There is a virus being reported by a couple AutoCADbased product customers. The original virus first popped up in 2005 and was very limited but has been changed slightly. Some antivirus software does detect this virus and remove it. Many great people worked behind the scenes over the past week to research and publish a solution.
The virus spreads simply by someone placing the malicious acad.vlx in a directory with the DWG files or a support path location being opened and then spreads from there into open DWG files and by replicating itself.
The below LISP code detects and deletes any acad.vlxfile before AutoCAD attempts to load it, preventing the spread of the virus. The possible random strings written to the DWGfile by the acad.vlx appears to be harmless. The malicious file acad.vlx is not an Autodesk file.
Update: Check with your CAD Manager or fellow employees to make sure you have not named your own customization as "logo.gif "or "acad.vlx" as the below LISP will not check the version but remove any file named logo.gif or acad.vlx. There is a file checksum published here AutoCAD malware: ACAD.VLX:
Users of AutoCAD-based products have reported a malicious acad.vlx file that causes drawing corruption.
This is not an actual AutoCAD file provided by Autodesk. When the malicious acad.vlx file is loaded in AutoCAD, it corrupts the drawing, which may result in a Missing Language Pack dialog box displaying when you save and reopen the drawing.
The acad.vlx file creates a copy of itself in the Help folder (for example, C:\Program Files\AutoCAD 2010\Help\logo.gif). Several other files are also modified and the ACADLSPASDOC system variable is set to 1, allowing the acad.vlx file to be loaded into other opened drawings, thereby corrupting them.
The cleanup process outlined below detects and deletes any acad.vlxfile before AutoCAD attempts to load it, preventing the spread of the virus.
To prevent additional file corruptions
- You must be a system administrator on your Microsoft® Windows® operating system to complete this process.
- In your product installation folder, locate the Support folder (for example, C:\Program Files\AutoCAD 2010\Support).
- In the Support folder, double-click the acad20xx.lsp file (for example, the acad2010.lspfile). Add the code below to the file. AutoCAD will detect and delete the acad.vlx and logo.gif files.
(defun cleanvirus( / lspfiles lspfile x) (setq lspfiles '("acad.vlx" "logo.gif")) (foreachlspfile lspfiles (while(setq x (findfile lspfile)) (progn (vl-file-delete x) (princ "\nDeleted file ") (princ x) );progn );while );foreach) (cleanvirus)
- Open each of the following files:
- C:\Program Files\AutoCAD 20xx\Express\acetauto.lsp
- C:\Program Files\AutoCAD 20xx\Support\ai_utils.lsp
Note: Replace ROAMABLEROOTPREFIXwith the value returned by the ROAMABLEROOTPREFIX system variable.
- If present, delete the following line of code:
(vl-file-copy(findfile(vl-list->string'(108 111 103 111 46 103 105 102)))(vl-list->string'(97 99 97 100 46 118 108 120)))
- Save each file.
End of Solution Document.
<hurley_warped_humor_alert> Many times some precautions can prevent most risks of malware or virus by maintaining vigilance on what files are allowed into your environment as well as running up to date antivirus software. This is common sense and like knowing what direction the dog is pointing before you pet it in a dark room or not golfing downwind of Tiger Woods or the golf announcer. hurley_warped_humor_alert>
For more tips on preventing virus in AutoCAD see AutoCAD and Viruses