Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Application constantly running on system.
Unable to determine function of file nor manufacturer. Can anyone tell me if this file is a pipeline into my system.
I found this, er I mean I did some investigating:
http://www.driver-forum.com/modem/1360.html
"ptsnoop.exe is a trojan that is transferred by openning an up an email. ptsnoop is hidden and will automatically
execute in hidden mode. it allows the users of ptsnoop to have real time internet access to your computer and
control it too while you are dialed into your ISP (internet service providor). these types of programs are called
"worms". it hides itself on your hard drive after executing and has the ability to transfer elsewhere once aboard. to
remove it you must find a trustworthy program that will sweep it from (clear it off of) your system. in network
environmentsptsnoop may take weeks to clear off. also when clearing it off it is advisable to NOT be hooked to
your ISP when doing so. in network environments the whole system should be sweeped at once or the sweep will
have little effect. i suggest sweeping single computers once a week to check for any such device. the troublesigns
of ptsnoop that stick out the most is that your system is bogged down (functions very slowly), programs are
coming up with unusual errors, and when shutting down the pc after being hooked up to your ISP occaisionally
there is the message "ptsnoop has performed an illegal function and will be shutdown" or something similar."
0 
If ptsnoop is running on windows 95 will it show up in the task list? Ctrl-alt -del If you do a search ror ptsnoop.exe can you find it? Enable show all files in windows explorer.
0
Pc (PT) Snoop is a driver for a PcTel modem. It is a Terrible resource hog. Please replace your modem. A $19.00 U.S. Cirrus Logic Chipset (CLM) V.90 modem will do the trick nicely.
0
pt snoop, is a file that is bundled with the pctel chipset modems. it prompts the drivers to be loaded once ur isp program requests the port to be opened. u DO NOT need this program to be on ur pc. it is a terrible resourse hog, but not a reason to buy another modem. the pctel chipset is reliable. simply search for the ptsnoop.exe file and delete it. then make adjustments to the system.ini file and the registry so the file is not loaded upon reboot. your isp application (i.e aol etc.) will summons the drivers to be loaded once the port is opened essentially performing the same task as once performed by the ptsnoop program.
0
Interesting thought. But for the common user who knows not how to do all of the above, it is scary. The file is detected in Norton 2000 as a Trojan Horse Virus. Norton can not delete it because of the service running. And you can not delete it in DOS because you get the infamous access denied.
Take the computer to whom you purchased it from and have them remove the file so that you as the unknowing what the heck this will do to my computer can have some peace of mind.
0
i've never been so confused...lol
i just deleted my ptsnoop file becasue it was infected with the pwsteal... and now im looking to replace it. Now I don't know what to do!
:)
0
This morning I did an live update in Norton. When finished, I rebooted and it detected a virus called ptsnoop.exe. I was able to delete it. My question is how do I get my computer not to look for it when I reboot. I have WIN 98.
0
For Angela.
To keep Windows98 from looking for Ptsnoop at startup, click the start button, go to run, run "msconfig", goto the wni.ini tab, click the plus "+" sign next the windows folder, one of the check boxes will say " load=Ptsnoop" uncheck that box and if that does not do it erase the word Ptsnoop so it says "load=" .
0
when i run my updated version of norton antivirus on the ptsnoop file, it say there was no virsu detected. does that mean this file is NOT a virus, and if so is it a necessary file, or can i delete it off my system?
0
If PTsnoop is not needed and it is not a trojan, why is it put on the computers in the first place and why is called 'snoop'.I deleted it and thanks for the imfo on the reboot prolem
0
Well, if you have ztree you can just use the F= pt*.* and then do a G=global and if it is there it will show up. Ztree is really great for all of us old xtree users. Couldn't live without it. Ztree is great for getting a handle on the WIN98SE product.
B-U-T
Try and do any system (critical) deletes with ADD/REMOVE feature in WIN98SE.You can remove the call to PTSNOOP.exe from win.ini with any editor per Message 8 above.
I don't know where mine came from and i don't know where it went. It must have gotten wacked on a ADD/REMOVE operation or something, but all of a sudden my system started hollering for the program.
0
well, I thought I was the only one to have that pwsteal and ptsnoop.exe problem. my problem occurred when I updated norton. Norton detected it as a trojan horse , but could not delete it !..so much for antivirus software!!!
I edited the win ini file and added a ; that stopped the problem of missing file ptsnoop coming up, now I have a problem where Msimm performs and illegal operation when I try to check email....any suggestions?
0
Thanks for the help folks. I had that nasty little trojan Ptsnoop.exe also. I deleted it and tried to locate it in win.ini but it did not exist. So I rebooted and ran Norton again. No problemo anymo.
0
Yeah, I got that stupid thing too. I'm pretty sure I contracted it from Juno, though. I just moved and decided to try their free internet service. After installing Juno 4.0, PTSNOOP.exe showed up in the list of programs shown when you hit alt-ctrl-delete. It also caused an interesting side effect for me-an Internet Explorer window would pop up every minute or so trying to access some Juno page that it could never actually connect to. I know it wasn't javascript from any open windows because I never use the IE browser, only netscape and Opera and script would have used the same browser. Let me know if you have had the same experience with a Juno CD.
-chris
0
I had it too. I found it when I did a ctrl-alt-delete and the "snoop" part kinda scared me. I don't remember what I downloaded to get it. What I did was move it so it didn't start up on boot. I get the "can't find..." error, but nothing seems to be affected. I still haven't taken it out of win.ini yet though.
0
I'm pretty sure I contracted it from Juno me too.
1.-End task ptsnoop.exe
2.-I deleted ptsnoop.exe and ptsnoop.lgc
3.-Nothing found into registries.
4.-Removed one line in win.ini
5.-Nothing found in system.ini
6.-Ran msconfig , could not find anything in there...
0
I'm pretty sure I contracted it from Juno me too.
1.-End task ptsnoop.exe
2.-I deleted ptsnoop.exe and ptsnoop.lgc
3.-Nothing found into registries.
4.-Removed one line in win.ini
5.-Nothing found in system.ini
6.-Ran msconfig , could not find anything in there...
0
Me again...
Sorry about the "2 same messages"...
Just wanna let u guys know that everything worked out OK.
No error messages at bootup and my Connexant Sotf56k modem still works perfectly.
Also, my System Ressources Performance came back normal at 92% after this.
0
I had this prog on my comp when it came straight from the box, and me and a friend have been puzzling it out.
I am taking it out now, and hoping it wont bother me, thanks all..
0
Ok, I am more confused than I was before. I don't have nortin I have mcaffee, and it doesnt show up as a virus or trojan with Mcaffee. Is it a virus or is it a program that is suposed to be there. And if you don't know please don't guess.
Thank you
0
Response #3 is correct. Some versions of Norton will incorrectly detect it as a trojan.
Perhaps the easiest way to kill this problem if you have it on your system, is to find WIN.INI through the find, files and folders utility, open it in notepad, save a backup, then do what Gary says in step 8 (remove its path after the load= line. Save it.
0
This quote is from the Symantec site.
"PTSNOOP is a token program that waits for a program to request the COM port
to be opened. Then it makes sure that the modem drivers get loaded if they
are not."PTSNOOP can be found with several different modems, such as the MICOM HSP
PCTEL and EPS Technology COMM WAVE PCMCIA modems. It is not mandatory for
proper operation, and the manufacturers list removal of PTSNOOP in various
steps of their troubleshooting procedures."
--
Jeff Richards
1999 MVP (DTS)
0
I somehow got ptsnoop.exe. Have McAfee and their tech support sent me instructions on removing it, then updating McAfee first aid. But the virus has done considerable damage to my computer.
0
I got the file ptsnoop from an email i received, or from a freeware program i downloaded, not sure.
It was driving me crazy and made a popup advertisement come up every 2 minutes on screen.
I finally discovered it running and traced it down using sansofts sytem information software.
I had to exit to msdos to delete it. Once it was deleted the ads stopped.
I will have to remove it form my win.ini now and check the registry.
Terrible little program. Norton anti virus did not pick it up on my computer.
0
Norton did not pick this up on my computer, either. And it's not in their dictionary of viruses. I could not tell ... it didn't seem to hurt my computer. I just found it because I was teaching someone about MSConfig command and ... we browsed and there it was. Anyway... Is everyone sure this is a virus? Why do so many people say it is a modem driver?????
0
I found ptsnoop.exe accidentally while looking in the msconfig ! Still have no idea what it really is - is it a virus or is it a worm or is it an executable file which will snoop into my computer??? How the heck do you get rid of it without hurting the computer files? I see conflicting information here !!
0
For expert comment see
www.computercurrents.com/magazine/national/1708/wina41708.html (by Jim Aspinall)
0
This file is installed in my Win.ini file whenever I remove my modem software and then reinstall from the CD Rom for my modem. The modem is inbuilt into the motherboard wich is a P6SET-ML. Removing the line from win.ini seems to do no harm other than that it seems to stop the modem from generating sounds as it dials out.
0
I found ptsnoop in a client's computer today while setting up his network. Searching through the registry also lead me to finding a "Run" value for some call to notepad.exe with switches like -hide and -dnetc (I think) and check the task manager showed that notepad was running but wasn't visible on the taskbar (I assume that's the result of the -hide switch). So, I am assuming that this was some form of text file that catches passwords and sends them to some unknown email address. Anyone else notice this twist? I doubt there's any reason a modem driver would require a notepad session to be hidden.
0
It's a PCTel Modem file. It was part of my ORIGINAL Compaq driver set on my PC. If you go to the PCTel site (www.pctel.com), click Consumers, and download one of their drivers, you'll see that it's included in the ZIP file for their modem drivers.
Hope this helps.
0
PTSNOOP is the "virtual port snoop" file that monitors the port commonly called an "AMR port" or Audio Modem Riser. Yes, it is from PCTel and is associated with low-priced systems (Tiger Direct, for example).
The port snoop is used to monitor access to the virtual Modem (port). When you try to go online and Windows says "the port is already open" it is PTSNOOP that watches the port.
The Audio Modem Riser is a cheap modem that is actually JUST A PLACE TO PLUG A PHONE LINE. It is a "Win Modem," just a software application... like a word processor or database. The modem driver is a "modem emulator" and the CPU handles all the work. There is NO HARDWARE I.D. for these ports.
PTSNOOP is NOT a virus. If Norton detects it as a virus, Norton is wrong. It is not the first time that Norton has mis-identified a program and it won't be the last.
No need to fear PTSNOOP, it's not a hack. These modems are not performance giants, but, they are cheap (inexpensive) and a lot of OEMs use them these days.
Hope this info helps...
Mike Maguire
computer technician
0
Unfortunately folks, someone sent an email to my girlfriend containing info that shows ON MY SCREEN only. That means someone used something to gain access. I have removed the ptsnoop and will let you all know if that solves that problem. It may be an exploitable exe used by Conexant/AmQuest in their software.
0
I believe PTSNOOP.exe to be a variant of the PWSteal.Trojan virus. The PTsnoop.exe file was installed with a downloaded player, and installed itself on the "Load=" line of win.ini file, thus executing itself when Windows reboots.
After the first re-boot, I was prompted to select the country for my Modem (which was odd, since my modem had been set up for years). When I launched Internet Explorer or Netscape, I was prompted to download a Chinese Characterset File for some reason, and each browser tried to open up some ad site as it's home page. Every couple of minutes, in the top left corner of the screen, a little box that said "Ptsnoop" would blink on and then disappear for a few minutes.
I removed the executable and restored the win.ini file, i but I still get problems loading Netscape or WordPad.
0
i got that s--- and it sucks and i dont know where it came from but i dont like it and im paranoid people are watching me
0
I have a Compaq Presario 7470 computer, with a PCTel HSP56 MicroModem. ptsnoop.exe is one of the modem drivers(see Response 31). The following info is copied directly from my System Information:
Driver: ptsnoop.exe
File Size: 12208 (0x2FB0)
File Date: 10/25/1999 4:08 PM
Company Name: PCtel, Inc.
File Version: 1.00.00
0
I just downloaded a copy of Crescendo audio player. It told me it would include some software called webHancer which would monitor my system for... don't remember. They said I could delete it from add/remove programs later. I did that and got a msg saying that it removed all files "except those that are currently in use". I have had problems now for the rest of the day. I looked in task mgr and found ptsnoop for the first time. I'll follow previous advise and delete ptsnoop. Meanwhile, I'm getting back to that download website and find out more about this webHancer deal. Also: I'm not much of a techie, but is it possible to have a virus masquerading under the name of a legitimate modem driver?
0
I found the ptsnoop last night while trying to run scandisk and it said that I had some programs running, I ended the task and it quit. Is it possible just to do that each time when you boot up the computer and if it is a virus people can't use it to control your computer?
0
ptsnoop.exe showed up on my computer one day and we don't know how it got there. I'm using WindowsME and found the program running in the background by hitting CTL+ALT+DEL. I found the program in C:\Windows as an 11KB application. I deleted the application, but believe it is still running. I think it has something to do with people being able to hack into your computer, giving them access to download and upload from it. Unusual file I personally did not put there showed up and later were deleted. Was it from ptsnoop?????
0
I installed a PCtel modem, and when I inserted the driver disk for it I was alerted to a virus on the ptsnoop.exe file. I chose to not to copy it to my PC and the modem works OK without it. This page was handy though, cheers all
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
