Troj/Banker-AQ is a password stealing Trojan targeted at Brazilian online financial service users.
Troj/Banker-AQ will monitor a user's internet access. When certain preconfigured sites are visited the Trojan will log keypresses in an attempt to steal confidential login details.
Troj/Banker-AQ copies itself to a new folder under the Windows system folder and sets the following registry entry to run itself when the user logs on to the infected computer:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
FirewallActivies =
%System%\3041\csrss.exe
Troj/Banker-AQ also attempts to terminate Norton Anti-virus.