Troj/Bancban-BS is a password-stealing Trojan targeted at customers of Brazilian online banks.
Troj/Bancban-BS attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces in order to pursuade the user to enter confidential details. Stolen information is sent via email to author.
The Trojan copies itself to a new folder under the Windows system folder with the filename "lexplore.exe".
Troj/Bancban-BS creates the following registry entry in order to run automatically on computer logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
KernellApps
<Windows system folder>\<number>\lexplore.exe