ACAD/Medre.A
Posted: June 22, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 5/10 |
---|---|
Infected PCs: | 75 |
First Seen: | June 22, 2012 |
---|---|
OS(es) Affected: | Windows |
ACAD/Medre.A is a worm and virus that specializes in theft of files in the AutoCAD format – a commercial program that's widely-used by architectures, engineers and similar professionals for blueprinting and computer-assisted designing activities. Although ACAD/Medre.A's basic line of attack is an unusual niche, ACAD/Medre.A also includes capabilities that would also be harmful to PC users who don't have anything to do with AutoCAD, such as theft of e-mail-related information for future exploitation. ACAD/Medre.A's basic functionality includes the ability to infect AutoCAD files and use this as a mechanism to distribute itself via e-mail and similar methods. As a consequence of this danger, SpywareRemove.com malware researchers recommend that you scan AutoCAD files with anti-malware software prior to downloading them. You should also be particularly alert to potential ACAD/Medre.A attacks if you use AutoCAD software either casually or as part of your profession.
ACAD/Medre.A: Wearing Blueprints for a Disguise Even as It Steals Them
Similar to Worm:ALisp/Kenilfe.D, Trojan.Acad.Dwgun.a or Trojan:ALisp/Gofas.A, ACAD/Medre.A is a PC threat that targets AutoCAD blueprints for theft, thus enabling ACAD/Medre.A to be a potent, if niche form of industrial saboteur. Versions of AutoCAD from 2000 up to 2015 have all been confirmed to be affected by ACAD/Medre.A, which may also be identified by aliases that include ALS.Bursted.B, Worm:ALisp/Blemfox.A and Trojan.Acad.Bursted.W. Because ACAD/Medre.A both infects AutoCAD files and creates independent files on your PC, ACAD/Medre.A's detection and deletion should be handled by dedicated anti-malware products whenever practical. SpywareRemove.com malware researchers especially emphasize that ACAD/Medre.A-infected AutoCAD files, if launched, may also allow ACAD/Medre.A to infect other AutoCAD files, and don't show obvious symptoms of their attacks.
While ACAD/Medre.A is very effective at infiltration and distribution, ACAD/Medre.A's main attacks are outlined below:
- ACAD/Medre.A gathers .dwg files, AKA AutoCAD drawings, to send to a remote e-mail address.
- ACAD/Medre.A also targets e-mail client information from Outlook and Foxmail for similar purposes.
- Lastly, ACAD/Medre.A also prepares and e-mails a .rar archive that includes metadata about the stolen .dwg files and its own code (as found in the acad.fas file, which is ACAD/Medre.A's original file name and format prior to infecting other files).
Preserving Your Plans from an ACAD/Medre.A-Assisted Heist
The usual means of infection by ACAD/Medre.A is via e-mail file attachments. SpywareRemove.com malware researchers warn against opening e-mail-sent AutoCAD files or archives without scanning them first, even if the e-mail has been sent by a known contact, since ACAD/Medre.A-infected PCs can easily be used to distribute ACAD/Medre.A unintentionally. ACAD/Medre.A is built for Windows and is sufficiently dependent on AutoCAD that PC users without this software aren't likely to be greatly endangered by ACAD/Medre.A's attacks. However, for AutoCAD users and especially professionals in relevant industries, ACAD/Medre.A should be considered a high-level threat to be deleted by suitable anti-malware software as quickly as possible.
As long as you scan AutoCAD files prior to opening them and avoid unsafe online content, ACAD/Medre.A should have negligible opportunities of infecting your PC. As a covert thief, ACAD/Medre.A isn't designed to display plain symptoms of its attacks, and SpywareRemove.com malware experts advise against attempts to detect ACAD/Medre.A without suitable software or the aid of a PC security professional.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 12.33 KB (12334 bytes)
MD5: 7b563740f41e495a68b70cbb22980b20
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 28, 2012
%AutoCADSupportDirectory%\acad.fas
File name: %AutoCADSupportDirectory%\acad.fasMime Type: unknown/fas
Group: Malware file
%AutoCADSupportDirectory%\cad.fas
File name: %AutoCADSupportDirectory%\cad.fasMime Type: unknown/fas
Group: Malware file
%AutoCADInstallationFolder%\Support\acad20*.lsp
File name: %AutoCADInstallationFolder%\Support\acad20*.lspMime Type: unknown/lsp
Group: Malware file
%CurrentWorkingDirectoryofdwg%\acad.fas
File name: %CurrentWorkingDirectoryofdwg%\acad.fasMime Type: unknown/fas
Group: Malware file
%CurrentWorkingDirectoryofdwg%\cad.fas
File name: %CurrentWorkingDirectoryofdwg%\cad.fasMime Type: unknown/fas
Group: Malware file
%WinDir%\System32\Acad.fas
File name: %WinDir%\System32\Acad.fasMime Type: unknown/fas
Group: Malware file
%WinDir%\Acad.fas
File name: %WinDir%\Acad.fasMime Type: unknown/fas
Group: Malware file
More files
Registry Modifications
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Catalog] [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Catalog][HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Catalog] [HKEY_CURRENT_USER\Software\Aerofox\Foxmail] "Executable"
good iedae,l like