Troj/Banker-ER is a banking Trojan for Windows platform.
The Trojan creates the following registry entry in order to run automatically on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winsys
<path of Trojan>
(where <path> is the location of the Trojan executable).
Troj/Banker-ER attempts to steal internet banking details by displaying windows that imitate banking websites and logging any keypresses entered into the window. The stolen information is sent to a predefined email address.