Lua viruses are scripts that spread to multiple objects in the place. Viruses usually affect your worlds in a malicious way, such as causing server lag or spawning unwanted objects such as fire. Viruses can also cause major damage to games by doing things such as corrupting data stored in Data Stores, causing loss of progress.
Viruses can be found in Free Model items, intentionally placed in places by potentially malicious creators while editing the place, or inserted into places by Roblox Studio plugins.
What viruses can do
Viruses can damage gameplay experiences in many ways.
- Show pop up messages using GUI elements
- Causing server and/or client lag by scripts caught in infinite loops
- Generating objects such as fire or blocks
- Clearing or massively modifying terrain
- Corrupting data store data
- Blocking access to data stores from real game scripts by spamming data store requests
- Renaming scripts or objects, making scripts reliant on checking for objects being named exactly a certain way experience errors and stop working correctly
- Disabling or deleting real scripts, causing games to lose functionality or stop working
- Giving players chosen by the virus creator access to tools and functionality to mess up game worlds any way they want, such as "admin" chat functionality
- Cause seizures by rapidly flashing colors on screen using GUI elements
Viruses cannot hack your Roblox account. Infected free models only set things in your game on fire and/or make it easier for people to exploit in your game. They could potentially give the owner admin, although it is unusual.
Viruses can come from three sources.
The most famous source of viruses are from Free Model objects. Some objects are created with virus scripts in them so that they spread to other places, and can spread to other objects which may then be uploaded as Free Model objects.
A more dangerous method of inserting viruses is by Roblox Studio plugins. They have the ability to modify script source code to secretly infect scripts that were not previously virus scripts and turn them into virus scripts themselves. Initially, these scripts may seem to not be infected as code may be inserted into the middle of long scripts, but a closer inspection can reveal code not created by the creator of the place. Viruses created in this fashion may use global variables to check if they were the original script and if so then clone themselves only once, set a global variable flag, and continue as if they were the original script, while the clones detect that the flag has already been set and function in its full malicious capacity with a new name, so that it is less likely that the viruses can be scanned.
Viruses are put inside objects that are not shown in the Explorer Window. These are known as "Hidden Classes". Common viruses will use hidden game services such as Timers or Geometry instances. Others may use joint objects like Welds, Glues, RotatePs or RotateVs.
These classes are not hidden in ROBLOX Studio 2.0 and thus the malicious scripts can be easily discovered and removed. However some of the instances in the DataModel's root is still hidden as you will see items such as the InsertService show up in the command line and not in the Explorer window.
Removing Lua viruses
Save a copy before disinfecting your place, as you do not want to accidentally remove legitimate scripts from your place. Some antivirus tools can catch words in safe scripts that will make them think they are viruses.
There have been many scripts made to combat viruses. Some plugins have anti-virus functionality, but Plugins only work when the user is editing in ROBLOX Studio. However, some plugins can also be malicious, so a check should be made in a copy of an existing place or a new place to check and make sure the plugin is not in fact malicious.
- Novus Server Manager by Chaddaking is a newly updated and highly functioning multi-purpose model. It's updated weekly to fix bugs and add new names to the malware list. It has options to set it to a designated place or remove the malware in general. Whenever a virus is found it's quarantined and logged so you can review it. Not only does it have an Anti-Virus, it also has Admin, Anti-Exploit, and much more plugins that you can toggle with ease.
- Server Defender by Madpoint83 is a very advanced Anti-Virus that doesn't only detect viruses by their name. It has 3 detection features, Name Detection, Structure Detection & Code Verification. This makes sure no virus goes undetected. This Anti-Virus has a background and a manual scanning method, it barely causes any lag while scanning your game, it is Team-Create compatible (this means it also detects viruses that get inserted by users that don't use this plugin) and it is available in multiple languages.
- Ro-Defender™ by : JetCrusherTorpedo is a fully working Anti-Virus script with basic detection.
- Guardian Angel Defender made by TGazza. Can scan, remove and restore viruses. Mainly used to remove weld viruses and lag.
- Vira Killer made by Blue_creeper841 Removes backdoors.
- Ro-Protect made by RobloxGameingStudios does a mix of all scans
Many antivirus scripts outside of plugins do not work anymore due to the fact the Source property of Scripts was locked to Scripts for reading themselves. Plugins are still able to read and edit the Source property of scripts, even though it is locked in normal gameplay. Antiviruses would read the source of the scripts and check if they do bad things, such as copy themselves or make undesirable effects. This action of locking the Source property for writing (could not be changed or edited) was highly undesirable for all scripters. The only anti-virus scripts that work are stated above.
Manual removal via text editor
You must save your place in XML format to do this, as well as have a basic understanding of the XML language (it's not very difficult to get the hang of). Then open your place file with a simple text editor like Wordpad or Notepad. (Preferable Notepad++ if you have it.) Do a search (Ctrl+F) for a word mentioned in the virus. Normally the first result will be the actual code of the script. Find the opening object tag for the script, and delete it down to the closing tag, making sure you leave nothing unclosed. Do that for as many viruses as you have, save, then open that file with Roblox Studio. After performing these steps you should check and make sure that your place works and is clean of malicious scripts.
External Anti-Virus programs
It is completely possible to create external programs for detecting viruses in ROBLOX places. ROBLOX places can be saved using XML, so if your language can open files for reading and writing and parse the XML you can make one. It would also be safer to scan places using these as the viruses themselves would not run and you can examine the Source of the viral scripts for malicious code. The basic functionality of your programming language would have to be:
- File Input/Output for reading the .RBXM and .RBXL files.
- XML Parsing to read the .RBXM and .RBXL files.
- Advanced iterations to check all objects in the file.
Distributing an outside antivirus on the ROBLOX Website would be against ROBLOX's Terms and Conditions as this would force the person to use outside links.
Preventing virus infections
Many builders and scripters have answered this question with a simple "Don't use free models!" This is the only way to protect your place 100% from getting infected with a Roblox Lua Virus. Most viruses come from and transfer themselves through Free Models. There are other ways to still use Free Models and not be infected with a virus.
Since scripts do not run when the game is paused, pause your game right before you insert the model. If you have an antivirus, it will still run if it was inserted before you paused the game. Scripts added when the game is paused will not run, so you can check yourself and with an antivirus before un-pausing the game.
However, not putting free models in the game won't completely protect you from viruses if you're using Plugins, which can have viruses in them, a not so well known fact. Scripts in installed Plugins do run even when the game is not running, otherwise plugins wouldn't work in Roblox Studio. Before using a Plugin, check in a blank place to make sure that the Plugin does not insert malicious scripts without you knowing. Run the place to make sure that nothing happens in the blank place, as if unknown scripts appear to be running in a "blank place" that means that the Plugin has inserted infected scripts into it, and would most likely take malicious actions in a real place.
Of course, if other people are involved in making a place, such as in Team Create, a few people may place malicious viruses in the place, or code them directly in the place. Make sure to check for scripts in the game to ensure that they're not malicious.
On December 4, 2018, some of the free models in the library got infected. Using these models in your place will make it easier for people to exploit in it or set everything on fire.
- Another "Lua Virus" can be found in the game Garry's Mod (commonly referred to as GMOD), although the existence of this virus has been debated by many. The thread explaining it can be found here: https://steamcommunity.com/app/4000/discussions/1/648816742798726113/