Troj/Bancos-BM is a password-stealing Trojan which also downloads code.
Troj/Bancos-BM is targeted at users of various Brazilian online banks. The Trojan attempts to steal confidential login information from users on the infected computer and emails the logs back to the author. The Trojan also connects to the internet and downloads code from a preconfigured site.
Troj/Bancos-BM copies itself to the Windows folder as regeditnt.exe and sets the following registry entry to ensure it is run on Windows login:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Service Registry NT Save
%WINDOWS%\regeditnt.exe