Symantec Provides Free Tool to Repair Damage from Loveletter Worm

Comprehensive Tool Repairs Registry Damage and Changes to Browser Settings

CUPERTINO, Calif. - May 8, 2000 - Symantec Corp. today announced the availability of a comprehensive tool to repair the damage to the registry and the changes to the Internet browser settings caused by the VBS.LoveLetter.A worm and its variants. This automatic tool, FIXLOVE.EXE, is available now at no charge for computers running Windows 95, 98, NT or 2000 from www.sarc.com.

This FIXLOVE.EXE tool will automatically repair the registry and Microsoft Internet Explorer settings damaged by the VBS.LoveLetter.A worm and its variants. In addition IT administrators can automate the repair process by running the FIXLOVE.EXE tool from either the DOS command line or from a login script.

End-users and IT administrators should run the FIXLOVE.EXE tool after they have scanned their systems with an anti-virus solution, such as Symantec's Norton AntiVirus, which will delete the virus files from the system. Users should note that FIXLOVE.EXE cannot restore deleted or overwritten files, which can only be recovered from a backup file or an undelete tool such as the NPROTECT/UNERASE utilities found in Symantec's Norton SystemWorks.

Users can verify the digital signature in Symantec's FIXLOVE.EXE tool at www.wmsoftware.com/pub/chktrust.exe to ensure that the tool is legitimate in case they receive it via e-mail. Users need to be careful since there is a strain of the worm that includes the subject line "Virus ALERT!!!" posing as a message from Symantec technical support. The attachment included in that e-mail is titled "Protect.VBS" and is NOT being distributed by Symantec. If users receive that e-mail, they should delete it immediately.

Norton AntiVirus customers should make sure they have the current virus definition updates before scanning their systems. Updated virus definitions for all variants are available now via Symantec's Live Update and can also be downloaded from www.symantecstore.com and www.digitalriver.com/symantec.

For computer users who may not currently have an anti-virus solution installed, Symantec also offers a free online scan for your system at www.symantec.com. Using Symantec's award-winning anti-virus technology, the Norton Internet Security Analyzer conducts an online scan of the user's computer to determine if it is infected. In addition, the Security Analyzer also can evaluate a computer's overall security status to make sure it is protected from hackers, inappropriate content, and privacy threats. Symantec's Security Analyzer and Virus Check programs are also available on ZDNet's Cybercrime web site at www.cybercrime.com.

The VBS.LoveLetter.A worm and its variants have accounted for more than 25 percent of the viruses found on the almost 5,000 PCs scanned since the launch of the Norton Internet Security Analyzer tool on Symantec's web site Feb. 24.

The VBS.LoveLetter.A worm contains a malicious payload that can result in non-recoverable data and/or inoperable computer systems. It was first discovered on May 4, 2000 in Asia and quickly spread worldwide. The variants of the worm currently being distributed via e-mail include the following subject lines: "ILOVEYOU," "Susitikim shi vakara kavos puodukui . . .," "fwd: Joke," "Mothers Day Order Confirmation," "Dangerous Virus Warning," "Important! Read carefully!!" and "Virus ALERT!!!". For more information on the VBS.LoveLetter.A worm and its variants, please visit the Symantec web site at www.symantec.com.

Symantec AntiVirus Research Center (SARC) SARC is the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec, a world leader in Internet security technology, provides content security solutions to enterprise organisations and helps companies manage and support workforces that use computers and other mobile devices.

Symantec's Canadian operations are headquartered in Toronto with offices in Montreal, Ottawa, and Vancouver. For more information on Symantec products or current promotions, contact the Canadian office at (416) 441-3676 or access Symantec's Canadian web-site at www.symantec.ca. Symantec is an active member of the Canadian Alliance Against Software Theft (CAAST).

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre on Symantec's web site.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders.

FORWARD LOOKING STATEMENT: This press release contains forward-looking statements. There are certain important factors that could cause Symantec's future development efforts to differ materially from those anticipated by some of the statements made above. Among these are the anticipation of the growth of certain market segments, the positioning of Symantec's products in those segments, the competitive environment in the software industry, new security threats, dependence on other products, changes to operating systems and product strategy by vendors of operating systems, and the importance of new Symantec products. Additional information concering those and other factors is contained in the "Risk Factors" section of the company's annual report on Form 10-K for the fiscal year ended April 2, 1999.