said Thursday that eight hours after it received a sample of
the Remote Explorer virus, its AntiVirus Research Center (SARC), in
conjunction with IBM’s T.J. Watson Research Center, posted a new set of
virus definitions with complete detection of the new virus across all
The SARC group will be working through the holidays to create a repair for
the virus and plans to post a solution by early next week.
The Remote virus acts by spreading through the network to Windows NT
systems. It will automatically spread to other Windows NT systems,
after it is introduced into an administrator’s account using the
necessary privileges. However, the virus cannot automatically pass through
configured corporate firewalls.
The company said that Norton AntiVirus customers can click the LiveUpdate
button for immediate protection. In addition, customers can also download the
Intelligent Updater from the Symantec Web site.
Symantec said it can offer immediate protection against
Remote Explorer because of the engine architecture in Norton AntiVirus. The
Norton AntiVirus extensible engine, or NAVEX, enables Symantec to provide
critical engine updates across all platforms in small, downloadable files.
By using the normal LiveUpdate procedures to update regular virus definitions,
customers also can get updates to the engine which are automatically
installed. This eliminates the need for a standalone tool or an additional
product installation for protection purposes.
“The Symantec AntiVirus Research Center believes that so far this virus is
an isolated incident that has not affected any additional customers including
IBM AntiVirus and Intel LanDesk VirusProtect users,” said Enrique Salem, vice
president of Symantec’s Security and Assistance Business Unit. “It is not a
threat at this time to the general public at this time, however administrators
and end-users should make sure they have current anti-virus protection running
in real time.”
Symatec advises administrators checking Windows NT system for the virus, to
look in the “Service” applet in the control panel. If they find a service
“Remote Explorer,” the system may be infected by this virus. Customers who
think they are infected with the virus can submit samples of the
potentially infected file to [email protected] with the e-mail title of
“Remote Explorer.” Norton AntiVirus 5.0 customers can submit the file using
the Scan and Deliver feature in the product.