Wednesday, March 9, 2011

Enhanced Attribute Editor (EATTEDIT) causes AutoCAD to crash

Issue
When you edit text for attribute tags, using the Enhanced Attribute Editor, AutoCAD® crashes with a CER option.
Solution

This conflict has been confirmed to be caused by a trojan whose name mutates but has the file extension DIL (capitalized for emphasis. It will appear in the directory as lower case d, capital I and lower case l).

To resolve this error, search for *.DIL and rename or delete any occurrences found, along with a DAT file of the same name.

More than 12 variants have been reported, including the following:

    * c:\windows\system32\stclieqt.dIl
    * c:\windows\system32\mscored.dIl
    * c:\windows\system32\fllbxg.dIl
    * c:\windows\system32\iibswt.dIl

Note: Some systems may have multiple versions with different names.

No valid file should have an extension .dIl (d-capital I-lower case l), so, if found, they can be safely renamed or deleted without affecting valid programs.

This trojan has been logged with Symantec and identified as the Backdoor.Coreflood Trojan. Symantec will be updating definitions files soon to catch it. It is designed to conduct Denial of Service (DoS) attacks. The trojan connects to an IRC server and gives control of the infected computer to an attacker.

The trojan is also designed to regenerate itself from random CLSIDs it creates in the registry, if the DIL and DAT files are removed.

The best solution, therefore, is to log the trojan with your antivirus provider and load and run their updated definitions list when it becomes available. Otherwise, the trojan will return.

1 comment:

  1. You can do the same in the enhanced editor. Except you hit enter instead of tab. ... How to change text properties in Attribute?

    ReplyDelete