Autodesk has announced a recent discovery of a malicious script that infects Maya files.
Upon opening an infected Maya file the virus attacks the user’s local settings and embeds itself into all Maya files subsequently written from that installation.
This is a major concern for all users as some third party providers are supplying infected files to customers.
Currently the virus is time bombed to disrupt users’ ability to use the Maya interface on June 26th.
The global script job gets called on any file > open event, replicating itself into any saved Maya file.
It looks like the scriptJob will become active on 26th June and cause Maya to get stuck in a loop opening any scene.
Once an infected file is opened your Maya session is infected and replicates the scriptJob into scenes on file > save.
It also saves a userSetup.mel file into your Maya user preferences so that when you reboot Maya you have the virus ready to start infecting files.
If you delete the usersStup.mel file that protects you until you open the infected file again, including the userSetup.mel file that gets recreated.
The usersetup.mel file is also saving itself in more than one location.
It looks like it saves here as well:
C:\Program Files\Autodesk\Maya2020\resources\l10n\ja_JP\scripts
You can identify the userSetup.mel file via the $fuck_All_U; variable name.
It registers these global MEL scripts :
UI_Mel_Configuration_think
UI_Mel_Configuration_think_a
UI_Mel_Configuration_think_b
autoUpdateAttrEd_SelectSystem
autoUpdatcAttrEd
autoUpdatoAttrEnd
Luckily, this issue is solvable. Autodesk has released a security tool that will detect and remove the malicious script from Maya files and installations. Autodesk has provided additional information here: https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0003.
You can access the tool here: https://apps.autodesk.com/MAYA/en/Detail/Index?id=8637238041954239715. If you need any help don’t hesitate to let us know.
Please note that this issue only affects Maya's .ma and .mb files. If you are not using either of these, no action is needed from your end.