This is directed to a person who made a false statement concerning the "Ptsnoop.exe file on Jan 16 2001. I would like all of you to know the truth of the matter. Ptsnoop is a simple backdoor program written in Visual Basic. Being activated it first looks for active RAS connections and exits immediately if none is found. If a connection is present, the backdoor installs itself to system by copying itself as PTSNOOP.exe file to \Windows\System\ directory and modifying WIN.INI file. The backdoor adds its execution string after LOAD= variable in [Windows] section of WIN.INI file. Diring this operation WIN.INI file gets copied to WIN.ANA file, the backdoor's execution st ring is then added and WIN.INI file is deleted. Then WIN.ANA file is renamed to WIN.INI file. This way the backdoor will become active every time Windows starts. Being active the backdoor tries to connect to the following websites: http://setway.cjb.net http://setway1.cjb.net http://setone.cjb.net When the connection succeeds, the backdoor clips cursor to a certain area and allows a hacker or script on these websites to control mouse movement and window positions. It is not clear why this is done and it is impossible to check any more because the contents of the above mentioned websites were changed or removed P.S. I should know what I am talking about. I have been a plumber for 10 years LMFAO!! Best of luck guys

It's normal to give credit to the sites that contain this information. http://www.f-secure.com/v-descs/ptsnoop.shtml You also left out the important part ..... "It should be noted that software packages for certain modems contain PTSNOOP.exe files, but these are not trojans. If you are not sure if that file is a trojan or not, use F-Secure Anti-Virus to check it out. "

There is a legitimate ptsnoop.exe binary executable that is installed with some modems. On my ECS motherboard with an HSP56 Micromodem, ptsnoop is part of the driver installation. Before you delete this file make sure its not legitimate. From http://www.computeruser.com/articles/1908,5,21,1,0801,00.html "There seems to be a lot of confusion about this famous ptsnoop.exe file. The ptsnoop.exe file is installed with certain modems. The file watches the COM ports for activity and allocates system resources to open the port. It is a Terminate and Stay Resident (TSR) program that uses roughly 1 MB of resources to run. The problem here is that Norton Antivirus misdiagnoses this file to have a Trojan virus in it. This has caused many people to become frightened of this file, as if it were the Black Plague itself. It isn't a virus. The file is safe, and if you deleted it, you can reinstall the drivers that came with your modem to restore it." Jimbo

ptsnoop.exe is running on my system!!!! Oh yeah i remember i yanked this modem and its driver from a compaq pc. Trojans can be named whatever the author or hex editor (thief) wishes to name them. Get an antivirus program keep the defs up to date and forget about the internet hysteria.

Ptsnoop has been on my computer for a long time, but I now have a cable modem and I have removed the dial up modem. Could it still be needed?

This program runs in the background for every computer using an HSP56 micromodem. I know two people, other than me, that have this program running in the background. They all have the HSP56 micromodem. I'm not sure exactly what this program does, but I know the only way to stop it from running every time you start windows and hogging up precious resources is to go into the windows directory and delete it. I know that's what I'm doing, as I see no need for this thing to be running on my computer

PTSNOOP.EXE is running on my machine every time I start windows. It is my office computer, we don't have any IT support, and I don't know if it's supposed to be there. I have an Encore ENF656 modem. Can anyone tell me, based on this information, if this is a legitimate file or a virus? I scanned it today with the latest NAV definitions installed and it said it wasn't infected. Thanks in advance for the help!!