Troj/Bancban-BJ is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-BJ attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to persuade the user to enter confidential details. Stolen information is sent by email to a remote user.
Troj/Bancban-BJ may attempt to shut down anti-virus products.
Troj/Bancban-BJ creates the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SernellApp.pcx
<Windows system folder>\D5133\csrss.exe
HKLM\Software\Sos\Validade
csrss
<a date computed based on install date>