|Detected||Jul 17 2008 11:55 GMT|
|Released||Jul 17 2008 17:11 GMT|
|Published||Sep 12 2011 07:33 GMT|
A trojan program that infects the AutoCAD file on the user's computer. Written in AutoLISP language, an internal AutoCAD language. 3262 bytes.
The malicious script is written in standard AutoCAD scripts that are launched each time the application is started.
It looks for the directory where the file named "acad.exe" is located. If the directory is found, it looks for the sub-directory named "support" and infects all of the files with the "lsp" extension by adding its body. It adds a file named "acaddoc.lsp" to the list of files to be infected:
<directory containing the file "acad.exe">\support\*.lsp <directory containing the file "acad.exe">\support\acaddoc.lspThe virus determines the path to the directory from which it opens the current scheme (if the scheme was opened and not created) and adds its body in the file named "acaddoc.lsp":
<current scheme directory>\acaddoc.lspThe virus also looks for the directory where the file named "acad.mnl" is located and infects all of the files with the "mnl" extension, again adding its body:
<directory containing the file "acad.mnl">\*.mnlThe virus runs the commands to open the "acad.lsp" file when creating or opening each scheme and to enable the single-window AutoCAD mode. It also prevents the following commands from running:
line _line xref _xref explode _explode(line – constructs line segments; xref - manages internal links; explode - breaks up composite objects).
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
md5: 470170EA8BD67280E0BF12780088A5A1 sha1: BECFB104920B45DBB73819F14CF3A0885AABFA6E
Viruses replicate on the resources of the local machine.
Unlike worms, viruses do not use network services to propagate or penetrate other computers. A copy of a virus will reach remote computers only if the infected object is, for some reason unrelated to the virus function, activated on another computer. For example: