high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 30 May 2007 06:42:36 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Bluedi-Gen is a family of Trojans for the Windows platform.
When first run Troj/Bluedi-Gen usually copy themselves to <Windows>\notedad.exe and may attempt to copy itself to <System>\IExplorer.dll<multiple spaces>.dbt.
The following registry entries are usually created to run IExplorer.dll<multiple spaces>.dbt on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
IESet
IExplorer.dll<multiple spaces>.dbt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IESet
IExplorer.dll<multiple spaces>.dbt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
IESet
IExplorer.dll<multiple spaces>.dbt
The following registry entries are usually set or modified, so that notedad.exe is run when files with certain extensions are opened/launched:
HKCR\DBTFILE\shell\open\command
(default)
NOTEDAD.EXE
HKCR\inifile\shell\open\command
(default)
NOTEDAD.EXE %1
HKCR\txtfile\shell\open\command
(default)
NOTEDAD.EXE %1
HKCR\batfile\shell\edit\command
(default)
NOTEDAD.EXE %1
HKCR\regfile\shell\edit\command
(default)
NOTEDAD.EXE %1
The following registry entry is also created:
HKCR\.dbt
(default)
DBTFILE
Members of Troj/Bluedi-Gen usually attempt to download and execute a file from a remote website, usually to the file Explorer.exe, and usually a member of the Troj/Wublu family of Trojans.
Members of Troj/Bluedi-Gen may also attempt to create the file QFSLKeylog.ini.
|
