Troj/Banker-CZ is an internet banking Trojan.
Troj/Banker-CZ includes functionality to disable other applications, steal confidential information and capture keystrokes.
When Troj/Banker-CZ is installed it creates the file <System>\D5133\words.vxd. This file may be deleted.
The following registry entry is created to run csrss.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Norton Protect Activies
<System>\D5133\csrss.exe
Troj/Banker-CZ attempts to disable the following processes:
NAVAP Wnd Class
ccAppWindow
Navapw32.exe
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Windows\Shell
Nome_Email_Definido
<random number>.bkp