This was part of a Scan Result:

Program directory is C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}

Current contents are from the DIR command:

C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}>dir
Volume in drive C has no label.
Volume Serial Number is B2D7-5DE1

Directory of C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}

09/29/2010 02:21 PM <DIR> .
09/29/2010 02:21 PM <DIR> ..
09/29/2010 02:21 PM 17,318 MySQLConnector.ico
1 File(s) 17,318 bytes
2 Dir(s) 74,108,952,576 bytes free

C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}>

The file itself is not being identified, but the directory is. Malwarebytes does not pick this up, nor does Symantec Endpoint Protection.

Looking at the log file from the scan, this is the section for the issue:

Win32.Neuraxon: [SBI $7F834AE1] Program directory (Directory, nothing done)
C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}\
Directory.subfile=C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}\MySQLConnector.ico
Directory.subfile.size=17318
Directory.subfile.md5=BDF308C329FC94DB5A8C81A0BCC04A98
Directory.subfile.filedate=1285788114
Directory.subfile.filedatetext=2010-09-29 14:21:53


I have examined the icon file with a hex editor and it matches the format as described online for the ICO format.

Thank you for reporting this, please ignore this result, it will be removed from our detection database effective with the next detection update scheduled for Wednesday 2014-10-15.

Thank you for reporting this, please ignore this result, it will be removed from our detection database effective with the next detection update scheduled for Wednesday 2014-10-15.
Can someone check this was actually done as I am getting a false positive identical to this on a server with a version of Spybot and updates downloaded today?

The rule flagging this directory was commented as FP in our database. Checked it just a minute ago. :police: