Symantec is First Vendor to Provide Integrated Repair Solution for Remote Explorer Virus
Standalone Tool to Remove Remote Explorer From Memory Available Online
CUPERTINO, Calif --December 29, 1998-- Symantec
Corporation (Nasdaq: SYMC), the world leader in utility software for business and personal
computing, today announced that the Symantec AntiVirus Research Center (SARC) developed the first
integrated repair solution for the Remote Explorer virus. This solution works across all platforms
supported by Norton AntiVirus and is available now via LiveUpdate. Files infected by the virus
become encrypted and corrupted. Symantec's solution reverses the encryption and repairs the
corruption so that the user can access the file again. Customers can also get this protection by
downloading and running the Intelligent Updater from Symantec's Web site at www.symantec.com.
In addition, SARC has developed a standalone tool to "inoculate" and remove the
virus-installed-service from memory in Windows NT systems. It turns off the virus in an infected
computer's memory so that it can be removed and repaired safely. The first and most critical stage
of any virus repair process is to deactivate the virus before applying removal techniques. The tool
is free, can be downloaded now from the Symantec Web site at www.symantec.com and can be used in
conjunction with any anti-virus program.
The Symantec AntiVirus Research Center believes that so far this virus is an isolated incident
occurring on a few machines at one company. There are no reports of additional customers being
infected including IBM AntiVirus and Intel LanDesk VirusProtect users. It does not seem to be a
threat to the general public at this time, however administrators and end-users should make sure
they have current anti-virus protection running at all times, not just when there is public
awareness of specific viruses.
"Repairing the damaged files once the Remote Explorer virus infects a system can be complex because
of the different file types and the different corruption methods," said Enrique Salem, vice
president of Symantec's Security and Assistance Business Unit. "We are the first to provide
comprehensive repair for these corrupted files across all platforms as part of the standard Norton
The repair solution for the infected executable files restores the original copy of that file, which
was stored in a compressed form within the infected file. In order to develop a repair solution for
non-executable files, the researchers in SARC completed a detailed analysis of how the virus
corrupts the files. That analysis revealed that the virus compresses the original file, encrypts
the compressed result, stores the encrypted result back in the original file and then randomly
corrupts any remaining data in the file, rendering it unusable.
If a system is actively infected, the standalone tool must be used to disable the virus in memory
before a repair can be attempted. The tool can be run with or without user interaction. The tool,
by default, prompts the user before removing the virus. In addition, with a command line switch,
the user can bypass all prompting and the tool will work automatically. This can be used in batch
files for automated removal. The tool can also "inoculate" Windows NT systems against further
infection by the Remote Explorer virus. Users should run the memory removal tool from a
write-protected floppy diskette.
Symantec is able to provide customers with immediate protection against Remote Explorer because of
the engine architecture in Norton AntiVirus. The Norton AntiVirus extensible engine, or NAVEX,
allows Symantec to provide critical engine updates across all platforms in small, downloadable
files. By using the normal LiveUpdate procedures to update regular virus definitions, customers
also receive updates to the engine, which are then automatically installed. There is no need for a
standalone tool or an additional product installation to protect against this new threat.
Symantec AntiVirus Research Center SARC is the industry's largest dedicated team of virus experts.
With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets
on SARC. The center's mission is to provide swift, global responses to computer virus threats,
proactively research and develop technologies that eliminate such threats, and educate the public on
safe computing practices. As new computer viruses appear, SARC develops identification and detection
for these viruses, and provides either a repair or delete operation, thus keeping users protected
against the latest virus threats.
Symantec is the world leader in utility software for business and personal computing.
Symantec products and solutions help make users productive and keep their computers
safe and reliable anywhere and anytime. Symantec offers a broad range of solutions
and is acclaimed as a leader in both customer satisfaction and product brand
recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information
on the company and its products can be obtained at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products,
view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.
Brands and products referenced herein are the trademarks or registered trademarks of their
respective holders. All prices noted are in US dollars and are valid only in the United States.