- #Any virus issues using cad how to
- #Any virus issues using cad update
- #Any virus issues using cad full
- #Any virus issues using cad code
Adding new Folders: To add a new folder, just use the Windows Explorer navigate to your K: drive, RMB menu “New” and select “New Folder” just as you would do in C: Drive. For More information visit our capabilities page. Using Microsoft's FileMon, here is the load order of support files when AutoCAD starts up with the top being the first thing that runs/loads:Īppload.During this process, if the file is “versioned up during check out,” when the new user goes to edit the file, they will have access to the most current version. Here is some information about AutoCAD's file load order that could be helpful in dealing with viruses of this nature: This also means we do not use acad.lsp for ourselves and have ACADLSPASDOC set to 0.
#Any virus issues using cad code
The acad200x.lsp file will run before acad.lsp, acad.fas, and acad.vlx so we put code there to delete these files from any path AutoCAD can see upon startup so that they never have a chance to run. We have successfully gotten rid of the virus and protected ourselves against it and others like it by using the acad200x.lsp file. Although not documented anywhere I can find, AutoCAD will treat acad.fas and acad.vlx the same as acad.lsp. Like the ALS.BURSTED virus, it is taking advantage of AutoCAD's automatic loading and running of the acad.lsp file. it also undefines some commands like explode and perhaps block, insert, and ddedit (which are commands referred to in acad.sys though there is no code in acad.sys) it creates a registry entry called dwgrun that calls the dwgrun.bat file in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This file has instructions to copy winfas.ini and winsys.ini to one of your search path locations and renames them to acad.fas and acad.sys respectively with the hidden attribute set. it will create a file called dwgrun.bat in your Windows system folder (C:\Windows\System32 or C:\Windows\SysWOW64). it copies itself and the acad.sys file to your Windows folder (C:\Windows) and renames itself to winfas.ini and renames acad.sys to winsys.ini. it also creates an acad.sys file in your search path locations
it will copy itself to folders in your AutoCAD search paths (which could be local or network drives)
#Any virus issues using cad how to
I don't know what is in that file exactly (unless someone knows how to decompile it), but some of the results of it running are:
AutoCAD then saw that there was an acad.fas file with the drawing as AutoCAD started so it ran it.
Someone in our office probably double clicked on a dwg file in that folder to open it(which if they opened AutoCAD first to Drawing1 then the virus would not have been executed, see ACADLSPASDOC). Inside that folder was a file called acad.fas with its hidden attribute set (which the virus sets) so no one noticed it.
#Any virus issues using cad full
We probably got the virus sent to us from a consultant (perhaps from China) who was sending us a folder full of dwg files for a project we are working on.
#Any virus issues using cad update
Here is an update on what we have found out so far: Maybe Autodesk shouldn't have summarily ignored the many, many, suggestions/requests over the years to port their flagship product to Linux. This may or may not be relevant to hackers, who have been pretty good at circumventing whatever security Windows tries to provide. Under Windows 2000, AutoCAD also must be invoked by a "Super-User" (one level below Administrator) in order to run at all, though I'm not sure how this works under XP or Vista. The 2000-series releases also support VBA, providing an even easier path for MS-Word macro-style malware, although I think AutoCAD does put up a warning dialog when opening a file with VBA macros.
I would guess, if those tools don't restrict it somehow, that such code could even include inline assembly code, as allowed by standard C++. I haven't experienced this myself (yet), but in the past I have commented here on AUGI about the troubling potential for this sort of thing made available to hackers through AutoCAD's ARX mechanism, which is a means for AutoCAD to run anybody's C++ code, as long as they can get their hands on the right development tools.
0 kommentar(er)
