Subscribe0 0
Netres is a dangerous worm virus that functions only under Win32 systems. The worm spreads over local networks and copies itself to shared network drives. Some versions of the worm also copy themselves to subdirectories on the local drive and to floppy disks in the A: drive.
There are at least ten different known versions of Netres. They are all Windows PE EXE files of about 380-400Kb in size (depending on the specific worm version) and written in Delphi.
Netres copies itself with different randomly selected names, some of them
have many spaces before the ".exe" extension, while most of the names are in
Russian:
AntiVP.exe NetCheck.exe Free pics.htm.exe 鹣油显疑 茉?jpg.exe 粝 拊?下泡撂?xls.exe 饔徘牧 宰涎.doc.exe 榍艺鬯?exe 钆 诹姓铀猎?!!.exe 鹨嫌韵 艘劣勺裂 肆以晌肆.jpg.exe 碚酉?doc.exe ?汤孪棕?jpg.exe
Other names are also used that are randomly constructed from three parts - Name1
Ext1 ".exe":
document .exe .exe Doom .jpg Heretic .bat hot pics .xls track01 .doc Delphi .log C .txt Pascal .mp3 Parus .wav 1SB-Win 炖律拖? 下泡廖蜗? 优艘旁 松铀? 湎苏团卧 肓以?
for example:
C .exe.exe C .jpg .exe Doom.doc .exe Heretic.mp3 .exe Parus.exe .exe Pascal.txt .exe track01.log .exe 湎苏团卧.log .exe 炖律拖?doc .exe 优艘旁.log .exe 优艘旁.mp3 .exe
Netres moves all files from the Windows SYSTEM directory to a new "restop"
directory:
c:\windows\system\*.* -> c:\windows\restop\
The worm also creates a log file and writes to this file a report logging its
actions. The name of the log file depends on the specific worm version.
Possible names are:
C:\v1.log C:\v3.log
Hot Articles