I am so confused! I have noticed that PTsnoop is listed in my open programs. SOme information I read says that it is a backdoor virus and then some says that it is supposed to be there. I ran a norton virus program and a Trojan Horse program and neither one picked it up as a virus. I have a Compac Presario and use Windows 98. Should I delete this program? Help! Thanks!

I am afraid that ....yes..PTSNOOP is a backdoor. Info: http://www.europe.f-secure.com/v-descs/ptsnoop.shtml

But perhaps it NOT a backdoor too...

Other articles: http://www.computing.net/windowsme/wwwboard/forum/18951.html
http://www.computing.net/windows95/wwwboard/forum/100615.html

*BEWARE* PTSnoop.exe is also the name of a background program that comes with PCtel Modems. If you have a modem with a PCtel chipset it is likely that PTsnoop.exe is working in the backround for the modem. I believe it is something to do with the type of modem that uses DSP (digital signal processing) where some of the modem tasks are carried out by the CPU. This makes for cheaper modems. Unfortunately there is a backdoor program that uses this name too. If you have a PCtel modem I would dig out the drivers for it before deleting PTsnoop just in case.

See!!!! I told you it was confusing!! lol I did contact Compaq, they sent me the same article I kept finding which said, yes delete it, but then no, dont coz you might need it!!! So I went ahead and deleted it and so far I have had no problems! I'll let you know if I do. Thanks!!! You guys are great!

PT Snoop is associated with PCTel modems. http://www.3feetunder.com/krick/startlist.htm
This should help a little, it's at the bottom of the page.

Best thing you can do if you don't know is just to rename that file and if you later realise that you need that file... then just rename it back as it was.

I just got this virus & other things are now popping up! Internet answering machine says I need to change from 16 bit color to 256.When I try to apply,it won't stay.Also my icons went to large,can't change them either.E-Machine tech support says I have to reformat windows & lose everything.Also Monsetup,Navw32,& Rundll32 pop up occasionally.Some responses on this page say to delete,but won't this take out some necessary files?Ptsnoop website says its hiding in winifi.exe file.My norton anti-visus doesn't pick it up!Somebody Help! wturkey101beyonduplication@yahoo.com

I went to www.google.com. I punched in PTsnoop, found this site, then punched in PCtel. Here is the link to their FAQ page.

http://www.pctel.com/consumer_faq.htm#19

I am leaving mine installed.

a better solution for Win9x/ME users is to prohit the prohibit the program from loading at startup.

Use MSCONFIG (Win98.ME)

Click Start
Click Run
Type msconfig in the Open box.
Click OK
Choose the STARTUP tab
Uncheck PTSNOOP (normally near rthe bottom, with a prefix of load=
Click Apply
Click OK
Restart the PC

If u find u do need the program than you can reverse the process.

ttfn

R

I am really confused here - since I am not a techno person - I would like to know - just how I would "know" that I "need" to have this PTSnoop.exe that I just 'unchecked'? Could either ZoneAlarm or PopPeeper be using it? These two programs are most useful and I do not want to disable any of their valuable functions. How would I know if I have by unchecking the PTSnoop?
By the way - I have a cable modem too - would this be using it?

Also have a Compaq Presario (7478) but the el cheapo modem is bad (going to get a USR end of week) and I want to prevent PtSnoop from loading. Did what Richard says but it keeps coming back. Went into Regedit and deleted it there too but PtSnoop still keeps coming back. Any other ideas? - send to my email as I don't know if I can find this page again. Thanks and Happy Mothers Day to the mothers out there.

Same prob here... please post feedback or send email.

I too have a Compaq Presario. I have a new netgear 10/100 ethernet card for my dsl. While surfing the other day I came accross what looked to be a pretty cool internet share program called BearShare. Do not download this app. I know I got the spyware ptsnoop from the BearShare site. I have tried everything I know to get rid of the thing. It is starting to look like my only option is to reformat my hard drive. Any suggestions?

My modem properties window says I have "HSP56MR". Is that in any way related to PCtel? Or can I delete PTsnoop confidently? Otherwise how do I know if I have PCtel?

Your HSP56MR is the same modem I have... now, I don't use my modem, I use an ethernet card, but I did delete the PTSnoop program, and I've had no problems... but I'm not sure if it had any effect on my modem.

Hi. Regarding the HSP56 Modem - if you check in drivers, it indicates that this is a PCTel modem. Although I'm still confused what to do for our computer, whether to delete PTSnoop or not.

Hi,

I did a search and found the PTSnoop location on my computer, went to it and right clicked on it and then clicked "Properties"--then "Version....clicking through the choices revealed it is a PCtel file. I do have the PCtel HSP56 Modem, so this is a keeper. This modem is a software modem, not hardware and this PTSnoop may be something extra it needs to function optimally.

Thanks everyone for you input; it has helped!

I'm having a PTSNOOP problem as well. I'm using a Compaq 7478. We've been having a lot of "low system resources" problems lately and I noticed that when you hit "control+alt+delete" there were about 15 programs that were opening on startup. I did some research and found out how to get rid of these and have been successful with everything except for PTSNOOP. We have a cable modem through mediacom (RCA) and I'm sure there's a dialup modem in there, but we don't use it, so should I get rid of the ptsnoop stuff? HELP!

I just stumbled onto this thread while looking for information. Thanks for the advice that I've found here! I did as Blan8370 suggested and renamed the file, which is located in the c:\windows directory. Restarted and so far, no problems without the file running. I do have a HSP56 MR type modem, which is running comm.drv driver, so I thought this procedure would be pretty safe. Running on Win98 SE. Just wanted to post my results, in case anyone wanted to see how it worked.

I deleted the ptsnoop, ran Norton Virus but learned that it infected Corel WordPerfect7 only. Nothing else. Removed WP7 deleted ptsnoop ran Norton reinstalled WP7 and still cannot use it. What's wrong? Anyone know?

I was having severe problems like freezing and shutdown and start up , downloading programs, although freeze-ups happen during WPCorel, the problem is not limited to that program. It happens more frequently during start up than any other time. My updated Macafee did not catch PTsnoop, so I downloaded AVG anti-virus and ran a test twice. Both times when it got to a certain point a blue screen appeared to tell me of a fatal error occurance and I was forced to reboot. Any Ideas ?

Virii Name: PTSnoop.exe
Alias Names: ptsnoop.exe Ptsnoop.exe.. etc.
Modifies file: Win.ini
Modifies variable: LOAD=
Renames files: Win.ini-->Win.ana -->Win.ini
Connects to sites: http://setway.cjb.net
Connects to sites: http://setway1.cjb.net
Connects to sites: http://setone.cjb.net
Partition table: altered at least one
Mark as bad: various sectors
Slows down: bootup speed
found with modems: pclite software
found on cdrom: installs with winmodems

virii name: ptsnoop.exe
found on partition table: mark off as bad
hiding on hard drive: bad partitions
storing information: in bad partitions
BEST ACTION USER: CLEAN BOOT AND REPARTITON
MANDATORY ACTION: REFORMAT RETRIEVE PARTITIONS

Hi, I'm having the same issues as Troy and Jeff...I'm not sure what to do since my McAfee IS picking up on it however, it is not able to get rid of it.-positive it is a virus for it was not there orginally-I also have BearShare, which is possibly where I got it from according to George. Any help would be greatly appreciated. Thanks. Happy Memorial Day weekend!

i also picked this problem up on bearshare. has changed all my mp3 files to vbscript files and takes me to some sky internet site on startup. have taken ptsnoop of startup but keeps coming back. also deleted some net.net.exe files but still keeps logging on to this "sky" site. this sucks bad!

My computer keep dialing out , on its own
Will not allow access to G DRIVE area.
Scandisk says FAT corrupted.
CHKDSK says G NOT ACCESSABLE
DIR say 1899644 bytes bad.
BUT DRIVE is new.
REFORMATTED DRIVE, every thing ok.
found PTSNOOP.EXE file in win.in
as LOAD=PTSNOOP.EXE.
FILE LOCATED in windows\system\ptnoop.exe
also found this file windows\ptsnoop.exe

PTsnoop on my system - PCChips board with HSP56 modem, in windows\system ptsnoop shown with telephone icon and next to it a ptuninst - right click on this and shows it is pctel related file, no obvious corruption of win.ini file - suspect it is for modem but will monitor.

Well, In my search to speed up booting my computer I removed several programs from msconfig-startup list, and I also found this little program called ptsnoop.exe. I looked at his properties but it didn't say anything about driver or something. I'm running win98se and I have a cable modem. I read on the internet this was a hackers backdoor, so I removed it from the startup list. Automatically, win.ini sets load=ptsnoop.exe to noload=ptsnoop.exe. I restarted my pc and I can internet, chat, e-mail no probs. So I think: if you look at the file properties and it says nothing, just remove the entry in the startup list and see what it gives. If your pc is crashing, restart it and insert the entry again (load=ptsnoop.exe).

I had PTsnoop on my spare experimental 'puter, been playing with my dear hacker(s) for a while letting them getting some made up (But looked very real)info in exchange, getting a chance to be playing some hide-and-seeks (Funs funs funs ! !)with them. Did not cut them off in one blot. This must have been their most interesting 'puter they came acorss behaving like that ! But the most important thing is, getting to learning about their works and some tactics. In short plain fact, I was a spy myself bating the heck out of them ! ! Only spying on hackers, not on good people, hey folks ! But I finally took that crab off the msconfig Start list, also configured firewall to block their probes and datagrams. My one job finally accomplished, and accomplished well ~! No incoming actions anymore, no "Unexplainable" sudden crashing anymore, no hardrive working hard by itself for a while without hackground schedule work. 'Puter's been in a dull (:- -:)peaceful mode for a day or so. But one could see that hacker(s) keep trying to break though. On the Firewall alert windows, I could see the poor old son of a ..... keep trying day and night. Now he (Or "She") or they become panicking, not trying through only one port anymore as before. But trying down the line of ports' numbers one port at a time ! ! ! This(ese) guy(s) of girl(s) really must be wanting my backside badly ! ! ! I see that they still have some fifty thousands of numbers of ports to try ! ! Poor souls, I feel sorry for them because :-), when would they accomplish the job at this rate, manually trying some 65k+ of ports one at a time ? Next life perhaps they'll finish ? ? ! ! Hee hee !

I would like to offer one important advice here, that is, hackers include usually many people of types who get nothing to exactly do all day, they would posess such a long breath surely in monitoring these virus trojan forums and getting the feedbacks from compromised 'puters users. So folks, be careful, you could be aiding them by making the degrees of serevity of your puter's damages public ! ! They would then change or sharpen their tactics accordingly and drive home sharper at ya. All of these would benefit them to their evilish desires and actions.

Ciao !
Harry highlife.

Sorry, my typos :
"Baiting"
"Possess"
Ciao again !
Harry Highlife.

PTSNOOP.EXE can be a virus called BACKDOOR.PTSNOOP

It re-writes the win.ini file then renames itself 'ptsnoop.exe'

At the same token, the HSP56 modem installation software also uses a file labelled: PTSNOOP.EXE

If you want to use the HSP modems you may try removing the 'ptsnoop.exe' file and see if the modem continues to function, if not, re-install it and leave the ptsnoop file alone.

I've removed it and the system is working great.

In fact, I had HSP modem. When I first had the Snoop syndrom, I was not able to use the modem. The computer would not see the driver file, but you see the file there. When you tried to use the modem, computer kept saying there were no modem :-)

Ciao !
H. Highlife.

I removed ptsnoop from start up option but it comes back on its own, I also have 2 rundll32's running at start up and they won't shut off???

PTSnoop beflongs to your modem, if you uncheck it to start in start up files and then you go on the internet it will start it right back up, it just won't load at start up, the only way for you modem and your connection to work with Compaq or this modem is to keep it or get rid of that modem, its a terrable modem anyway it sqeeches for ever before connection, take it out and get a new one or put up with ptsnoop, that is your only (2) options...... The reason it was not picked up as a virus is because its not I had this modem for 2 days and got rid of it with a v92 Hayes modem...

Remove the HSP modem driver file from 'puter, if PTSnoop relists itself on starup list, then this is definately the virus PTsnoop and not the modem PT.

The HSP was not so bad to me on connection handshake audio. I would consider it normal with the one I get. But the one I have is a slow modem, so I don't use it.

As for multiple DLL32 listing, if you do Control/Alter/Delete and see two copies or 6 or 10 copies of DLL32, including "Run A DLL as an app", or "Run a DLL32 as an app" then you have virus in your 'puter.

Ciao !
H. Highlife.

hey every 1 i have the ptsnoop problem i deleted the file but....it wasnt in the win.ini file but its in my registry and when i delete it, it keeps coming back! this is all happening on my other cpu the mouse had dissapeared but i reinstalled the driver and it came back my diplay settings wont change the virus changed it to 640*800 and 16 color! and my norton antivirus isnt working!!

Greetings,
Upon visiting this site I was able to locate some information regarding an unrelated problem I encountered when I came across this article.

I provide tech support to some large companies and thought I'd provide some info in return for some info I received. Sounds fair..Anyway PTSNOOP is a in fact an actually file required used with PCtel devices. Most common is the internal modem. In brief it searches for available COM ports. Unfortunately the file does share a name with a not so nice file which allows access to your computer via open ports. Your best bet is too do a search for the file on your computer (PTSNOOP). Right click on the file, select properties, click on the Verion tab. If you see PCtel next to the company name you should be OK. If you want to stop the program altogether you will need to remove it from the win.ini file and registry. Check microsoft's site for instructions.

As a side note Harry Highlife indicated if you hit CTRL+ALT+DELETE and find Rundll or Rundll32 file you have a virus. Not so, these are 16 and 32 bit windows command line utility programs used to run functions exported from a DLL. The files have many uses including C+ programming and installation uses. If you find one running you do not necessarily have a virus.

L8R