ACAD/Medre.A

ACAD/Medre.A Description



ACAD/Medre.A is a worm and virus that specializes in theft of files in the AutoCAD format – a commercial program that’s widely-used by architectures, engineers and similar professionals for blueprinting and computer-assisted designing activities. Although ACAD/Medre.A’s basic line of attack is an unusual niche, ACAD/Medre.A also includes capabilities that would also be harmful to PC users who don’t have anything to do with AutoCAD, such as theft of e-mail-related information for future exploitation. ACAD/Medre.A’s basic functionality includes the ability to infect AutoCAD files and use this as a mechanism to distribute itself via e-mail and similar methods. As a consequence of this danger, SpywareRemove.com malware researchers recommend that you scan AutoCAD files with anti-malware software prior to downloading them. You should also be particularly alert to potential ACAD/Medre.A attacks if you use AutoCAD software either casually or as part of your profession.

ACAD/Medre.A: Wearing Blueprints for a Disguise Even as It Steals Them


Similar to Worm:ALisp/Kenilfe.D, Trojan.Acad.Dwgun.a or Trojan:ALisp/Gofas.A, ACAD/Medre.A is a PC threat that targets AutoCAD blueprints for theft, thus enabling ACAD/Medre.A to be a potent, if niche form of industrial saboteur. Versions of AutoCAD from 2000 up to 2015 have all been confirmed to be affected by ACAD/Medre.A, which may also be identified by aliases that include ALS.Bursted.B, Worm:ALisp/Blemfox.A and Trojan.Acad.Bursted.W. Because ACAD/Medre.A both infects AutoCAD files and creates independent files on your PC, ACAD/Medre.A’s detection and deletion should be handled by dedicated anti-malware products whenever practical.
Download SpyHunter Spyware Scanner
SpywareRemove.com malware researchers especially emphasize that ACAD/Medre.A-infected AutoCAD files, if launched, may also allow ACAD/Medre.A to infect other AutoCAD files, and don’t show obvious symptoms of their attacks.

While ACAD/Medre.A is very effective at infiltration and distribution, ACAD/Medre.A’s main attacks are outlined below:
  • ACAD/Medre.A gathers .dwg files, AKA AutoCAD drawings, to send to a remote e-mail address.
  • ACAD/Medre.A also targets e-mail client information from Outlook and Foxmail for similar purposes.
  • Lastly, ACAD/Medre.A also prepares and e-mails a .rar archive that includes metadata about the stolen .dwg files and its own code (as found in the acad.fas file, which is ACAD/Medre.A’s original file name and format prior to infecting other files).

Preserving Your Plans from an ACAD/Medre.A-Assisted Heist


The usual means of infection by ACAD/Medre.A is via e-mail file attachments. SpywareRemove.com malware researchers warn against opening e-mail-sent AutoCAD files or archives without scanning them first, even if the e-mail has been sent by a known contact, since ACAD/Medre.A-infected PCs can easily be used to distribute ACAD/Medre.A unintentionally. ACAD/Medre.A is built for Windows and is sufficiently dependent on AutoCAD that PC users without this software aren’t likely to be greatly endangered by ACAD/Medre.A’s attacks. However, for AutoCAD users and especially professionals in relevant industries, ACAD/Medre.A should be considered a high-level threat to be deleted by suitable anti-malware software as quickly as possible.

As long as you scan AutoCAD files prior to opening them and avoid unsafe online content, ACAD/Medre.A should have negligible opportunities of infecting your PC. As a covert thief, ACAD/Medre.A isn’t designed to display plain symptoms of its attacks, and SpywareRemove.com malware experts advise against attempts to detect ACAD/Medre.A without suitable software or the aid of a PC security professional.

ACAD/Medre.A Automatic Detection Tool (Recommended)


Is your PC infected with ACAD/Medre.A? To safely & quickly detect ACAD/Medre.A, we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 file.exe 586
    2 file.exe 571
    3 %AutoCADSupportDirectory%\acad.fas N/A
    4 %AutoCADSupportDirectory%\cad.fas N/A
    5 %AutoCADInstallationFolder%\Support\acad20*.lsp N/A
    6 %CurrentWorkingDirectoryofdwg%\acad.fas N/A
    7 %CurrentWorkingDirectoryofdwg%\cad.fas N/A
    8 %WinDir%\System32\Acad.fas N/A
    9 %WinDir%\Acad.fas N/A

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Aerofox\Foxmail] "Executable"[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Catalog] [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Catalog][HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Catalog]
Posted: June 22, 2012 | By
Share:
Follow Me on Pinterest More More
Threat Level: 5/10
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Rate this article:
Detection Count: 234

One Comment

Leave a Reply

What is 10 + 10 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)