found W32:Trojan-gen{other} during ALzip install

Yes, laptop. Fans are running. It sits on a cooling pad too. Have never had any overheat issue.

It is not overheat…stops at exactly the same place every time.

I hate using Safe mode as all desktop icons get moved to the left side when you go back to regular boot.

Which is the file name and path (I mean, the last scanned one)?

That is shown three posts previously, in the post where I first mentioned it.

"…it hangs up and just freezes at
C:\Users\useraccount\AppData\Local\Yahoo\Widget Engine\Unzipped\Weather Underground.widget\Weather Underground _ dir.widget\Contents\Weather Underground.js

Sorry to bother, but did you check the file at www.virustotal.com ?
I’m not sure if the results posted previously are related to this file… if so, it does not seem a false positive…

The VirusTotal results are at post #12 in this thread.

Or, did you mean did I check the [Weather Underground.js] file? If that, no, not checked.

LATER: no hits on [Weather Underground.js] file at VirusTotal.

Oh dear, so much going on here…
DL’ed and ran MBAM. Found only one thing:
[i]Results:

Files Infected:
C:\Windows\hosts (Trojan.Agent) → No action taken[/i].

That file was literally zero bytes (I looked at it in a hex editor).

You’ve answered my question.

The usual location for the HOSTS file is, C:\WINDOWS\system32\drivers\etc\hosts so it may be the different location that MBAM is picking up on (regardless of size). The hosts file in itself isn’t a problem when it is empty, a) it would have to be in the windows user settings as the location for the hosts file and b) have content to be able to either redirect or block access. Check and see if you have a copy in the default location ?

See http://en.wikipedia.org/wiki/Hosts_file for more info on the HOSTS file.

I am very familiar with hosts files, and yes, I have the MVPS hosts file installed in the right location with some of my own additions, and it is read-only. What do you think about deleting the empty one in /Windows?

I would first rename it (I never delete anything as a first option), e.g. hosts_old or something like that. This way if something was trying to run this hosts file in windows you would get a windows error relating to the file. If you don’t get anything like that it is an indication there is nothing active using that, after a couple of weeks I would delete it.

In post 13, it was suggested to submit a Runscanner log to “online analysis.” Where might that be?

Check the button “Online Malware Analysis”.

I guess I am dense, but I have to ask where is that button?

LATER: Oh, you mean the check box (not button) in the runscanner window? I did it with all three boxes checked. Now I have a .run and .log files, but how do I see the online analysis results? There’s a view a list of forums link on the interface, but that does not take me to an analysis of my results.

I’m confused.

OK, I found it --there was a link in the interfaace to copy-pastei nto a browser.
There were no red ones, lots of unrated ones.
Went to a couple of the ‘helper’ forums listed. It is EXTREMELY hard to see where in those forums to post your RS log. I checked three and did not see anything identified in the numerous topics there as a runscanner analysis place. Why is it so hard.