Moved to Malware Discussion.
What makes you think it's a McAfee product? It's well documented in the web as an infection.
Are you seeking help with removal or just pointing it out?
My McAfee AV detected this and has been removed.
ePolicy Orchestrator Notification
Rule: Virus Detected and Removed
Rule Defined At: Directory
Description: Notifications sends an e-mail message when "Virus Detected and Removed" events are received.
Number of events: 1
Actual threat names: W32/Cutwail.a!rootkit
Actual products: VirusScan
Affected Computer IP:
Affected Computer Name:
Affected Object: C:\WINDOWS\System32\drivers\ndis.sys
Source computer IP addresses: Not Available
For additional information, see the Notification Log in the ePolicy Orchestrator console.
This is an old rootkit virus that requires the NDIS.SYS file to replaced from a known clean backup while not running Windows. This means using a Boot CD or a "Scheduling a delayed file operation."