Troj/CmjSpy-U is a keyboard-logging Trojan for the Windows platform.
When the Trojan is installed it copies itself to <Windows system folder>\msdrv.exe.
The following registry entry is created to run msdrv.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe "<Windows system folder>\msdrv.exe"
The Trojan creates a library file (also detected as Troj/CmjSpy-U) in the Temporary folder and injects code into the explorer process to load this library file.
The Trojan submits logged information to a preconfigured website using HTTP GET.