McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• ACAD/Bursted

• ALS.Bursted.A (NAV)

Characteristics

This threat is detected as ACAD/Bursted. This virus is written in AutoLisp, the language used for scripting in the AutoCAD application.  It is found in the file "acad.lsp" located in the current working directory alongside with the *.dwg files.  This file is automatically executed on loading the drawing file.

The virus is then copied as "acadapp.lsp" to the AutoCad Support directory and will execute on the startup of the ACAD application.

Three AutoCad commands will be disabled - EXPLODE,  XREF and XBIND . The virus will then create define a new command BURST , which will display a message.

Symptoms

BURST command will display a message in chinese.

Method of Infection

Infected "acad.lsp" file.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• ACAD/Bursted

• ALS.Bursted.A (NAV)

Characteristics

Characteristics -

This threat is detected as ACAD/Bursted. This virus is written in AutoLisp, the language used for scripting in the AutoCAD application.  It is found in the file "acad.lsp" located in the current working directory alongside with the *.dwg files.  This file is automatically executed on loading the drawing file.

The virus is then copied as "acadapp.lsp" to the AutoCad Support directory and will execute on the startup of the ACAD application.

Three AutoCad commands will be disabled - EXPLODE,  XREF and XBIND . The virus will then create define a new command BURST , which will display a message.

Symptoms

Symptoms -

BURST command will display a message in chinese.

Method of Infection

Method of Infection -

Infected "acad.lsp" file.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A