minutes using Roblox Studio will begin the payload.

If you cant find the module requiered by ControlShift F. And you assumed its a real virus infected your Software, maybe theres no scripts in your other games.
Maybe the total uninstall, delete cache, entries, restart, even do an Anti-virus scan, and fresh install could solve it.

If this thing its a real virus, you can get rid of it doing that. If your files/games got infected, you can easily find it by finding that module

EDIT:
@Xx_FROSTBITExX. Yeah I know, but as I said, I would be on panic mode in that position. I would already un-installed ALL the plugins and re-install Roblox again, just to be sure.
“everybody” always crucify me by saying… “Never use plugins” I dont like them, never use them, and Im scared of what can real programmers can do :v

2 Likes

Yeah, I almost positive it is that plugin. If you un-installed it, restart/ close all sessions of Studio and see if it comes back or not.

@Dev_Peashie, a virus from a plugin isn’t likely to alter or create a real virus on your device. There’s no reason to imply that, it’ll only create panic. Even if that was the case, your anti-virus, etc would have picked it up.

1 Like

Well it did, haha. So it’s timed but when it appears seems completely random because it appeared 2 minutes after I made the edit to my reply to Dev_Peashie. I’m going to completely wipe my plugins and restart studio with a fresh file and see if it reappears.

Try using the [2.5K SALES!] GameGuard Anti Virus V2 [ALPHA] plugin to find and remove the virus(es) for your game.

2 Likes

For anyone wondering I did in fact delete ALL of my plugins and so far it hasn’t appeared again, will edit this post if it does.

1 Like

It could’ve been anyone of my plugins that injected that virus. I don’t know which one it was but I deleted all my plugins and it hasn’t come back yet so I think I’m in the green.

1 Like

It was probably the Tree Generator since it was made by the same dev as the one Frostbite called malicious. You can trust stravant, XAXA, AlreadyPro, Den_S, and people like that. Lots of trustworthy plugins will also have posts in #resources too.

6 Likes

Interesting. I guess I’ll avoid installing plugins from the plugins catalog then. I’ll check for an alternative to generate trees. I’m not good at modeling them or making them in Studio.

Thanks for your help, everyone! :smiley:

1 Like

This is definitely the product of a malicious plugin.

You’ve probably already done this, but you should search through all of your plugins and delete/disable the plugins made by unknown developers. I usually do even not install plugins that are made by developers with less than 1000 followers.

After that, search through all of your scripts and delete the ones that seem malicious. You can do this by using the keyboard shortcut Ctrl + Shift + F then search for keywords such as:

getfenv()
require()
string.reverse()
loadstring()
--and more

Like @rogchamp said, it was probably the “Load Catalog Items” and “Tree Generator” plugins since those are plugins made by a group called “[DeveloperX”] which is extremely suspicious.

1 Like

I’ll remember to avoid that group then. My plugins are all deleted and I will not be installing anymore unless they are from the developer forum AND trustworthy, or fit the criteria you mentioned avoid plugins made by developers with less than 1000 followers.

2 Likes

Hey! There’s a website that shows original plugins that are safe and that need to be verified. I’ll send it here!

I am a little random developer and have like 1000+ followers but 250+ botted followers (possibly more) because of scam bots, all the other followers are my friends and just some random people.