RealTime IT News

Symantec Offers Remote Explorer Virus Detection

Symantec Corp. said Thursday that eight hours after it received a sample of the Remote Explorer virus, its AntiVirus Research Center (SARC), in conjunction with IBM's T.J. Watson Research Center, posted a new set of virus definitions with complete detection of the new virus across all platforms.

The SARC group will be working through the holidays to create a repair for the virus and plans to post a solution by early next week.

The Remote virus acts by spreading through the network to Windows NT systems. It will automatically spread to other Windows NT systems, after it is introduced into an administrator's account using the necessary privileges. However, the virus cannot automatically pass through properly configured corporate firewalls.

The company said that Norton AntiVirus customers can click the LiveUpdate button for immediate protection. In addition, customers can also download the Intelligent Updater from the Symantec Web site.

Symantec said it can offer immediate protection against Remote Explorer because of the engine architecture in Norton AntiVirus. The Norton AntiVirus extensible engine, or NAVEX, enables Symantec to provide critical engine updates across all platforms in small, downloadable files.

By using the normal LiveUpdate procedures to update regular virus definitions, customers also can get updates to the engine which are automatically installed. This eliminates the need for a standalone tool or an additional product installation for protection purposes.

"The Symantec AntiVirus Research Center believes that so far this virus is an isolated incident that has not affected any additional customers including IBM AntiVirus and Intel LanDesk VirusProtect users," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "It is not a threat at this time to the general public at this time, however administrators and end-users should make sure they have current anti-virus protection running in real time."

Symatec advises administrators checking Windows NT system for the virus, to look in the "Service" applet in the control panel. If they find a service called "Remote Explorer," the system may be infected by this virus. Customers who think they are infected with the virus can submit samples of the potentially infected file to avsubmit@symantec.com with the e-mail title of "Remote Explorer." Norton AntiVirus 5.0 customers can submit the file using the Scan and Deliver feature in the product.