I d/l'd a file (leaktest.exe.DE) from a supposedly "safe" web site.
When it was finished dl'ng, McAfee popped up and said it was a PUP,
but could not rename or delete it.

The file was not opened and it just sits on my PC. I tried to get rid
of it by deleting and/or renaming, but could not. I then thought of
using the "Run - command" option, but am not sure of the proper
format(s).

And while I appreciate any feed-back on this, PLEASE, no "Google is
your friend" or "RTFM". I've Googled, Jeeves'd and Dog Piled, and
everything I found was for programs already installed, not files.

As mentioned, the program has not been installed, and is just a file.

I'm running Win XP Pro, S/P #1.

Many, Many, Many TIA's.

Holly Hocks wrote:
One option would be to boot your system to DOS and navigate to the file
and delete it.

On Fri, 19 Aug 2005 13:29:00 GMT, Brian H¹©
<no.spam@no.spam.thank.you> wrote:

How do I get to DOS?

On Fri, 19 Aug 2005 13:29:00 GMT, Brian H¹©
<no.spam@no.spam.thank.you> wrote:

SNIP SNIP SNIP
Win XP - No DOS. Have to use "command" function, but none of the DOS
commands I'm familiar with are working.

Thanks tho, I appreciate a civil response.

On Fri, 19 Aug 2005 13:29:00 GMT, Brian H¹©
<no.spam@no.spam.thank.you> wrote:

He CAN'T boot to DOS. Oh, he can make an ME boot floppy but Win NT
(and XP is WinNT 5.1) doesn't have a real DOS.

Also, there's an excellent chance (if he uses NTFS) that ME DOS can't
read his hard disk.

Try pressing F8 when you boot and boot to Safe Mode with a Command
Prompt. I suspect that the file is in use and in safe mode it probably
won't be.

Also, try "attrib -s -h -r " on the file name.

So now you are Holly Hocks? Use the same moniker throughout your thread;
otherwise, you appear to be someone trying to hijack the thread.

You cannot get to DOS since you are using Windows XP. A DOS shell is *not*
the same as booting to DOS. You could try booting into Recovery Console
mode to delete the file; see the include help under the Start menu for info
on how to use/install the Recovery Console mode. Otherwise, try the
following:

- Open Task Manager and leave its window on the screen until told later to
close it.
- Kill all instances of "explorer.exe" under the Processes tab. Select a
processes, right-click on it, kill it. Eventually you will kill the
instance that is used to present the desktop GUI.
- In Task Manager, use the File->NewTask menu to start a DOS shell by
running "cmd.exe" (sans quotes). In the DOS shell window, navigate to the
folder with the file and delete it.
- Enter the "exit" command to close the DOS shell window.
- In Task Manager, use its File-NewTask menu to run "explorer.exe". The
desktop GUI should reappear.

You might be able to skip the steps to load a DOS shell and delete the file
and just exit the current instance of explorer.exe and reload it. Sometimes
the process that has a handle on a file is Explorer itself. Since it is
used for the desktop GUI, it will continue to have a handle to the file and
refuse to let you delete it. So kill that instance, optionally delete the
file while it is gone, and reload a new instance (under which you should be
able to delete the file since you haven't supposedly opened it yet to have
explorer.exe have a handle to it yet).

--
__________________________________________________
E-mail: Remove "NIX" and add "#LAH" to Subject.
__________________________________________________
"Laciji" <laciji@aol.com> wrote in message
news:18obg1dhs56ekcgnaqrnommc3s0rp0mv6l@4ax.com...

Holly Hocks <flowergirl@thealtar.org> wrote:

|>I d/l'd a file (leaktest.exe.DE) from a supposedly "safe" web site.
|>When it was finished dl'ng, McAfee popped up and said it was a PUP,
|>but could not rename or delete it.
|>
|>The file was not opened and it just sits on my PC. I tried to get rid
|>of it by deleting and/or renaming, but could not. I then thought of
|>using the "Run - command" option, but am not sure of the proper
|>format(s).

Killbox
http://www.bleepingcomputer.com/files/killbox.php
--

On Fri, 19 Aug 2005 09:12:35 -0500, "Vanguard"
<vanguard_news@gawabNIX.com> wrote:

SNIP SNIP SNIP

This is the third post I've made in this thread, all using Holly
Hocks, so I really don't know WTF you're talking about. Further, your
whole post indicates a need for some serious rehab. Or, at a minimum,
try reading a question, and the replies, before you answer it.

To the other respondents: Some great suggestions. I'll try them and
let you know.

Again, thank you for the replies.

"Holly Hocks" <flowergirl@thealtar.org> wrote in message
news:i9mbg1h77n91l615ttlc7mk6afgk81vpd5@4ax.com...
This article on McAfee's site may help.
http://vil.nai.com/vil/content/v_127618.htm

"Buffalo" <eric(nospam)@nada.com.invalid> wrote in message
news:dcSdndMklYwKYJjeRVn-tw@comcast.com...
http://vil.nai.com/vil/pups/configuration.htm

To delete undeletable files use the excellent program by Cedrick Collomb
called Unlocker
http://www.pcbutts1.com/downloads/unlocker170.exe

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Holly Hocks" <flowergirl@thealtar.org> wrote in message
news:i9mbg1h77n91l615ttlc7mk6afgk81vpd5@4ax.com...

The Killbox program did it! Also, there were some later posts with
web site referrals that were really good for future reference.

Again, a great big thanks to a really great group.

--
__________________________________________________
E-mail: Remove "NIX" and add "#LAH" to Subject.
__________________________________________________
"Holly Hocks" <flowergirl@thealtar.org> wrote in message
news:7vubg1pb6ak4skh70uitihbtdgqk003bva@4ax.com...
Learn to configure your newsreader to show the posts in a threaded or
outline hierarchy. I replied to the post which had the moniker of "Laciji",
not to the one marked "Holly Hocks". I wasn't going to bother at the time
to investigate the headers to see who was who (since a user can specify any
moniker they want when posting). I looked now and Laciji posts from
Supernews and you post from Giganews, so it is very likely that Laciji is
not Holly Hocks. However, Laciji posted as though he/she were Holly Hocks,
and THAT is to whom I replied. Learn to read the posts within the
[sub]thread to know who is responding to whom.

Sorry, I don't work for you and you don't pay me, so I'll respond however I
want. Next time wait until one hour after taking your meds before reading
posts. You are definitely seeing content that isn't there.

You are new to Usenet. Just because a post is dated before mine doesn't
mean it is actually viewable at that instant. It can minutes or hours, even
sometimes days, for a post to propagate around the world to all the NNTP
servers out there. When I posted, and of the posts that WERE available on
my NNTP server at the time that I replied, none offered the suggestion of
relinquishing the handle to the inuse file by unloading explorer.exe.

You certainly have a very fragile ego, which means you shouldn't participate
in newsgroups. Either you replied to the wrong poster or you never really
bothered to read my reply. Please explain just where in MY reply that you
thought that I was being so overly caustic to your thin-skinned ego. If you
thought my reply was so lambastic, you really should stay away from
computers because many technical manuals will have the same tone. THIS
reply was somewhat caustic but even if you can't handle this reply then you
need to stay off Usenet and hide in your very select group of backpatting
friends.

boot into safe mode an delete then push f5
"Holly Hocks" <flowergirl@thealtar.org> wrote in message
news:i9mbg1h77n91l615ttlc7mk6afgk81vpd5@4ax.com...

Holly Hocks wrote:

Okay, gang - not Holly Hock, as he's the one who bit on this file - I
haven't been paying much attention to the malware world since moving to
Linux, so tell me -- isn't the fact that an apparently not-Gibson site
has added an extension to Gibson's legitimate leaktest.exe pretty much
a sure sign of malware trying to sneak through defenses?


--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Vanguard wrote:

--
Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
detected penguin patterns on mousepad. Partition scan in progress
*to*remove*offending*incompatible*products.**React ivate*MS*software.
Linux woodpecker.homnet.at 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]

Holly Hocks wrote:
http://www.bootdisk.com/xptop20.htm#8
http://www.bootdisk.com/florida/copylock.zip
http://www.bootdisk.com/florida/lfwizard.zip






--
http://www.bootdisk.com/

"Walter Mautner" <newsleaf.20.eatallspam@spamgourmet.com> wrote in
message news:9qtht2-ah4.ln1@walter.mautner.reflex.at...

Yep, my mistake. At work, I don't have admin rights to install the
registry hack that makes OE bottom post - and I forgot to remove the
signature before moving down to insert comments inline. But, at least,
I don't spew a bunch of superfluous shit in my signature proselytizing
an OS.

--
__________________________________________________ __________
For e-mail, remove "NIX" and add "#LAH" passcode to Subject.
__________________________________________________ __________

What trick, what device, what starting-hole on Fri, 19 Aug 2005
14:07:02 GMT, canst thou now find out, to hide Joel Rubin
<jmrubin@ix.netcom.com> from this open and apparent shame?:

<snip>
I think *he* is a *she*.

Holly Hocks wrote:
Really? You did not read the post by laciji ? Did it appear in the thread
on your machine?? Laciji asked a question that logically, in and of itself,
pointed to ( indicated) a newbie as having asked, or someone somewhat bold
but with some degree of ignorance in software applications and
configurations and capabilites of same, a stupid question. And that pointed
to you by default because of the nature of the question. Vanguard gave you
sound advice about using the same moniker, and you cop an attitude?

You are seeing cabooses where "they ain't no cabooses". There are no such
indications or ill will in V's post. It's all in yer "haid".

You have the reading and comprehension problem, bucko or buckette, whichever
the case may be.

You already did when you said (paraphrasing ) "Don't Google ME , mother
fuckers"

"He has all the virtues I dislike and none of the vices I admire."- Winston
Churchill

--

Ellis_jay