Troj/Bancos-DR is a password stealing Trojan for the Windows platform.
Troj/Bancos-DR monitors which URLs are typed into a web browser and creates fake webpages for certain Brazilian banking sites in order to log user account information. This information may then be sent to predetermined email addresses.
Troj/Bancos-DR copies itself to the Windows system folder as charmapnt.exe and may set the following registry entry in order to run each time a user logs on:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<value>
"<Windows system folder>\charmapnt.exe"