Troj/Bluedi-Gen is a family of Trojans for the Windows platform.
When first run Troj/Bluedi-Gen usually copy themselves to <Windows>\notedad.exe and may attempt to copy itself to <System>\IExplorer.dll<multiple spaces>.dbt.
The following registry entries are usually created to run IExplorer.dll<multiple spaces>.dbt on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
IESet
IExplorer.dll<multiple spaces>.dbt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IESet
IExplorer.dll<multiple spaces>.dbt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
IESet
IExplorer.dll<multiple spaces>.dbt
The following registry entries are usually set or modified, so that notedad.exe is run when files with certain extensions are opened/launched:
HKCR\DBTFILE\shell\open\command
(default)
NOTEDAD.EXE
HKCR\inifile\shell\open\command
(default)
NOTEDAD.EXE %1
HKCR\txtfile\shell\open\command
(default)
NOTEDAD.EXE %1
HKCR\batfile\shell\edit\command
(default)
NOTEDAD.EXE %1
HKCR\regfile\shell\edit\command
(default)
NOTEDAD.EXE %1
The following registry entry is also created:
HKCR\.dbt
(default)
DBTFILE
Members of Troj/Bluedi-Gen usually attempt to download and execute a file from a remote website, usually to the file Explorer.exe, and usually a member of the Troj/Wublu family of Trojans.
Members of Troj/Bluedi-Gen may also attempt to create the file QFSLKeylog.ini.