Symantec is First Vendor to Provide Integrated Repair
Solution for Remote Explorer Virus
Standalone Tool to Remove Remote Explorer From Memory Available
CUPERTINO, Calif --December 29, 1998-- Symantec Corporation (Nasdaq: SYMC), the
world leader in utility software for business and personal computing, today announced that
the Symantec AntiVirus Research
Center (SARC) developed the first integrated repair solution for the Remote Explorer
virus. This solution works across all platforms supported by Norton AntiVirus and is
available now via LiveUpdate. Files infected by the virus become encrypted and corrupted.
Symantec's solution reverses the encryption and repairs the corruption so that the user
can access the file again. Customers can also get this protection by downloading and
running the Intelligent Updater from Symantec's Web site at www.symantec.com.
In addition, SARC has developed a standalone tool to "inoculate" and remove
the virus-installed-service from memory in Windows NT systems. It turns off the virus in
an infected computer's memory so that it can be removed and repaired safely. The first and
most critical stage of any virus repair process is to deactivate the virus before applying
removal techniques. The tool is free, can be downloaded now from the Symantec Web site at
www.symantec.com and can be used in conjunction with any anti-virus program.
The Symantec AntiVirus Research Center believes that so far this virus is an isolated
incident occurring on a few machines at one company. There are no reports of additional
customers being infected including IBM AntiVirus and Intel LanDesk VirusProtect users. It
does not seem to be a threat to the general public at this time, however administrators
and end-users should make sure they have current anti-virus protection running at all
times, not just when there is public awareness of specific viruses.
"Repairing the damaged files once the Remote Explorer virus infects a system can
be complex because of the different file types and the different corruption methods,"
said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit.
"We are the first to provide comprehensive repair for these corrupted files across
all platforms as part of the standard Norton AntiVirus solution."
The repair solution for the infected executable files restores the original copy of
that file, which was stored in a compressed form within the infected file. In order to
develop a repair solution for non-executable files, the researchers in SARC completed a
detailed analysis of how the virus corrupts the files. That analysis revealed that the
virus compresses the original file, encrypts the compressed result, stores the encrypted
result back in the original file and then randomly corrupts any remaining data in the
file, rendering it unusable.
If a system is actively infected, the standalone tool must be used to disable the virus
in memory before a repair can be attempted. The tool can be run with or without user
interaction. The tool, by default, prompts the user before removing the virus. In
addition, with a command line switch, the user can bypass all prompting and the tool will
work automatically. This can be used in batch files for automated removal. The tool can
also "inoculate" Windows NT systems against further infection by the Remote
Explorer virus. Users should run the memory removal tool from a write-protected floppy
Symantec is able to provide customers with immediate protection against Remote Explorer
because of the engine architecture in Norton AntiVirus. The Norton AntiVirus extensible
engine, or NAVEX, allows Symantec to provide critical engine updates across all platforms
in small, downloadable files. By using the normal LiveUpdate procedures to update regular
virus definitions, customers also receive updates to the engine, which are then
automatically installed. There is no need for a standalone tool or an additional product
installation to protect against this new threat.
Symantec AntiVirus Research Center SARC is the industry's largest dedicated team of
virus experts. With offices located in the United States, Japan, Australia, and the
Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global
responses to computer virus threats, proactively research and develop technologies that
eliminate such threats, and educate the public on safe computing practices. As new
computer viruses appear, SARC develops identification and detection for these viruses, and
provides either a repair or delete operation, thus keeping users protected against the
latest virus threats.
Symantec is the world leader in utility software for business and personal computing.
Symantec products and solutions help make users productive and keep their computers safe
and reliable anywhere and anytime. Symantec offers a broad range of solutions and is
acclaimed as a leader in both customer satisfaction and product brand recognition.
Symantec is traded on Nasdaq under the symbol SYMC. More information on the company and
its products can be obtained at www.symantec.com.