cancel
Showing results for 
Search instead for 
Did you mean: 
mrcraigc
Level 8

McAfee popup says that i have Exploit Trojan and I need to change Shared Folder properties

Thsi morning, a popup claiming to be McAfee popped up and said that McAfee had detected an "Exploit" trojan, but couldn't remove it.  It says that i need to change the permissions on a shared folder.  This sounds dodgy.  Is this a legitimate request.  Or is it a trojan in itself?  See attached error message screen shot.

0 Kudos
5 Replies
Hayton
Level 17

Re: McAfee popup says that i have Exploit Trojan and I need to change Shared Folder properties

Trojan detected.PNG

That certainly looks like a genuine McAfee message, and the reason given for non-removal makes sense. If McAfee requires access to a shared folder to delete a Trojan, then it's up to you whether to allow the access.

I would be looking first to the method of infection. Check your version of Java, and if it's not the latest (7u45) then you should upgrade.

http://krebsonsecurity.com/tag/java/

http://www.oracle.com/technetwork/java/javase/downloads/index.html

0 Kudos
exbrit
Level 21

Re: McAfee popup says that i have Exploit Trojan and I need to change Shared Folder properties

That also looks like a System Restore or System Backup folder with that "VolumeShadowCopy" bit

0 Kudos
mrcraigc
Level 8

Re: McAfee popup says that i have Exploit Trojan and I need to change Shared Folder properties

what is teh implication of this?

0 Kudos

Re: McAfee popup says that i have Exploit Trojan and I need to change Shared Folder properties

As Brit says the detection is from \Device\HardDisk\VolumeShadowCopy7\Users\xx\xx\xx...... is a system backup folder.

Make sure all the files & folders are hidden How to enable hidden files & folders. Go to the location and check the detected file, if present delete it manually

Perform a Quick Clean in McAfee.

0 Kudos
exbrit
Level 21

Re: McAfee popup says that i have Exploit Trojan and I need to change Shared Folder properties

The simply act of turning off System Restore temporarily should delete the offending restore point - if that is in fact a restore point and only you know that.  Otherwise you can probably remove it in Safe Mode if it wont go in regular..

0 Kudos