Troj/Bancos-AR is a password stealing Trojan for the Windows platform.
Troj/Bancos-AR monitors which URLs are typed into a web browser and creates fake webpages for certain Brazilian banking sites in order to log user account information. This information may then be sent to predetermined email addresses.
Troj/Bancos-AR sets the following registry entry to ensure that it is executed automatically upon restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<Trojan name without extension>
<path to Trojan>