DJChuck

Thanks for the good advice. In the meantime, I've discovered - thanks to help from Dropbox support - what the problem was. It turns out that Dropbox was attempting to synchronize a couple of files from a German relative. When doing some updating the relative a couple of years ago, I made back up files from an old PC. Two of these files, I eventually learned, included "startmeinweb.de.". This was a start part for Internet Explorer that at that time (2012-2014) was connected with a malware. The reason this wasn't immediately obvious: when Dropbox syncs files, as you may well know, it does them in chunks, deposited in the .cache folder for subsequent reassembly. One such (incomplete) chunk showed up during the attempted syncing process with a machine-labelled partial file - enough for ESETs to identify the suspect element as a trojan - but gave me no further information as to the actual element (startmeinweb.de) that was triggering the identification and cleaning, much less the filename / path of where it was found. Upon the advice of the Dropbox support person, I turned off the real-time file protection and allowed Dropbox to complete its synchronization. That is, previously it would stall because of the detection of the trojan; after the cleaning process, it would restart syncing, only to get the infected chunk back in the .cache file. Once the synchronization was complete, I turned the file protection back on: ESETs detected and cleaned two infected files, now fully identified by name and volume / folder. Now, apparently, everything is back in order. Many thanks again for all the help.

Great - again, thanks. Yes, the response reads: The detection is rather correct. It's an IE shortcut to a blocked website which is detected. The website is set by malware MSIL/StartPage.CD trojan as the default homepage. Good to know - but what I still don't know: (a) since I'm using a Mac, how did an IE shortcut get inserted into my machine? And, more practically: how do I remove this trojan as none of my security software is finding it on the machine? Many thanks in advance for your help!

Thanks for this. I've submitted the file logs - the file itself is always deleted by ESET - to samples[at]eset.com as you suggested: no response yet. In the meantime, I've discovered that Dropbox is trying to sync with startmeinweb.de.html - as it does so, the effort to install the trojan takes place and then is detected and deleted by ESET. This appears to be only on one machine - i.e., Dropbox on my other machines doesn't show the same behavior. I've also sent a request for help from Dropbox. If still relevant, the recent log files are attached. Again, many thanks! ESETS log files.txt

Hi everyone, Over the past few days, ESETS has been cleaning a particular threat, "LH/Agent.CH trojan" that is repeatedly inserted in a hidden folder in my Dropbox account: I use a variety of security softwares - Malwarebytes, ESETS, Bitdefender: apart from ESETS, there is no other indication of a problem when I run a scan. I've no idea what would be able to insert such as file. Fortunately for me, it's malware for Windows while I use Macs. Tips, tricks and suggestions? Many thanks in advance