Jump to content

acad viruse

wrha

By wrha
in AutoLISP, Visual LISP & DCL

 Share

Recommended Posts

ReMark Grand Master

ReMark

Posted
Posted

Ahankhah last visited CADTutor back in April of 2013.

 

It sounds like you have reinfected your system which could only mean you are opening previously infected files. Until you stop doing so you'll continue to have a problem.

Link to comment
Share on other sites
  • Replies 97
  • Created
  • Last Reply

Top Posters In This Topic

  • Ahankhah

    22

  • ReMark

    19

  • tanyakorban

    8

  • wrha

    5

Popular Days

Top Posters In This Topic

Popular Days

tanyakorban Rookie

tanyakorban

Posted
Posted

It sounds like you have reinfected your system which could only mean you are opening previously infected files. Until you stop doing so you'll continue to have a problem.

what i meant is that before monday, i never had this problem.

i've been having this problem since monday morning (this most probably came from a USB plugged into my pc)

i applied his fix just now, today, right before i posted on this forum (i've been looking up a fix all afternoon) and it didn't work.

 

any suggestions?

Link to comment
Share on other sites
ReMark Grand Master

ReMark

Posted
Posted

Are you sure you followed the instructions to the letter? Sometimes all it takes is a tiny misstep to negate everything that comes afterwards. I speak specifically about the following line in a secondary post by Ahankhah...

 

"...so when you are running "KW", disable antivirus guard temporarily"

 

Did you follow this step as well?

Link to comment
Share on other sites
tanyakorban Rookie

tanyakorban

Posted
Posted

"...so when you are running "KW", disable antivirus guard temporarily"

 

Did you follow this step as well?

 

yes, antivirus disabled.

Link to comment
Share on other sites
ReMark Grand Master

ReMark

Posted
Posted

Which of the three options did you choose? Active / Passive / All?

 

BTW...you must have admin rights to your computer.

Link to comment
Share on other sites
tanyakorban Rookie

tanyakorban

Posted
Posted

All 3. i am the admin

 

let's run this again:

 

-disable antivirus

-launch autocad,

-appload

-select "KillWorm142.lsp", load, close

-KW, then "active": "No worm found, aborting..."

-KW, then "passive":

"File is already clean: "C:\Users\user\AppData\Roaming\Autodesk\AutoCAD 2012 -

English\R18.2\enu\support\acadappp.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\3d.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\3darray.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\acad2012.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\acad2012doc.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\acadinfo.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\ai_utils.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\attredef.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\edge.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\mvsetup.lsp"

File is already clean: "C:\Program Files\Autodesk\AutoCAD 2012 -

English\support\sample-profile-util.lsp"

File is already clean: "C:\Users\user\appdata\roaming\autodesk\autocad 2012 -

english\r18.2\enu\support\acad.mnl"

File is already clean: "C:\Users\user\appdata\roaming\autodesk\autocad 2012 -

english\r18.2\enu\support\acetmain.mnl"

File is already clean: "C:\Users\user\appdata\roaming\autodesk\autocad 2012 -

english\r18.2\enu\support\AecArchxOE.mnl" "

 

-KW then "all", it takes time to finish but it says nothing about any worm or virus.

Link to comment
Share on other sites
tanyakorban Rookie

tanyakorban

Posted
Posted

yes, i just opened a new autocad file, and saved it in "new folder".

few seconds later after opening it again, i see "acad.lsp" in the same folder

Link to comment
Share on other sites
ReMark Grand Master

ReMark

Posted
Posted

Without having to ask a dozen more questions and without direct access to your computer I could not say what is happening. My advice is to try the worm removal tool the link to which I included in post #87.

 

Have you run your own antivirus program as well to see what it does/doesn't find?

Link to comment
Share on other sites
tanyakorban Rookie

tanyakorban

Posted
Posted

i'll check post #87 tomorrow and let you know..

one can never be too protective about viruses, but as for opening websites / downloads / usbs.. i am very careful.

(thankfully all my machines died of overuse not viruses)

i had a full system scan yesterday, no viruses found.

(the usb was inserted without my approval :( )

Link to comment
Share on other sites
tanyakorban Rookie

tanyakorban

Posted
Posted

it's Acad.lsp not acaddoc

we are 7 pcs on a network and now we all have it!

100% no one had it on their pc before monday.

Link to comment
Share on other sites
tanyakorban Rookie

tanyakorban

Posted
Posted (edited)

i found out i have an acadappp.lsp (THREE P's) in my support folder containing the same codes as the acad.lsp file that keeps creating in every folder.

 

here's what fixed it :

 

-open this location:

My computer > c:// > users > (user) > appdata (hidden files should be visible) > roaming > autodesk > autocad 20XX - [language] > R18.2 > enu > support

 

-in this location you can find an "acad.mnl" file, open it, Remove the entry added by the virus (anything that has to do with ONLY "load acadappp.lsp"), SAVE, CLOSE.

-after editing the acad.mnl file, in the same location you find a file called "acadappp.lsp" with 3 Ps, delete this file too.

-enter my computer > C:// , then search for "acad.lsp" files, wait till the search finishes.

-icons should show in your search, under the view section, choose to view with "details"

-check the location of each acad.lsp file found.

-anything that has to do with "support" or "express", autocad root installation folders ... DONT DELETE THEM. (or else you'll get an error every time you'll open autocad.)

-anything that is located under personal project folders you created, autocad files you created, briefly what seems to have nothing to do with SYSTEM FILES, select them and DELETE.

-------------------------------------------------------

this worked well on 3 computers which had that virus.

-------------------------------------------------------

 

WARNING:

i've come to realize the virus i had comes to your pc when you open an autocad file that has an "acad.lsp" file next to it. that means the autocad file is already corrupted by this virus. once you open it, the acad.lsp along with the acadapp.lsp copy directly to your system.

 

then when you open your autocad project, it'll ask you in a pop up whether you want to load acad.lsp in this drawing only or in all drawings.

- if you choose "this drawing only", it'll change some settings in your current drawing. nothing major, it would not change or modify your files and projects. only settings.

- if you choose " all drawings", it'll modify all autocad files you have saved on your pc, then next to each autocad file you'll end up having a "acad.lsp" file along with it. all your autocad files will be corrupted and this becomes a longer tast cleaning your pc over and over.. [bELIEVE ME YOU DO NOT WANT TO CHOOSE THIS OPTION]

 

What i suggest you should do is to CLOSE that dialog box once it starts opening on your pc, close autocad, and do the cleaning process i mentioned above.

 

 

SOURCE: :

Personal experience :geek:

google searching keywords: "acadappp.lsp", "ALS.Bursted.B", "ALS.Bursted.A", which lead to autocad issues related forums, symantec and norton help removing this malware, ...

i mainly combined what was necessary and posted it here.

 

GOOD LUCK! :wacko:

Edited by tanyakorban
typing errors
Link to comment
Share on other sites
ReMark Grand Master

ReMark

Posted
Posted

Good to hear you solved the problem. Thank you for the step-by-step procedure. Now you are the expert everyone will be asking advice of!

Link to comment
Share on other sites
Dadgad Grand Master

Dadgad

Posted
Posted

Tanya, well done indeed, and thanks for sharing the fruits of your research and investigation. :beer:

I rated this thread Excellent, to draw the attention of those who might be thus afflicted, and looking

at a long list of similar threads in a search.

Link to comment
Share on other sites
  • 7 months later...
kosjo Newbie

kosjo

Posted
Posted

Ahankhah...what i can say!!!! You just save me!! Many many thanx from Greece my friend :). I used "KillWorm142.lsp" and all done :thumbsup:. The "acaddoc.lsp" was indeed very annoyed and i was very hopeless. Thank you again with all of my heart! :notworthy:

Link to comment
Share on other sites
Ahankhah Experienced

Ahankhah

Posted
Posted
Ahankhah...what i can say!!!! You just save me!! Many many thanx from Greece my friend :). I used "KillWorm142.lsp" and all done :thumbsup:. The "acaddoc.lsp" was indeed very annoyed and i was very hopeless. Thank you again with all of my heart! :notworthy:

You are welcome :), I am very happy my program was useful :D.

Link to comment
Share on other sites
  • 6 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...