Hi Folks, and no folks :-) Hi everyeone,
"PTSnoop keeps coming back" problem, if it is because of a legitimate modem driver file, it could be a simple matter, if you are not using that modem, just remove everything, modem and all, problems solved ! But if it is a virus doing things to your PC, then it is another matter.
Response number 3 in this link referred back to an older PTSnoop forum link, #105. Unfortunately that older link is closed to date, as it was started sometime on the 25th of Feb. However, it still seems to be useful as the "PTSnoop syndroms" are still apparently on the loose, so to speak. I shall then copy the last response from that discussion, response #37 from friend Ken. Then I will add my new response to that after. Enjoy it folks !
Here's Ken's response from 23 July this year :
Greetings,
Upon visiting this site I was able to locate some information regarding an unrelated problem I encountered when I came across this article.
I provide tech support to some large companies and thought I'd provide some info in return for some info I received. Sounds fair..Anyway PTSNOOP is a in fact an actually file required used with PCtel devices. Most common is the internal modem. In brief it searches for available COM ports. Unfortunately the file does share a name with a not so nice file which allows access to your computer via open ports. Your best bet is too do a search for the file on your computer (PTSNOOP). Right click on the file, select properties, click on the Verion tab. If you see PCtel next to the company name you should be OK. If you want to stop the program altogether you will need to remove it from the win.ini file and registry. Check microsoft's site for instructions.
As a side note Harry Highlife indicated if you hit CTRL+ALT+DELETE and find Rundll or Rundll32 file you have a virus. Not so, these are 16 and 32 bit windows command line utility programs used to run functions exported from a DLL. The files have many uses including C+ programming and installation uses. If you find one running you do not necessarily have a virus.
L8R
Here's my new response after that, which was not possible anymore to be added to that older link :
Hi,
First of all, I just like to correct a misunderstand. Perhaps I did not write it out clearly, it could be my fault, but anyway, I was saying, that if you had TWO OR MORE copies of that DLL files on the running window, you would have a virus. I did not say that any single Run A DLL as an app running there that you see were an indication to a virus. I am sorry if I had mistaken there in explanation, but I think that I depicted the scene clearly.
This also brings up another point, as our friend Ken indicated, Run A DLL is one of the normal functions of Windows. However, sometimes it is not needed running, depending on how your window is operating at the time. Therefore, this normal Run A DLL will not be shown in the running window. In this case, even if one running copy of Run A DLL as an app is a virus indication. But it might not be so easy for the general 'puter users to rectify the differences.
As for PTSnoop keeps coming back after deletion. The only best PERMANENT & SURE way I could find is to reformat the harddrive. Since the main PTSnoop file and it's propagating apparatus are 99% hiding in the unused section of the harddrive--The bad section. What happens is, harddrives makers do not like for you to use the drive for a short while and see that the drives lose capacities. But from time to time, some sections of a drive will go bad so that you can normally see the lost of space. In the last few years, harddrives makers came up with a new way, if they sell you a drive that is saying 40Gig, actually they could build that drive with 40.05Gig. Of course this more than the actual space listed, so that, if any normal portion goes bad, the drive will automatically set that bad portion into this reserved section. But this entire reserved spare section to accommodate the bad tracks are never shown to users at any time. Only if you know how to dissect the drives, you can find these excess portion. So, PTSnoop and quite a few other viruses take advantage of this unseen portion to store files and other apparatus to work on the good sections of the drives and the memory section etc.
Harry Is finished for the day :-)
Ciao !
