Symantec United States
global sites
products and services
purchase
support
security response
downloads
about symantec
search
feedback


© 1995-2007 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy
masthead
 
News Release

Symantec is First Vendor to Provide Integrated Repair Solution for Remote Explorer Virus

Standalone Tool to Remove Remote Explorer From Memory Available Online

CUPERTINO, Calif --December 29, 1998-- Symantec Corporation (Nasdaq: SYMC), the world leader in utility software for business and personal computing, today announced that the Symantec AntiVirus Research Center (SARC) developed the first integrated repair solution for the Remote Explorer virus. This solution works across all platforms supported by Norton AntiVirus and is available now via LiveUpdate. Files infected by the virus become encrypted and corrupted. Symantec's solution reverses the encryption and repairs the corruption so that the user can access the file again. Customers can also get this protection by downloading and running the Intelligent Updater from Symantec's Web site at www.symantec.com.

In addition, SARC has developed a standalone tool to "inoculate" and remove the virus-installed-service from memory in Windows NT systems. It turns off the virus in an infected computer's memory so that it can be removed and repaired safely. The first and most critical stage of any virus repair process is to deactivate the virus before applying removal techniques. The tool is free, can be downloaded now from the Symantec Web site at www.symantec.com and can be used in conjunction with any anti-virus program.

The Symantec AntiVirus Research Center believes that so far this virus is an isolated incident occurring on a few machines at one company. There are no reports of additional customers being infected including IBM AntiVirus and Intel LanDesk VirusProtect users. It does not seem to be a threat to the general public at this time, however administrators and end-users should make sure they have current anti-virus protection running at all times, not just when there is public awareness of specific viruses.

"Repairing the damaged files once the Remote Explorer virus infects a system can be complex because of the different file types and the different corruption methods," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "We are the first to provide comprehensive repair for these corrupted files across all platforms as part of the standard Norton AntiVirus solution."

The repair solution for the infected executable files restores the original copy of that file, which was stored in a compressed form within the infected file. In order to develop a repair solution for non-executable files, the researchers in SARC completed a detailed analysis of how the virus corrupts the files. That analysis revealed that the virus compresses the original file, encrypts the compressed result, stores the encrypted result back in the original file and then randomly corrupts any remaining data in the file, rendering it unusable.

If a system is actively infected, the standalone tool must be used to disable the virus in memory before a repair can be attempted. The tool can be run with or without user interaction. The tool, by default, prompts the user before removing the virus. In addition, with a command line switch, the user can bypass all prompting and the tool will work automatically. This can be used in batch files for automated removal. The tool can also "inoculate" Windows NT systems against further infection by the Remote Explorer virus. Users should run the memory removal tool from a write-protected floppy diskette.

Symantec is able to provide customers with immediate protection against Remote Explorer because of the engine architecture in Norton AntiVirus. The Norton AntiVirus extensible engine, or NAVEX, allows Symantec to provide critical engine updates across all platforms in small, downloadable files. By using the normal LiveUpdate procedures to update regular virus definitions, customers also receive updates to the engine, which are then automatically installed. There is no need for a standalone tool or an additional product installation to protect against this new threat.

Symantec AntiVirus Research Center SARC is the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec is the world leader in utility software for business and personal computing. Symantec products and solutions help make users productive and keep their computers safe and reliable anywhere and anytime. Symantec offers a broad range of solutions and is acclaimed as a leader in both customer satisfaction and product brand recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information on the company and its products can be obtained at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders. All prices noted are in US dollars and are valid only in the United States.