Troj/Bancos-CK is pasword stealing Trojan for the Windows platform that targets customers of Brazilian banks.
Once executed Troj/Bancos-CK copies itself to the Windows folder with the filename smss.exe, and in order to be able to run automatically when Windows starts up may set the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
zsms
"smss.exe"
Troj/Bancos-CK monitors a user's internet access, and when certain internet banking sites are visited, the Trojan will display a fake login screen in order to trick the user into inputting their details.