grm52-3.gif (6802 bytes)

IT Background & Trends
    Internet Background
    Silicon Valley History
    Silicon to Internet Valley
    Bay Area Regional Guide

Industry Leaders
   Top 100 Magazines
    Top 100 Companies

E-commerce  Services
    Web Influence
    Hyperlink Mechanics
    FAQ & Contact Info

Internet Valley, Inc.

    Mountain View
    San Francisco #1
    San Francisco #2
    European Mirror


Company News

Symantec is First Vendor to Provide Integrated Repair Solution for Remote Explorer Virus


Standalone Tool to Remove Remote Explorer From Memory Available Online

CUPERTINO, Calif --December 29, 1998-- Symantec Corporation (Nasdaq: SYMC), the world leader in utility software for business and personal computing, today announced that the Symantec AntiVirus Research Center (SARC) developed the first integrated repair solution for the Remote Explorer virus. This solution works across all platforms supported by Norton AntiVirus and is available now via LiveUpdate. Files infected by the virus become encrypted and corrupted. Symantec's solution reverses the encryption and repairs the corruption so that the user can access the file again. Customers can also get this protection by downloading and running the Intelligent Updater from Symantec's Web site at

In addition, SARC has developed a standalone tool to "inoculate" and remove the virus-installed-service from memory in Windows NT systems. It turns off the virus in an infected computer's memory so that it can be removed and repaired safely. The first and most critical stage of any virus repair process is to deactivate the virus before applying removal techniques. The tool is free, can be downloaded now from the Symantec Web site at and can be used in conjunction with any anti-virus program.

The Symantec AntiVirus Research Center believes that so far this virus is an isolated incident occurring on a few machines at one company. There are no reports of additional customers being infected including IBM AntiVirus and Intel LanDesk VirusProtect users. It does not seem to be a threat to the general public at this time, however administrators and end-users should make sure they have current anti-virus protection running at all times, not just when there is public awareness of specific viruses.

"Repairing the damaged files once the Remote Explorer virus infects a system can be complex because of the different file types and the different corruption methods," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "We are the first to provide comprehensive repair for these corrupted files across all platforms as part of the standard Norton AntiVirus solution."

The repair solution for the infected executable files restores the original copy of that file, which was stored in a compressed form within the infected file. In order to develop a repair solution for non-executable files, the researchers in SARC completed a detailed analysis of how the virus corrupts the files. That analysis revealed that the virus compresses the original file, encrypts the compressed result, stores the encrypted result back in the original file and then randomly corrupts any remaining data in the file, rendering it unusable.

If a system is actively infected, the standalone tool must be used to disable the virus in memory before a repair can be attempted. The tool can be run with or without user interaction. The tool, by default, prompts the user before removing the virus. In addition, with a command line switch, the user can bypass all prompting and the tool will work automatically. This can be used in batch files for automated removal. The tool can also "inoculate" Windows NT systems against further infection by the Remote Explorer virus. Users should run the memory removal tool from a write-protected floppy diskette.

Symantec is able to provide customers with immediate protection against Remote Explorer because of the engine architecture in Norton AntiVirus. The Norton AntiVirus extensible engine, or NAVEX, allows Symantec to provide critical engine updates across all platforms in small, downloadable files. By using the normal LiveUpdate procedures to update regular virus definitions, customers also receive updates to the engine, which are then automatically installed. There is no need for a standalone tool or an additional product installation to protect against this new threat.

Symantec AntiVirus Research Center SARC is the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec is the world leader in utility software for business and personal computing. Symantec products and solutions help make users productive and keep their computers safe and reliable anywhere and anytime. Symantec offers a broad range of solutions and is acclaimed as a leader in both customer satisfaction and product brand recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information on the company and its products can be obtained at


Symantec Contact
Lori Cross
Public Relations Director

Suggestions, comments,  questions? Contact us


Copyright 1995-1999, InternetValley Inc.