Troj/Banker-T is a password stealing Trojan.
When executed the Trojan creates a folder called tgbcde in the Windows folder and copies itself there as module32.exe.
Troj/Banker-T then creates the following registry entry in order that it may be run on system startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
tgbcde = "%windows%\tgbcde\module32.exe arg1"
The Trojan changes the Internet Explorer start page by editing the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main\
Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
Start Page
Troj/Banker-T drops a DLL in its folder called library32.dll. The Trojan also creates various text files in which it stores stolen information.
The Trojan runs in the background scanning for passwords which it will periodically try to upload to an internet server by FTP.
Troj/Banker-T will try to terminate varous security-related applications.