Jump to content

acad viruse


wrha

Recommended Posts

i have acad viruse on my pc effect on autocad commends i dont know how i can remove that acad lisp .

i use my anti viruse it not valid with that viruse i hope if any one can help me .

thanx

Link to comment
Share on other sites

  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

  • Ahankhah

    22

  • ReMark

    19

  • tanyakorban

    8

  • wrha

    5

;;; ==========================================================================
;;; File     : clean_virus_safe.lsp
;;; Version  : 1.0
;;; Date     : 14 August 2009
;;; Author   : Steve Johnson after Autodesk, based on suggestion by Jimmy
;;;            Bergmark.
;;; Purpose  : Checks for existence of acad.vlx and logo.gif files, which are
;;;            associated with virus AL/Logo-A, also known as ACAD/Unexplode,
;;;            ACAD/Agent.A or ACM_UNEXPLODE.B. Written as a safer alternative
;;;            to Autodesk's code which deletes suspect files without
;;;            prior warning. This code renames the files instead.
;;; Legal    : Provided as-is with no warranty whatsoever, use at own risk.
;;;            May be distributed freely.
;;; Usage    : Append the contents of this file into a startup LISP file
;;;            (e.g. acaddoc.lsp in your search path - create such a file if
;;;            it does not exist). Autodesk's suggestion to modify the
;;;            acad20xx.lsp file should not be followed: this is bad practice.
;;;            The acad20xx.lsp file is Autodesk's file and any modifications
;;;            you make to it are likely to be lost when updates and patches
;;;            are applied.
;;; Effects  : Any and all files named acad.vlx and logo.gif and located in
;;;            AutoCAD's search path will be renamed, e.g. "acad.vlx" will
;;;            become "[suspected Virus] acad.vlx0". The name will end in a
;;;            number starting with 0. If other suspect files are later found
;;;            in the same location, those files will be renamed to end with
;;;            1, 2, 3 and so on.
;;; --------------------------------------------------------------------------
;;; Structure:
;;;  clean_virus_safe.lsp
;;;  `--clean_virus_safe
;;;     `--make_new_name
;;; ==========================================================================

(defun clean_virus_safe (ALERTBOX / make_new_name
                                   full-name path-only # new-name rename-msg)

 (defun make_new_name ()
   (strcat "[suspected Virus] " virus-file (itoa #))
 ) ; End make_new_name

;; Start clean_virus_safe ----------------------------
 (foreach virus-file '("acad.vlx" "logo.gif") 
   (while (setq full-name (findfile virus-file))
     (progn
       (setq
         path-only
          (substr full-name 1 (- (strlen full-name) (strlen virus-file)))
         # 0
       )
       (while (findfile (make_new_name))
         (setq # (1+ #))
       )
       (setq
         new-name (strcat path-only (make_new_name))
         rename-msg
         (if (vl-file-rename full-name new-name)
           (strcat
             "Renamed suspected virus file:\n "
             full-name " to\n " new-name
           )
           (strcat
             "ERROR: Could not rename suspected virus file:\n "
             full-name " to\n " new-name
           )
         )
       )
       (princ (strcat "\n" rename-msg))
       (if ALERTBOX (alert rename-msg))
     )
   )
 )
 (princ)
) ; End clean_virus_safe

;; Call the (clean_virus_safe) function with or without alert box:
(clean_virus_safe nil) ; Does not use alert box
; (clean_virus_safe T) ; Uses alert box
;; One of the above lines should be commented out (i.e. start with a semi-colon).
(princ)

Edited by SLW210
Link to comment
Share on other sites

Why would someone create a virus for us? (Aside from being a total jerk...)

I wont use any vlx LISPs for now on.

People shouldn't post them.

Link to comment
Share on other sites

Why would someone create a virus for us? (Aside from being a total jerk...)

I wont use any vlx LISPs for now on.

People shouldn't post them.

It's a conspiracy man! Norton and McAfee are paying dudes write viruses to hack your box so you'll buy their 'prevention' software!

Link to comment
Share on other sites

To get rid of the virus, Follow these instructions:

1- Download http://www.irancad.com/irancadsd_content/media/image/2011/01/121_orig.zip

2- Decompress the file.

3- You will find a file named: KillWorm.fas.

4- Enter AutoCAD.

5- Issue "APPLOAD" command.

6- You see a dialog box titled: Load/Unload Applications.

7- Locate KillWorm.fas in the area above.

8- Press Load botton.

9- Press Close botton.

10- An alert box opens, showing that you must enter "KW" to run the command.

11- Issue "KW".

12- At the prompt: "Select option [Active/Passive/ALL/?]: " enter:

Active to search, find, then kill the virus if it is active.

Passive to search, find, then kill the virus even if it is not currently active.

ALL to search all local drives and folders.

? to see a brief help about the command.

 

This program not only kills the virus, but also vaccines all LSP and MNL files from future comming viruses.

Edited by Ahankhah
Link to comment
Share on other sites

To get rid of the virus, Follow these instructions:

1- Download http://www.irancad.com/irancadsd_content/media/image/2011/01/121_orig.zip

2- Decompress the file.

3- You will find an file named: KillWorm.fas.

4- Enter AutoCAD.

5- Issue "APPLOAD" command.

6- You see a dialog box titled: Load/Unload Applications.

7- Locate KillWorm.fas in the area above.

8- Press Load bottom.

9- Press Close bottom.

10- An alert box opens, showing that you must enter "KW" to run the command.

11- Issue "KW".

12- At the prompt: "Select option [Active/Passive/ALL/?]: " enter:

Active to search, find, then kill the virus if it is active.

Passive to search, find, then kill the virus even if it is not currently active.

ALL to search all local drives and folders.

? to see a brief help about the command.

 

This program not only kills the virus, but also vaccines all LSP and MNL files from future coming viruses.

 

Some virus killers find virus affected acaddoc.lsp or acad.lsp files and delete them immediately, ignoring the probable correct code in the begining of them, so when you are running "KW", disable antivirus guard temporarily.

Edited by Ahankhah
Link to comment
Share on other sites

Call me skeptical but I would not run a *.fas routine that was downloaded from some unknown website until I knew exactly how it worked and what the ramifications of using it would be. One cannot be too careful these days. For example, someone can be visiting a website and suddenly a message appears stating the user's computer is infected. Then they are prompted to download the "fix" for the problem only to find out later on that the "fix" was actually a virus or malware. By that time it's too late... the damage has been done.

 

What is the source of killworm.fas? Who wrote it and when?

Will you personally vouch for the effectiveness of killworm.fas?

Have you ever used it?

Can you point us to a review written by someone who has used it?

Link to comment
Share on other sites

Let me add to my earlier post, i will not load any .vlx or .fas files.

HA!!!!

 

Just post the code.

If not, then charge people $$ for it so that you can back up your claims that its legit and not corrupted. And you can really feel guilty and may even get banned for selling jacked up code.

Link to comment
Share on other sites

Call me skeptical but I would not run a *.fas routine that was downloaded from some unknown website until I knew exactly how it worked and what the ramifications of using it would be. One cannot be too careful these days. For example, someone can be visiting a website and suddenly a message appears stating the user's computer is infected. Then they are prompted to download the "fix" for the problem only to find out later on that the "fix" was actually a virus or malware. By that time it's too late... the damage has been done.

 

What is the source of killworm.fas? Who wrote it and when?

Will you personally vouch for the effectiveness of killworm.fas?

Have you ever used it?

Can you point us to a review written by someone who has used it?

You are right,

nowadays reliance to unknown sources of utilities is somehow a big risk.

 

I enclose the source of my program I have written to seach, find and kill "ACADDOC.LSP worm".

You can check it, and after believing that it doesn't harm your computer, files and programs use it.

;;; KillWorm, Mehrdad Ahankhah, [url="http://www.irancad.com"]www.irancad.com[/url]
(setq KillWormVersion 1.42)
(setq KillWormDate "2011/01/04")
(defun C:KW (/ cont kw)
(setvar 'Cmdecho 0)
(command "_.LOGFILEOFF")
(command "_.LOGFILEON")
(setq cont T)
(while cont
(setq cont nil)
(initget "Active Passive ALL Select ? _Active Passive ALL Select ?")
(setq kw (getkword "\nSelect option [Active/Passive/ALL/Select/?]: "))
(cond
((= kw "Active") (C:KillActiveWorm))
((= kw "Passive") (C:KillPassiveWorm))
((= kw "ALL") (C:KillWormCompletely))
((= kw "Select") (C:KillWormSelectedDir))
((= kw "?")
(textscr)
(princ
(strcat
"
Options:
Active: Kill worm in the AutoCAD environment, if the worm is active.
Passive: Kill worm in the AutoCAD environment, even if the worm isn't active.
ALL: Kill worm in all drives.
Select: Kill worm in selected folder.
?: Help")
)
(setq cont T)
)
)
)
(command "_.LOGFILEOFF")
(setvar 'Cmdecho 1)
(princ)
)
(defun C:KillActiveWorm ()
(if (MT-WormExists)
(C:KillPassiveWorm)
(princ "\nNo worm found, aborting...")
)
(princ)
)
(defun C:KillPassiveWorm (/ FilesList)
(MT-KillWormSources)
(setq FileList (MT-FindLispFiles))
(foreach lsp FileList (MT-KillWorm lsp))
(princ)
)
(defun C:KillWormCompletely (/ FilesList) (MT-KillWormOnDrives) (princ))
(defun C:KillWormSelectedDir () (MT-KillWormOnDirs (MT-GetFolder)) (princ))
(defun MT-KillWormSources (/ found)
(foreach Worm '("acad.vlx" "logo.gif")
(while (setq found (findfile Worm))
(princ (strcat (if (vl-file-delete found)
"\nFile deleted successfully: \""
"\nError occured while deleting file: \""
)
found
"\""
)
)
)
)
)

to be continued...

KillWorm.lsp

Edited by Ahankhah
Link to comment
Share on other sites

continued from my previuos threat

(defun MT-KillWormOnDrives ()
   (foreach drive (MT-ValidDrives) (MT-KillWormOnDirs (strcat drive ":\\")))
)
(defun MT-GetFolder (/ DirPat)
   ;;(and
       (setq DirPat (getfiled "Browse for folder"
                               "Select a file in your desired folder"
                              ;;"Open a folder and click on SAVE"
                               ""
                               16
                     )
        )
        ;;(setq DirPat (substr DirPat 1 (- (strlen DirPat) 31)))
   ;
   (vl-filename-directory DirPat)
)
(defun MT-ValidDrives (/ firstdrive lastdrive n drive drives)
   (princ "\nFinding valid local drives, please wait... Found: ")
   (setq firstdrive (ascii "a"))
   (setq lastdrive (ascii "z"))
   (setq n (1- firstdrive))
   (setq drives nil)
   (repeat (- lastdrive n)
       (princ "_")
       (setq drive (chr (setq n (1+ n))))
       (if (findfile (strcat drive ":\\."))
           (progn (setq drives (append (list drive) drives)) (princ drive))
           (princ ".")
       )
   )
   (reverse drives)
)
(defun MT-KillWormOnDirs (dir / worm1 worm2 kill-it subdir)
   ;;(setq dir "q:\\"); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
   (princ (strcat "\nSearching: \"" dir "\""))
   (setq worm1 "acad.vlx")
   (setq worm2 "logo.gif")
   (if (vl-directory-files dir worm2 1)
       (progn
           (if (vl-directory-files dir worm1 1)
               (foreach worm (list worm1 worm2)
                   (princ
                       (strcat
                           (if (vl-file-delete (setq kill-it (strcat dir worm))
                               )  "\nFile deleted successfully: \""
                                  "\nError occured while deleting file: \""
                           )
                           kill-it
                           "\""
                       )
                   )
               )
               (progn (princ (strcat "\nFound but not deleted: \""
                                     dir
                                     worm2
                                     "\"\nPlease check and delete it manually."
                             )
                      )
               )
           )
       )
   )
   (foreach lsp '("*.lsp" "*.mnl")
       (foreach lsp1 (vl-directory-files dir lsp 1)
           (print lsp1)
           (MT-KillWorm (strcat dir lsp1))
       )
   )
   (foreach subdir (vl-directory-files dir nil -1)
       (if (not (member subdir '("." "..")))
           (MT-KillWormOnDirs (strcat dir subdir "\\"))
       )
   )
)

(defun MT-FindLispFiles (/ MT-BindDir fileslist found filepath)
   ;; search in search path: acadprefix
   ;; ACETAUTO.LSP, AI_UTILS.LSP, and ACAD.MNL
   (defun MT-BindDir (file) (findfile (strcat filepath "\\" file)))
   (setq filelist nil)
   (if (and (setq found (findfile "acad.mnl"))
            (setq filepath (vl-filename-directory found))
       )
       (setq filelist (append (mapcar 'MT-BindDir
                                      (vl-directory-files filepath "*.mnl")
                              )
                              filelist
                      )
       )
   )
   (if (and (setq found (findfile "acad.exe"))
            (setq filepath (strcat (vl-filename-directory found) "[url="file://support/"]\\support[/url]"))
       )
       (setq filelist (append (mapcar 'MT-BindDir
                                      (vl-directory-files filepath "*.lsp")
                              )
                              filelist
                      )
       )
   )
   (if (setq filepath (strcat (getvar 'Roamablerootprefix) "support"))
       (setq filelist (append (mapcar 'MT-BindDir
                                      (vl-directory-files filepath "*.lsp")
                              )
                              filelist
                      )
       )
   )
   (if (setq found (findfile "acaddoc.lsp"))
       (if (not (member found filelist))
           (setq filelist (append (list found) filelist))
       )
   )
   (if (and (setq found (findfile (getvar "dwgname")))
            (setq found
                     (findfile
                         (strcat (vl-filename-directory found) "[url="file://acaddoc.lsp/"]\\acaddoc.lsp[/url]")
                     )
            )
       )
       (if (not (member found filelist))
           (setq filelist (append (list found) filelist))
       )
   )
   filelist
)
(defun MT-WormExists ()
   (if (and (= flagx T) (= bz "(setq flagx t)"))
       T
       nil
   )
)
(defun MT-KillWorm
      (lsp / row lspfile cont WormFound line-read newlsp newlspfile)
   ;; delete all instances of: ACAD.VLX and LOGO.GIF
   ;; clean all instances of: ACETAUTO.LSP, AI_UTILS.LSP, and ACAD.MNL 
   ;; The acad.vlx file creates a copy of itself in the Help folder (for example, C:\Program Files\AutoCAD 20xx\Help\logo.gif). 
   (if (findfile lsp)
       (progn
           (setq row 0)
           (if (setq lspfile (open lsp "r"))
               (progn
                   (setq cont T)
                   (setq WormFound nil)
                   (while (and cont (setq line-read (read-line lspfile)))
                       (cond
                           ((and (= line-read "AutoCAD PROTECTED LISP file")
                                 (null (read-line lspfile))
                            )
                            (princ (strcat "Ignored protected lisp file: \""
                                           lsp
                                           "\""
                                   )
                            )
                            (setq cont nil)
                           )
                           ((= line-read "(setq flagx t)")
                            (if (not (or (= "" last-line-read)
                                         (= (setq
                                                line-read (read-line lspfile)
                                            )
                                            "(setq bz \"(setq flagx t)\")"
                                         )
                                     )
                                )
                                (princ
                                    (strcat
                                        "An unpredictable condition occured in: \""
                                        lsp
                                        "\" file. It shouldn't occure!"
                                    )
                                )
                            )
                            (setq WormFound T)
                            (setq cont nil)
                           )
                           (T (setq row (1+ row)))
                       )
                       (setq last-line-read line-read)
                   )                             ; while
                   (setq lspfile (close lspfile))
                   (if WormFound
                       (progn
                           (if (= 1 row)
                               (progn
                                   (if (vl-file-delete lsp)
                                       (princ
                                           (strcat
                                               "\nFile deleted successfully: \""
                                               lsp
                                               "\""
                                           )
                                       )
                                       (princ
                                           (strcat
                                               "\nError occured deleting file: \""
                                               lsp
                                               "\""
                                           )
                                       )
                                   )
                               )
                               (progn
                                   (setq newlsp (strcat lsp ".mehretaban"))
                                   (if (and (setq lspfile (open lsp "r"))
                                            (setq newlspfile (open newlsp "w"))
                                       )  (progn
                                              (repeat row
                                                  (princ (read-line lspfile)
                                                         newlspfile
                                                  )
                                                  (princ "\n" newlspfile)
                                              )
                                              (princ
                                                  (strcat
                                                      "\n;|\nFile cleaned successfully by KillWorm "
                                                      (vl-princ-to-string
                                                          KillWormVersion
                                                      )
                                                      " - "
                                                      KillWormDate
                                                      " (Mehrdad Ahankhah, Mahbad Consulting Co, [url="http://www.irancad.com/"]www.irancad.com[/url])"
                                                  )
                                                  newlspfile
                                              )
                                              (setq lspfile (close lspfile))
                                              (setq newlspfile (close newlspfile))
                                              (if (and (vl-file-delete lsp)
                                                       (vl-file-rename newlsp lsp)
                                                  )  (princ
                                                         (strcat
                                                             "\nFile cleaned successfully: \""
                                                             lsp
                                                             "\""
                                                         )
                                                     )
                                                     (princ
                                                         (strcat
                                                             "\nError occured cleaning file: \""
                                                             lsp
                                                             "\""
                                                         )
                                                     )
                                              )
                                          )
                                          (progn
                                              (if lspfile
                                                  (setq lspfile (close lspfile))
                                                  (princ
                                                      (strcat
                                                          "\nError occured opening file to read: \""
                                                          lsp
                                                          "\""
                                                      )
                                                  )
                                              )
                                              (if newlspfile
                                                  (setq newlspfile
                                                           (close newlspfile
                                                           )
                                                  )
                                                  (princ
                                                      (strcat
                                                          "\nError occured opening file to write: \""
                                                          newlsp
                                                          "\""
                                                      )
                                                  )
                                              )
                                          )
                                   )
                               )
                           )
                       )
                       (princ (strcat "\nFile is already clean: \"" lsp "\""))
                   )
               )
               (progn (princ (strcat "\nError occured opening file for read: \""
                                     lsp
                                     "\""
                             )
                      )
               )
           )                                     ; if
       )
       (progn (princ (strcat "Warning: \""
                             lsp
                             "\" file not found. It shouldn't occure!"
                     )
              )
       )
   )                                             ; if
)
(setq msg
        (strcat
            "\nKillWorm, a program to kill ACAD.LSP and ACADDOC.LSP worm, version "
            (vl-princ-to-string KillWormVersion)
            " - "
            KillWormDate
            "\n\nDesigned by Mehrdad Ahankhah, Mahbad Consulting Co"
            "\n\nVisit: [url="http://www.irancad.com/"]www.irancad.com[/url]"
            "\n\n\n\nEnter 'KW' to run the command."
        )
)
(alert msg)
(princ msg)

 

P.S. The program is newer than the above mentioned Killworm.FAS

Link to comment
Share on other sites

Let me add to my earlier post, i will not load any .vlx or .fas files.

HA!!!!

 

Just post the code.

If not, then charge people $$ for it so that you can back up your claims that its legit and not corrupted. And you can really feel guilty and may even get banned for selling jacked up code.

 

My program is free of charge for CADTutor forum members and observers. I owe more than this to CADTutor...

Link to comment
Share on other sites

Killworm.lsp as I mentioned above, after cleaning affected .LSP and .MNL files from virus, vaccines them:D.

You can find out how it works by reviewing the source code:wink:.

Link to comment
Share on other sites

Killworm.lsp as I mentioned above, after cleaning affected .LSP and .MNL files from virus, vaccines them:D.

You can find out how it works by reviewing the source code:wink:.

 

Wicked, I saw a post on another forum asking for a resolution on a virus that creates mnl/lsp files that causing havoc on their server, I never thought there was such a thing until i saw you posts.

 

I'll have a look/see at your code later

 

Cool beans

Link to comment
Share on other sites

thanx alot but i still have that viruse if u have another thing we can try it

Could you write us which messages showed you there was a virus (or worm) obstructing autocad from normal working?

Link to comment
Share on other sites

1-when i press on scrol right menu appear not pan

2-hatching not working and not appear

3-zooming very slow

when i use system variabels commends it corect prevouse conflict bu when i reopen eror com again.

thanx

Link to comment
Share on other sites

I am not sure all the mentioned problems are caused by a virus.

 

when i press on scrol right menu appear not pan
I checked "ACAD.LSP" worm affected computers, and I didn't see this.

 

hatching not working and not appear
Check "Fill" system variable. To see hatches it must be "On".

Command: FILL

Enter mode [ON/OFF] : ON

Now you must see hatch objects.

 

zooming very slow
The mentioned virus doesn't affect on the speed of ZOOM.

 

when i use system variabels commends it corect prevouse conflict bu when i reopen eror com again.
English is my second language, so I am not sure I understand what you mean... Edited by Ahankhah
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...