Situation summary

Some  users are finding they are infected with a threat called Trojan.Brisv.A. Current users of Symantec’s Norton security products are protected against this threat. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009, Norton Internet Security 2009 or Norton 360. All of these products will detect this threat, however removal of Trojan.Brisv.A requires a special tool – one that Symantec offers free of charge.

What does this threat do specifically?

Trojan.Brisv.A infects multimedia files included both movie and music files. If you try to play an infected multimedia file, the Trojan will open a web page that may have additional threats buried within.

Who is at risk?

Most users seem to have gotten infected after downloading music or video files from file sharing sites and peer to peer networks such as LimeWire. In some cases the infected file may have been downloaded and the trojan deactivated months ago however, due to recent changes to the way Symantec scans for malware, remnants of the trojan are now being identified as infected.

What to do if you are infected?

Detailed removal instructions are available here:  http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-072215-0522-99

How to avoid the threat:

1 Run a great security suite.

2 Keep your computer updated with the latest security patches. If you don’t know how to do this, have someone help you set your system to update itself.

3 Don’t use "free" security scans that pop-up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their "full" service. In many cases these are actually infecting you while they run.

4 Don’t download files from BitTorrent, LimeWire or other peer-to-peer networks. As valuable as those services can be, criminals have learned to use them to distribute viruses, trojans and worms.

5 Turn off the "autorun" feature that will automatically run programs found on memory sticks and other USB devices.

6 Be smart with your passwords. This includes:   Change your passwords periodically Use complex passwords – no simple names or words, use special characters and numbers Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards. Use a passwords management system such as Identity Safe (included in Norton Internet Security and Norton 360) to track your passwords and to fill out forms automatically.

7 Use an Internet browser with strong security such as Firefox, Opera or IE 8.0.

FAQ

Q: Am I safe if I don’t go to questionable Web sites?
A: No. The Trojan.Brisv.A trojan is hidden in multimedia files. Those files may come from a friend, they may be attached to an email or they may be downloaded from a peer-to-peer network.

Q: How do I know if I am infected?
A: The best way to know if you are infected is to run a good antivirus product.  Symptoms that may indicate you are infected include your browser opening unexpectedly while you are playing a music or movie file.

Q: What will happen to my media collection? Will I lose my music and videos?
The removal instructions and tool provided by Symantec will disinfect your media files without deleting them. The tool isn't going to delete any files from your computer. 
If there are files which the tool is unable to disinfect, we recommend you follow the instructions available here.