Results 1 to 4 of 4

Thread: MySQL Connector icon directory being identified as Win32.Neuraxon

  1. #1
    Junior Member
    Join Date
    Oct 2014
    Posts
    1

    Default MySQL Connector icon directory being identified as Win32.Neuraxon

    This was part of a Scan Result:

    Program directory is C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}

    Current contents are from the DIR command:

    C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}>dir
    Volume in drive C has no label.
    Volume Serial Number is B2D7-5DE1

    Directory of C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}

    09/29/2010 02:21 PM <DIR> .
    09/29/2010 02:21 PM <DIR> ..
    09/29/2010 02:21 PM 17,318 MySQLConnector.ico
    1 File(s) 17,318 bytes
    2 Dir(s) 74,108,952,576 bytes free

    C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}>

    The file itself is not being identified, but the directory is. Malwarebytes does not pick this up, nor does Symantec Endpoint Protection.

    Looking at the log file from the scan, this is the section for the issue:

    Win32.Neuraxon: [SBI $7F834AE1] Program directory (Directory, nothing done)
    C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}\
    Directory.subfile=C:\Windows\Installer\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}\MySQLConnector.ico
    Directory.subfile.size=17318
    Directory.subfile.md5=BDF308C329FC94DB5A8C81A0BCC04A98
    Directory.subfile.filedate=1285788114
    Directory.subfile.filedatetext=2010-09-29 14:21:53


    I have examined the icon file with a hex editor and it matches the format as described online for the ICO format.

  2. #2
    Member of Team Spybot micha's Avatar
    Join Date
    Oct 2005
    Posts
    31

    Default

    Thank you for reporting this, please ignore this result, it will be removed from our detection database effective with the next detection update scheduled for Wednesday 2014-10-15.

  3. #3
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default MySQL Connector icon directory being identified as Win32.Neuraxon

    Quote Originally Posted by micha View Post
    Thank you for reporting this, please ignore this result, it will be removed from our detection database effective with the next detection update scheduled for Wednesday 2014-10-15.
    Can someone check this was actually done as I am getting a false positive identical to this on a server with a version of Spybot and updates downloaded today?

  4. #4
    Member of Team Spybot (m/f)'s Avatar
    Join Date
    Feb 2006
    Posts
    294

    Default

    The rule flagging this directory was commented as FP in our database. Checked it just a minute ago.
    (m/f)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •