Related Posts Plugin for WordPress, Blogger...

« Awesome Video - Autodesk 2009 Siggraph Show Reel | Main | Utah Autodesk User Group Idea »

07 August 2009

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341bfd0c53ef0120a52a9954970c

Listed below are links to weblogs that reference AutoCAD Malicious Code / Virus Alert “acad.vlx” and Solution:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Good idea about knowing which way the dog is pointing! =)

Won't that code just blindly delete all files called acad.vlx and logo.gif that it finds in the current user's current search path? What if they include legitimate files? This solution seems a little dangerous to me.

Shaan,
Thanks for raising this to everyone's attention.
Can you please clarify whether AutoCAD LT is affected by this "Malicious Code"?

Steve,
You are correct it deletes the files but there is not really anyway to identify the files as they would be morphed again. I do not know of any concerns regarding deletion of acad.vlx or the logo file when weighing its impact versus an active infection in a persons AutoCAD environment.

Perhaps we could reference a checksum of the current known files and update it in the solution?

Cheers,
Shaan

JGA,

This acad.vlx issue while remote in risk to AutoCAD users does not affect AutoCAD LT.

Thank you for the question.

Cheers,
Shaan

Deleting any files without consent is always a concern. It's perfectly possible for acad.vlx to be a legitimate (and vital) file in a custom AutoCAD environment, and logo.gif could be a legitimate file in anybody's environment.

A checksum would be OK for this iteration of the problem, but then you're getting sucked into creating and maintaining anti-virus software. It would set up an expectation of Autodesk updating the checksum every time a new idiot with a modified virus comes along. I think I'd prefer Autodesk to put its efforts into helping people detect and clean up the effected drawings.

As Jimmy Bergmark suggested on my blog, maybe it would be better to just rename the files and inform the user. I may have a look at doing something along those lines myself.

The post mentions that some antivirus software does detect and remove the virus. Does anyone know what products do detect and remove this virus?

Steve,

Thank you for the feedback. We wanted to get the solution out for the few impacted by this problem. I will see if we can add some wording about backing up the files should they know they have valid acad.vlx and logo.gif.

We continue to actively work for more of a comprehensive solution.

Shaan

CJB,

There appears to be a few antivirus vendors that detect the issue such as Symantec, TrenMicro, Microsoft, and a few others. I could not even mail a zipped bad acad.vlx as our email system would remove it.

Best Regards,
Shaan

I've done a safer version that renames the files, and will post it on my blog soon after some more testing.

Thank you Steve. We are still researching other methods.
Sophos has a blog post as well with the checksum of the current known version. http://www.sophos.com/blogs/sophoslabs/?p=5969

Best Regards,
Shaan

Another variant "Drawing displays "MUST re-cover!" when opened via Windows® Explorer" http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=13742026&linkID=9240617


yeah I recieved an infected file with the "Must re_cover" msg - the thing is that after deleting the acad.vlx etc files the drawing that first appeared with this msg does not show anything but this text even though the audit shows x number of entities - the layers are all frozen and locked but unlocking/thawing them does not seem to fix it either...

It corrupts the file!!!

anyway I add the code to a batch file and distribute in my office - I work in Sales and we get a lot of drawings from clients hence prone to this attack

We are working on a long term solution to malicious code.

How do I turn the Missing Language Pack dialog box back on if I checked to turn it off. I would like to be able to trouble shoot the problem if I can get the box to appear again.
Thanks,
Paul

I am getting the "Missing Language Pack" box, but have not found a virus using the above methods.
Is there a way to eliminate the missing languages?
Thanks,
Chad

Update: I get the message after creating a new file from template, saving, and reopening.
I do not have acad.vlx or logo.gif. I've reported it to Autodesk and waiting for response.

So I've seen solutions in how to PREVENT this virus and checked for existence of the acad.vlx and logo.gif. Has anyone come up with a solution on how to FIX any drawings which are get the "Missing Language Pack" dialog? - Thanks, Kevin

The only way I have been able to fix drawings with the Missing Language Pack error is to copy the contents to a new drawing with a copy and paste. It's not the most tech savvy method but it has worked for me numerous times.

a new virus just turned my life upside down :
virus.acad.pasdoc.ad

we all know there is two way to work in Autocad
1-Enter a command first, and then select objects
or
2-select the objects first, and then enter a command
OK.this virus cancel option 2
every time i select an object and apply a command it does not work .
Kaspersky found the virus and delete it from the usb flash but after i opened it and it did not cancel the affect of the virus
pleaseeeeeeeeeeeeeeeeeeeee help me.
I am using Autocad 2012 64x
and thanks in advance

Amman in your case it might not be a virus but rather the way you are setup in AutoCAD. Set Pickfirst is set to 1 to get selection the way you want.

Regards,
Shaan

My Computer is affected vlx virus files,but idont see acad20xx.lsp file in my computer,Any another name in these files Plese clarify where is location of this file in my computer,

Mathew

I would suggest reviewing the Kkowledge Base articles on this topic
http://usa.autodesk.com/getdoc/id=TS13717811

Regards,
Shaan

can anyone clarify step 3 please concerning
ROAMABLEROOTPREFIX\Support\acad.mnl
i didn't get it well :S

The comments to this entry are closed.