AutoCAD Virus Alert26 Aug, 2009 By: Robert Green
CAD Manager's Toolbox: A self-replicating virus is on the loose that masquerades as the ACAD.VLX or LOGO.GIF file.
We CAD users have, for the most part, been less bothered by virus problems than other users in the past. It seems like Microsoft Office documents and picture files that have been the purveyors of doom in the past. No more, it seems.
AutoCAD users should be aware of a self-replicating virus that masquerades as the ACAD.VLX or LOGO.GIF file. The mode of infiltration is an ACAD.VLX file introduced into a folder full of DWG files and/or a support path that allows the file to load upon AutoCAD's startup. After initial infection, the ACAD.VLX file is copied as LOGO.GIF into AutoCAD's help folder where it lies in wait for further file openings.
The virus appears to modify system startup files using an ingenious Visual LISP copy string that spells out the name of the file in ASCII integer values so as to escape detection by all but the keenest programmers. The payload of the virus seems to be file modification that causes error dialogs denoted by missing language support files upon subsequent opening of infected DWG files.
CAD managers who have AutoCAD-based platforms should perform the following steps to avoid infection:
- Scan for the presence of ACAD.VLX and LOGO.GIF files on user machines.
- Scan for the presence of ACAD.VLX on all network volumes.
- If the above files are found, take steps to delete the files and implement cleanup procedures using this link: http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=13717811&linkID=9240617
- Be sure to find all instances of the modified ACETAUTO.LSP, AI_UTILS.LSP, and ACAD.MNL files (critical to stop the spread of the virus) referenced in the document above.
Please note that ACAD.VLX and LOGO.GIF are not native AutoCAD files, so unless you've created custom routines that use these files their presence most likely denotes infection. The virus to date is not common and appears to be relatively harmless — but why take chances?