Aliases: Virus.Acad.Pobresito (Kaspersky) ACAD/Pobresito (McAfee) ACAD.Pobresito (Symantec) ACAD/Pobresito (Avira) AL/Pobresito-A (Sophos) ACM_EXTACISA (TrendMicro)

Windows Defender detects and removes this threat. This threat is written in AutoLISP, a scripting language for automating AutoCAD tasks. It can erase the content of an AutoCAD drawing and replace it with a message from the malware author. This virus of Peruvian origin has never spread in the wild, due to its purposefully limited infection capabilities, for example by only infecting files in drive A:.

The virus infects files named acad.lsp. These files are loaded and run automatically when AutoCAD is started or when a drawing is opened, depending on the location of the script.

When you open an AutoCAD drawing from the folder containing the infected acad.lsp file the virus is loaded and run.

acad.exe is an executable exe file which belongs to the Windows process AutoCAD Application which comes with the Sofware developed by Autodesk.

The .exe extension of the acad file specifies that it is an executable file.

Malware and viruses are also transmitted through exe files