# Vehicles | Disabled

{% hint style="danger" %}
Please read the entire page!\
\
That means: Read every point one after the other! Do not skip parts!
{% endhint %}

***

## <mark style="color:orange;">What is the issue?</mark>

It seems like your server has been infected with malware. How do we know?

Vehicles disables itself, as soon as another plugin tries to copy a folder into our `Vehicles.jar` file.&#x20;

***

## <mark style="color:orange;">Folder? What folder?</mark>

These folders are called `javassist`, `directleaks`, or a random bunch of letters/numbers. The name `javassist` is the most common one.

These folders contain code, which opens a connection to a webserver and shares all kinds of data and IPs from your server.

***

## <mark style="color:orange;">How do I check for the malware?</mark>

There are multiple tools for this - Here are the top 3 we use / suggest:

* <mark style="color:orange;">Online Jar Checkers</mark> (Easiest & Fastest) ([go to page](https://scan.rikonardo.com/))
  * Use tools like the one linked above, to check your jar files. This specific site even gives you insight in the malicious code, and is easiest way to scan your plugins.<br>
* <mark style="color:orange;">AntiMalware Tool</mark> ([go to page](https://www.spigotmc.org/resources/spigot-anti-malware.64982/))
  * Follow the instructions on the page to check for infected jar files\
    \
    \&#xNAN;*Please note that this is not a plugin and not from us!*<br>
* <mark style="color:orange;">WinRar / 7Zip</mark>
  * Use WinRar or 7Zip to open the jar files and look manually for the folders mentioned above.\
    \
    \&#xNAN;*Please not that WinRar or 7Zip are neither from us, nor are we affiliated with them. This is merely a suggestion!*

<figure><img src="https://1443191861-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2PCQvW4ZYsY9W2pkDSbC%2Fuploads%2FK4ewPi8upzd9tUo9ZtvR%2FUnbenannt.PNG?alt=media&#x26;token=3c95a245-e760-40b2-85a1-a2281f636b35" alt=""><figcaption><p>These are the files which get copied into every single plugin. This is what you see when using WinRar.</p></figcaption></figure>

***

## <mark style="color:orange;">Where does that folder come from?</mark>

The folder gets copied from one plugin into every other plugin on your server.&#x20;

But whats their source? What plugin copies them?

* Cracked Plugins,
* Small, unknown plugins,
* A plugin which has bad intentions

Please keep in mind that these plugins can also come from SpigotMc, Polymart, McMarket, or other sites. We highly recommend sticking to plugins of higher quality, and plugins with high download counts.

***

## <mark style="color:orange;">How do I get rid of the infected plugins / malware?</mark>

There's only one option: Remove every `.jar` file from your server (even your `server.jar`) and download everything again. Please note that you only need to remove the `.jar` files - you can keep the config folders!\
\
Make sure to not upload them one by one, as they will simply get infected again and need to start over!

1. Stop the server
2. Remove ALL `.jar` files
3. Upload the fresh files
4. Only then start the server.

We highly recommend you run your new jar files through a tool we mentioned above, before you add them back.