Tag Archives: Warning

AutoCAD virus protection update

3 Replies

As I mentioned in my last post, I had some reservations about the code provided by Autodesk to deal with suspect acad.vlx and logo.gif files. Based on a suggestion from Jimmy Bergmark, I have written my own, safer version which you can download here: clean_virus_safe.lsp.

The comments at the top of the clean_virus_safe.lsp file explain what to do with it, but I will reproduce some of the relevant points here.

  • Purpose: Checks for existence of acad.vlx and logo.gif files, which are associated with virus AL/Logo-A, also known as ACAD/Unexplode, ACAD/Agent.A or ACM_UNEXPLODE.B. Written as a safer alternative to Autodesk’s code which deletes suspect files without prior warning. This code renames the files instead.
  • Legal: Provided as-is with no warranty whatsoever, use at own risk. May be distributed freely.
  • Usage: Append the contents of this file into a startup LISP file (e.g. acaddoc.lsp in your search path – create such a file if it does not exist). Autodesk’s suggestion to modify the acad20xx.lsp file should not be followed: this is bad practice. The acad20xx.lsp file is Autodesk’s file and any modifications you make to it are likely to be lost when updates and patches are applied.
  • Effects: Any and all files named acad.vlx and logo.gif and located in AutoCAD’s search path will be renamed, e.g. “acad.vlx” will become “[Suspected Virus] acad.vlx0”. The name will end in a number starting with 0. If other suspect files are later found in the same location, those files will be renamed to end with 1, 2, 3 and so on.

I don’t have a copy of the actual virus, and would like to get hold of one with a view to possibly improving this code. If you have a copy, I would be grateful if you could contact me so I can dissect it.

Another AutoCAD malware warning

2 Replies

Shaan Hurley has posted some useful information about another AutoCAD-based virus that is doing the rounds, and I strongly suggest you read it. However, I have some reservations about the solution that is posted there and in the Autodesk knowledgebase.

The LISP code suggested will delete any files called acad.vlx or logo.gif that are located in the current user’s current AutoCAD search path. There are a couple of problems with that.

  • The search path will change depending on the user, the profile, the startup folder and the drawing folder. That means you can’t just use the code once and expect the problem to go away; the code will need to remain in place permanently to ensure it does not recur. That may not be a huge problem, although it will have a performance penalty (particularly where the search path is long and/or includes network paths) and it is one more thing to remember to carry over to future releases.
  • More importantly, the code has no idea if the files it is deleting are legitimate or not. It is quite possible for a custom environment or third-party utility to make use of a file called acad.vlx, and there are all sorts of reasons you may have a logo.gif file floating around. The Autodesk code will just erase such files without prior warning, which is a bit naughty.

I commend Shaan and Autodesk for posting this information and proposed solution. However, I recommend caution before using this code as suggested. Check with your CAD Manager (if you have one) first to ensure there are no legitimate acad.vlx files in your environment. Do a search for these files yourself and see if there is a legitimate reason for them being where they are.

As with most malware attacks, taking care with incoming files is a very important part of the solution. Don’t just blindly use the contents of a zip file full of drawings, even from a trusted source. If somebody sends you a zip file containing an acad.vlx file, let the sender know about the problem and ask for an uninfected set of files.

AutoCAD malware warning

Leave a reply

There is a piece of malware out there written as an ObjectARX application, i.e. it will only affect AutoCAD users. It’s a China-based adware client, which Andrew Brandt at the Webroot threat blog has named Trojan-Pigrig. For full details, see here. Also, see here for AutoCAD-specific advice from the AutoCAD support team at the Without a Net blog.

Older AutoCAD loses (part of) the plot

26 Replies

I know there are plenty of people still using AutoCAD 2007 and earlier, so this bug warning may save some of you some grief. I have no idea how widespread or isolated this problem is, but under some circumstances I haven’t worked out yet, AutoCAD 2007 fails to plot all of certain dynamic blocks. Some attributes have a habit of being plot-shy. Even if you don’t use dynamic blocks yourself, you could receive a set of drawings, check them on-screen, approve them, plot them and send out paper drawings without all of their parts. Unless you’re carefully manually checking the paper plots, this situation is obviously a little dangerous. Fortunately, Plot Preview also shows up the problem, so it is at least possible to check things without wasting trees.

Here’s an example. This is part of such a drawing displayed in AutoCAD 2007, with all of its parts in place. One of the dynamic blocks is highlighted:

Drawing in AutoCAD 2007 with all its parts in place

Here’s that drawing plotted using AutoCAD 2007, showing the missing parts:

Drawing plotted in AutoCAD 2007 with parts missing

Earlier releases do the same, including pre-dynamic block releases. As DWF files are just electronic plots, the same problem applies to them. Yes, I’ve checked for non-plotting layers and looked into the visibility states within the dynamic blocks. An audit of the drawing indicates no problems. Attribute visibility settings are not an issue.

Here’s the same drawing plotted using AutoCAD 2009 (2008 and 2010 are fine, too):

Drawing plotted in AutoCAD 2009 with parts intact

What to do? Using a later release would solve it, but might not be a practicable solution in your office right now. Instead, you could consider using DWG TrueView for your plotting. That may not be ideal either, but it could be better than risking the consequences of an unknown number of your plots containing an unknown number of missing parts in unknown places.

Have you come across this problem? If you have any more clues about the circumstances that trigger it, please add a comment.