Shanavas Posted July 8, 2012 Posted July 8, 2012 All, Could you anyone help me to sort my problems, whenever I am open to any drawings, which getting autocad message with unknown script showing, In the drawing folder there was one LSP file creating automatically, the name was the lsp file was "acaddoc" screen shot attached for your reference, anyone have any experienced this before, I am working in a network shared drive, this is happened before yesterday, It would be great if someone would give the solution to sort-out this issue, Many thanks Shan Quote
MSasu Posted July 8, 2012 Posted July 8, 2012 I'm afraid that seems that you got an AutoCAD virus; but please don't worry, it can be fixed quite easily. Just check on the Forum on this mater and follow the instructions. Since you are talking of a shared folder will have to apply the treatment an each and every workstation that accessed drawings from that location. You may however ignore the stations with AutoCAD LT, if any, since this version isn't able to run/propagate the virus. Quote
MSasu Posted July 8, 2012 Posted July 8, 2012 Sorry for delay; please check this previous discusion. Quote
Shanavas Posted July 8, 2012 Author Posted July 8, 2012 I'm afraid that seems that you got an AutoCAD virus; but please don't worry, it can be fixed quite easily. Just check on the Forum on this mater and follow the instructions. Since you are talking of a shared folder will have to apply the treatment an each and every workstation that accessed drawings from that location. You may however ignore the stations with AutoCAD LT, if any, since this version isn't able to run/propagate the virus. Thanks Msasu for your quick reply, I have go through the link given by you in your second post, I had download the zip file from one of member are advised to do in that thread, KW, I am followed what they are instated, but still my problem is persist, could you give any alternative solution on this regard, Many thanks, Shaan Quote
Lee Mac Posted July 8, 2012 Posted July 8, 2012 Here is some background information on the nature and behaviour of the ACADDOC.lsp file, so that you and anyone else who happens to read this thread can be aware when confronted with such files in the future. The Dangers of the ACADDOC.lsp When opening a drawing, AutoCAD will search the Working Directory (that is, the directory in which the active drawing resides), and all Support Paths (those listed in the Files tab of the Options dialog) for a file with the filename ACADDOC.lsp. When such a file is found, AutoCAD will cease searching and will proceed to load the ACADDOC.lsp file into the active drawing namespace. The act of loading a LISP file simply means that the contents of the file are read and any LISP expressions found therein are evaluated by the LISP interpreter. In this way, most users will utilise the ACADDOC.lsp to automatically load custom programs when a drawing is opened, so that such programs are available during the drawing session. This is a more reliable and migratable method than using the Startup Suite for the same purpose. However, with the knowledge that AutoCAD will search the Working Directory before any other path, it becomes very simple to include malicious code within an ACADDOC.lsp file sent with a drawing, so that, when the drawing is opened by an unsuspecting user, the ACADDOC.lsp file will be automatically loaded and the malicious code will be evaluated. Such code could perform any number of operations: AutoLISP can very easily modify the registry, deleting or writing new registry keys; delete files from the system (bypassing the recycle bin), or writing new files to the system. Most commonly included within this malicious code is the simple operation for the ACADDOC.lsp to copy itself to various (often hidden) locations on the user's system, complete with all malicious code, so that the file can continue to wreak havoc even after the user has deleted the original file. Similar Autoloading Files The ACADDOC.lsp is not the only file that is automatically sought and loaded into the drawing. When the AutoCAD application is opened, a number of files are automatically loaded and others are reloaded again when every drawing is opened thereafter. Most of these files are part of the application itself and hence should not be modified, others however are reserved for user customisation and can be modified and created if they don't already exist. Below is the loading order of the various files that are automatically loaded into AutoCAD, with a brief description about each item: acad.rx This file loads various ObjectARX applications when AutoCAD is started acad 20## .lsp This file loads the acad20##doc.lsp file in versions which do not load such file automatically. This file should not be modified. acad.lsp The loading of this file is dependent on the setting of the ACADLSPASDOC System Variable: ACADLSPASDOC = 0(default) Loads acad.lsp into just the first drawing opened in an AutoCAD session, and will not load for each subsequently opened drawing. ACADLSPASDOC = 1 Loads acad.lsp into every drawing opened. This file is reserved for user customisation and is intended to be used for application-specific startup routines, as all functions and variables defined in an acad.lsp file are only available in the first drawing. If functions are required in all drawings, rather than altering the value of ACADLSPASDOC, functions & programs should be moved from the acad.lsp file into the acaddoc.lsp file. acad20##doc.lsp This file is automatically loaded every time a drawing is opened and loads the autoload function definiton and other utility functions required by AutoCAD. This file should not be modified. acaddoc.lsp As described above, if found, this file is automatically loaded into every drawing opened in the AutoCAD session. This file is useful for loading a library of AutoLISP functions to be available every time a drawing is opened. The acaddoc.lsp file is always loaded with each drawing regardless of the settings of the ACADLSPASDOC System Variable. Since AutoCAD will search the working directory before the Support Paths and will load the first acaddoc.lsp file found, users can have a different acaddoc.lsp file in each drawing directory, which would load specific AutoLISP routines for certain types of drawings or jobs. acad.dvb This file will automatically load VBA projects for versions in which VBA is enabled. Main CUI/CUIX and related files A CUIx file contains multiple XML based files and image files, each of which contains the data for a user interface element that can be customised. CUIx files replace the CUI, MNU, MNS, and MNC files that were used to define menus in previouse releases. The Main CUIx file defines the majority of interface elements in AutoCAD. Enterprise CUI/CUIX and related files The Enterprise CUIx file is typically controlled by a CAD manager and accessed by many users, usually from a shared network location. This file is read-only to users to prevent the data in the file from being changed. A CAD manager would create an enterprise CUIx file by modifying a Main CUIx file and then saving the file to a shared network location. See here for information on how to create this file. acetmain.mnl This file loads the Express Tools menugroups. Express Tools LISP & MNL files The various LISP and Menu files required by the Express Tools programs are loaded here. Startup Suite programs Programs files residing in the Startup Suite are now loaded, in the order they appear in the AppLoad dialog. The Startup Suite is known to be temperamental in some versions of AutoCAD, so I would recommend using the acaddoc.lsp for loading functions and programs required during the drawing session. (S::STARTUP) This post-initialisation function can be utilised to perform operations after the drawing has initialised in the drawing editor. Since the acad.lsp and acaddoc.lsp files are loaded early in the drawing initialisation procedure, commands issued at run-time from these files may be unsuccessful as the command-line may not be initialised in the drawing. acad.exe command line switch /b The command-line switch /b can be used to run a Script when the AutoCAD application is launched. Any Script operations called in this way will be executed after drawing initialisation has completed. Command-line switches can be set from within the properties of the AutoCAD application shortcut icon, within the Target edit box. For a more detailed description of command-line switches, see here. Removing AutoCAD 'Viruses' AutoCAD 'viruses' mostly occur in the form of a hijacking of the ACADDOC.lsp file, causing this file to change users' settings, potentially corrupting the users' system and causing irrevocable damage, and most commonly multiplying this file to spread across the users' file system. However, should the CAD environment be successfully reset, this file can only continue to cause harm if it can be found by AutoCAD and loaded into a drawing, resulting in the malicious code being evaluated and file replication to occur once again. Hence, the solution to removing the 'virus' is to simply remove all instances of the malicious ACADDOC.lsp file from the system so that it can no longer replicate itself or alter the system in any way. To check whether all instances of this file have been removed, simply type at the AutoCAD command line: (findfile "ACADDOC.lsp") If the above returns a valid filepath, navigate to the filepath and remove the file, then re-type the above expression to test for the existence of any other ACADDOC.lsp files. This process could also be automated using a LISP program: (defun c:delacaddoc ( / file ) (while (setq file (findfile "ACADDOC.lsp")) (if (vl-file-delete file) (princ (strcat "\nDeleted file: " file)) (princ (strcat "\nUnable to delete file: " file)) ) ) (princ) ) The above program will delete all ACADDOC.lsp files found in either the current Working Directory or all AutoCAD Support Paths. However, be aware that due to the autoloading nature of the acad.lsp, acad20##.lsp & acad20##doc.lsp, these files also have the potential to contain malicious code and should be monitored. Other AutoCAD 'Viruses' AutoCAD 'viruses' can use files other than those noted above to infect users' systems. A well-known AutoCAD 'virus' is permeated via a file named: acad.vlx The naming of such file intentionally misleads users into thinking that this file is part of the program files for the application and hence should not be deleted, however, this file can cause considerable damage to a users' system if not removed. For more information about the acad.vlx virus, and how to remove it, see here. Quote
pBe Posted July 8, 2012 Posted July 8, 2012 Got to give it to Lee Mac One of the finest provider of information Cheers Quote
dong95 Posted July 8, 2012 Posted July 8, 2012 It is great pleasure to have a great mentor like Lee, pBe. I've learned a lot again. Thanks to Lee. Quote
Shanavas Posted July 8, 2012 Author Posted July 8, 2012 Thank you very much Lee mac, It has worked very well, I do not have any words to describe, how you helped me, I was searching this since yesterday and posted another forum, but they can't give the proper answer to my problems, you hit my nail, Thank you very much lee mac, I am new in this forum, I hope you may extent in your kindness in future as well, Thanks again Lee mac Regards, Shaan Quote
Lee Mac Posted July 8, 2012 Posted July 8, 2012 Got to give it to Lee Mac One of the finest provider of information Cheers It is great pleasure to have a great mentor like Lee, pBe.I've learned a lot again. Thanks to Lee. Thanks guys, your kind gratitude means a lot and makes the time that I put in all the more worthwhile Thank you very much Lee mac, It has worked very well, I do not have any words to describe, how you helped me, I was searching this since yesterday and posted another forum, but they can't give the proper answer to my problems, you hit my nail, Thank you very much lee mac, I am new in this forum, I hope you may extent in your kindness in future as well, Thanks again Lee mac Regards, Shaan You're very welcome Shaan - this particular topic surrounding the ACADDOC.lsp hadn't been discussed conclusively in any thread as far as I have witnessed, and so I figured that it was a good opportunity to put together some information on the topic for you and those who happen to visit this thread experiencing the same issues in future. I'm delighted to have solved your problem. All the best, Lee Quote
Dadgad Posted July 9, 2012 Posted July 9, 2012 Typically comprehensive and stellar post, would we, as students of history, expect anything less from Lee? When I read it last night I found it most informative and immediately added a couple of tags to the thread to help folks who might need it down the road find it. I could only add two tags, but wanted to add VIRUS too, but had reached my add tag limit with the first two. I think that this would be a good candidate for the TIPS & TRICKS forum, as it has such an important message to the autocad community as a whole, those who are having, and those who might one day experience this problem. Thanks Lee! Quote
Lee Mac Posted July 9, 2012 Posted July 9, 2012 Many thanks Dadgad - I have also just added two extra tags to the thread: 'autocad', 'virus' to help others find it. I am also considering adding the contents of my above post to the Tutorials section of my site, so that the information can be found and accessed easily. Cheers, Lee Quote
BlackBox Posted September 11, 2012 Posted September 11, 2012 At Lee's suggestion here, I read through this thread, and thought I'd share that my office recently experienced an Acad.fas / AcadDoc.fas / BakDwg.fas virus. My initial thought as well (once the servers, and computers were cleaned up), was to write a LISP function to 'kill' this virus, but how to ensure that my function is loaded first (before those within the project directories), and my limited testing showed that simply registering a .NET assembly does the trick. Sample command line output at startup: Loading AEC Base... Loading AEC Base Extended... Loading AEC Base UI... Loading AEC Project Base... Loading AEC Base GUI... Loading AEC Schedule Data... Loading AEC Project UI... Loading AEC Utilities... Customization file loaded successfully. Customization Group: DONTYOUWANTTOKNOW Customization file loaded successfully. Customization Group: CIVIL Customization file loaded successfully. Customization Group: ACAD Customization file loaded successfully. Customization Group: TOOLBASEDRIBBON Customization file loaded successfully. Customization Group: TASKBASEDRIBBON Customization file loaded successfully. Customization Group: AUTODESKSEEK Customization file loaded successfully. Customization Group: AUTOCADRASTERDESIGN Customization file loaded successfully. Customization Group: EXPRESS Customization file loaded successfully. Customization Group: AUTOTURN Loading AECC Base... Initializing.... There are no valid MS Jet providers installed......Done. Loading AECC Land... Loading AECC Subentity Selection... Loading Modeler DLLs. Loading AECC Pipe Part... Loading AECC QTO...... Loading AECC Pipe Network... Loading AECC Roadway... Loading AECC Survey... Loading AEC Schedule... Loading AECC Plan Production... Loading AEC Architectural Base... Loading AEC Structural Base... Loading AEC Area Base... Loading AEC Dimensions Base... Loading AecCivilBase... Loading AECC Building Site... Loading AECC Point Cloud... Regenerating model. Loading AECC Hydrology... Loading AECC Base UI... Loading AECC Event Viewer... Loading AECC Land UI... Loading AECC QTO UI... Loading AECC Pipe Network UI... Loading AECC Roadway UI... Loading AECC Survey UI... Loading AECC Plan Production UI... Loading AECC Publish UI... Loading AECC AeccUiHydrology... Loading AECC Mapcheck... Loading AECC Mapcheck UI... Loading AECC Building Site UI... Loading AECC Point Cloud UI... Loading AECC Management UI... Loading AECC Model UI... [color=red]** Bow ties are cool **[/color] ... Acad.lsp loaded. AutoCAD menu utilities loaded. Regenerating model. ... AcadDoc.lsp loaded. AutoCAD menu utilities loaded. ... CUIx *.mnl files loaded Command: _RIBBON Command: COMMANDLINE Pseudo code used to test this theory: using Autodesk.AutoCAD.Runtime; using System; [assembly: ExtensionApplication(typeof(TheDoctorSays.BowTiesAreCool))] namespace TheDoctorSays { public class BowTiesAreCool : IExtensionApplication { void IExtensionApplication.Initialize() { Autodesk.AutoCAD.ApplicationServices.Application. DocumentManager.MdiActiveDocument.Editor.WriteMessage( "\n** Bow ties are cool ** " ); } void IExtensionApplication.Terminate() { } } } Sample .REG file to register an autoloading .NET assembly: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Autodesk\AutoCAD\[color=red]<YourVersion>[/color]\Applications\[color=red]<YourKey>[/color]] "DESCRIPTION"=[color=red]"Your description"[/color] "LOADCTRLS"=dword:00000002 "LOADER"="[color=red]<DriveLetter>[/color]\\[color=red]<YourFilePath>[/color]\\[color=red]<YourAssemblyName[/color]>.dll" "MANAGED"=dword:00000001 ... More on LOADCTRLS. HTH Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.