Removing the Medre Trojan: A Guide to the ESET ACAD/Medre Cleaner Tool
The ACAD/Medre.A Trojan is a specialized piece of malware designed to steal proprietary information. It specifically targets AutoCAD users by compromising blueprints and design files. If your system is infected, ESET provides a dedicated standalone tool to safely remove the threat. This guide explains how the malware works and how to use the ESET cleaner tool to secure your environment. Understanding the ACAD/Medre Threat
Unlike generic malware, ACAD/Medre has a highly specific target. It represents a serious threat to engineering, architectural, and manufacturing firms. Target Audience: AutoCAD users and design professionals.
Primary Objective: Industrial espionage and intellectual property theft.
Malware Behavior: It locates AutoCAD drawing files (.dwg) on the infected system.
Exfiltration Strategy: The malware automatically emails stolen blueprints to external servers, primarily located in China.
Infection Vector: It typically spreads via infected drawing templates, malicious AutoLISP scripts (acad.fas), or compromised project folders shared between users. Step-by-Step Removal Guide
Standard antivirus scans can sometimes struggle with specialized script-based malware. ESET developed the standalone ACAD/Medre Cleaner Tool to thoroughly purge this specific Trojan from affected systems without requiring a full ESET software installation. Step 1: Download the Tool Open your web browser.
Navigate to the official ESET standard utilities download page. Locate and download the CleanerMedre.exe file. Save the file directly to your Desktop for easy access. Step 2: Prepare Your System Save all open work in AutoCAD. Close the AutoCAD application entirely.
Ensure you are logged into your computer with an Administrator account. Step 3: Run the Cleaner Go to your Desktop and locate CleanerMedre.exe. Right-click the file and select Run as administrator.
A command prompt window will open, and the tool will automatically begin scanning your local drives for the malware.
Allow the scan to run uninterrupted. The tool will automatically delete malicious acad.fas files and repair modified system registry entries.
Review the final text report displayed in the window to confirm the status of the cleanup. Step 4: Post-Removal Verifications
Restart your computer to ensure all system changes take effect.
Open AutoCAD and verify that your workspace loads normally without script errors.
Run a full system scan using your primary, updated antivirus software to ensure no secondary threats remain. Prevention and Best Practices
Securing your environment against future AutoCAD-based malware requires adjusting standard CAD workflows and reinforcing endpoint security.
Disable Automatic LISP Loading: Configure AutoCAD to restrict the automatic execution of unknown AutoLISP scripts. Set the ACADLSPASDOC system variable to 0 to prevent malicious scripts from loading automatically with every drawing.
Utilize AutoCAD Security Features: Modern versions of AutoCAD include built-in security controls. Go to Options, select the System tab, and configure the Executable File Search Path to only trust known, secure local directories.
Verify External Files: Never open .dwg files or external templates from untrusted vendors or unverified email attachments without scanning them first.
Keep Security Tools Updated: Ensure your endpoint protection software receives daily definition updates to catch variant strains of CAD malware early.
If you want to secure your CAD environment further, tell me: Which version of AutoCAD your team uses If you share files with external vendors Your current endpoint security provider
I can provide specific AutoCAD security configurations tailored to your workflow.
Leave a Reply