What is the nature of the malware?
ACAD/Medre.A is an AutoLISP program disguised as an acad.fas file. When a user opens a DWG from a folder containing this file, the malware sends a copy of the DWG via an email (using SMTP protocol). For additional information on an AutoLISP based malware, visit: AutoCAD and Viruses.
ACAD/Medre.A is also known as: ALisp/Blemfox.A (Microsoft), Trojan.Acad.Bursted.W (BitDefender), ALS.Bursted.B (Symantec).
Which Autodesk products may be affected?
The malware targets AutoCAD releases 2000 and newer, and other products based on AutoCAD. AutoCAD LT, AutoCAD for Mac and other Autodesk products are not affected.
How can I know if my system is infected?
The malware is easily detectable by major antivirus solutions with up-to-date virus definitions. We recommend users perform a full virus scan to see if their system is infected by this malware.
There are alternative methods of detecting possible infections by this malware:
- acad.fas or cad.fas files on your system may indicate the presence of this malware. You can search for these files in Windows Explorer. Since these files could be hidden, you may need to show hidden files using the following Microsoft solution: Show Hidden Files.
- Search for the acad.fas from the AutoCAD command line by typing (findfile "acad.fas"), including parenthesis.
If the search finds a match, compare an MD5 or SHA-1 cryptographic hash of the discovered acad.file with - md5: 7b563740f41e495a68b70cbb22980b20; SHA1: 43ea33bedadc9bfc92c570b316b78b6fd9787f09. If MD5 or SHA-1 hash values match, your system is infected. For more information on how to compute an MD5 or SHA-1, see: How to compute the MD5 or SHA-1 cryptographic hash values for a file.
How can I remediate the infection?
This malware can be remediated through leading commercial antivirus solutions. Autodesk has confirmed that Microsoft, Trend Micro, McAfee, Symantec, Avira, and Kaspersky antivirus solutions can clean this malware. We have also verified that ESET’s ACAD/Medre.A stand-alone cleaner can clean this malware. We will update this FAQ as we test additional antivirus solutions.
What best practices can I follow to reduce my chances of being infected?
We recommend users protect their systems through use of an antivirus solution with up-to-date virus definitions. In addition, the following best practices can reduce the chance of an infection:
- Do not open archive files (i.e. zip) from unknown users.
- Do not run an unknown AutoLISP file without inspecting it first.
- The following Autodesk knowledge base article also provides additional best practices:
AutoCAD and Viruses