Name: Worm.Netres. Category: Viruses Description: Details Worm.Netres.a Netres is a dangerous worm virus that functions only under Win32 systems. The worm spreads over local networks and copies itself to shared network drives. Some versions of the worm also copy themselves to subdirectories on the local drive and to floppy disks in the A: drive. There are at least ten different known versions of Netres. They are all Windows PE EXE files of about 380-400Kb in size (depending on the specific worm version) and written in Delphi. Netres copies itself with different randomly selected names, some of them have many spaces before the ".exe" extension, while most of the names are in Russian: AntiVP.exe NetCheck.exe Free pics.htm.exe Посмотри это.jpg.exe То что обещала.xls.exe Всегда твоя.doc.exe Игрушка.exe Не запускать!!!.exe Просто красивая картинка.jpg.exe Мусор.doc.exe С любовью.jpg.exe Other names are also used that are randomly constructed from three parts - Name1 + Ext1 + ".exe": document + .exe + .exe Doom .jpg Heretic .bat hot pics .xls track01 .doc Delphi .log C++ .txt Pascal .mp3 Parus .wav 1SB-Win Любимой обещанное секрет киска Документ Карта for example: C++.exe.exe C++.jpg .exe Doom.doc .exe Heretic.mp3 .exe Parus.exe .exe Pascal.txt .exe track01.log .exe Документ.log .exe Любимой.doc .exe секрет.log .exe секрет.mp3 .exe Netres moves all files from the Windows SYSTEM directory to a new "restop" directory: c:windowssystem*.* -> c:windowsrestop The worm also creates a log file and writes to this file a report logging its actions. The name of the log file depends on the specific worm version. Possible names are: C:v1.log C:v3.log