ptsnoop

[duveyduv]

how can i obtain an updated version of ptsnoop. my computer said it is outdated

[Spiny]

Are you sure you want it?
Some people say it's a trojan, some says it's legitimate and is part of a modem's driver.

The best thing to do is to check for viruses.

[AnnMarie]

Hi duveyduv - Welcome to the VirtualDr Forum. I really dont think you want one - see link ptsnoop. Follow the instructions and delete all relevant files.

[Spiny]

Educated guess:
There is a legitimate ptsnoop and a trojan with the same name.

PCTel modems install the legitimate one, but it can be removed without wrecking anything.

The point is:
KILL IT!

It won't hurt and it might help.

[AnnMarie]

hmmm. Spiny, you are right. It looks like the Anti Virus folk cannot work this one out. From Symantec:
"PTSNOOP is a token program that waits for a program to request the COM port to be opened. Then it makes sure that the modem drivers get loaded if they are not.

PTSNOOP can be found with several different modems, such as the MICOM HSP PCTEL and EPS Technology COMM WAVE PCMCIA modems. It is not mandatory for proper operation, and the manufacturers list removal of PTSNOOP in various steps of their troubleshooting procedures."




[This message has been edited by AnnMarie (edited 11-30-2001).]

[Spiny]

On the other hand, Sophos says:

{Troj/Ptsnoop

Infects: Trojan horse
Memory resident: Yes

This is a backdoor Trojan. It copies itself to \windows\system\ptsnoop.exe and changes win.ini adding "c:\windows\system\ptsnoop.exe" to "load = ".

First reported in March 2001.}

I still think you should kill it, just to be sure.

[This message has been edited by Spiny (edited 11-30-2001).]

[nlday]

is it good enough to remove ptsnoop fron sys config utility-startup tab, and uncheck it? or is there a registry hack needed... i'll 'go in' and do it with a little trepidation and some good directions, or visa/versa.
and is it ok to do in win 98se also?

[This message has been edited by nlday (edited 12-01-2001).]

[AnnMarie]

Hi nlday - I found the following instructions on the Driver Forum:

"To Remove ptsnoop (very quick & easy)
1)Click on START,then RUN
2)Type in sysedit,then click OK
3)Click on Win.ini tab/page
4)Look for(it's often listed very first)
load=ptsnoop.exe
run=C:\WINDOWS\SYSTEM\cmmpu.exe
NullPort=None
5)Delete all that,so it shows only the following;
load=
run=
NullPort=None
(simply click and drag over what needs removing,that will "Blue" it/Select it,,then click Backspace)
6)At top of the SysEdit page,click on File & Save.
Restart your 'puter,either now or later,and upon restart ptsnoop will be permanently gone."

Also check the Windows Registry by selecting Start,Run, typing RegEdit, and pressing Enter. NB Always backup your Registry before making any changes.

Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you see a reference to Ptsnoop in the right window, simply highlight that reference and press Delete.Close the Registry. Restart Windows and you're finished.


If you are not confident in doing this, removing it from your startup routine should be sufficient to disable it.



[This message has been edited by AnnMarie (edited 12-02-2001).]

[nlday]

thanks annmarie and happy monday to ya! i unchecked both ptsnoops on the startup tab, but after reboot, one of them comes back. so i'll follow your directions after i back up the registry.{i've got those directions around here somewhere}...or will it be disabled if only one is unchecked? (i have the hsp pc-tel modem.)
just one more question? is this registry hack the same on win 98se? i'll be doing it on that 'puter also.

[This message has been edited by nlday (edited 12-02-2001).]

[AnnMarie]

Hmmm. Dont know why you have two ptsnoops nlday. Maybe it would be better if you ran a Trojan Scanner first before you do anything else. You can download a good free one - Ants v2 English Version from here Wilders. The some of the dialogue is still in German but you can download the translations from here Ants English Translation

[nlday]

ok heading over there. i've had norton internet security 2001 since feb. not having trouble. but let's take a look.

[nlday]

annmarie-i find trojan hunter v 2.0 nothing that says 'ants' so is trojan hunter the correct one?

[AnnMarie]

Nope - had problems installing that one - it kept reporting a missing file - Ants is on the link below. Most AV's are not that good at picking up trojans nlday, its a good idea to run a dedicated trojan detection program as well as your AV. http://www.wilders.org/downloads.htm

[nlday]

i found it and dl'd it. ran the scan of c: and then rescanned windows folder...no trojans found. so could it be--the 2 pt snoops-- is from an aborted DL of hsptel modem driver from windows update site. it told me it was available,tried twice but got a tan error box. this was actually on the win 98 puter.... discussion with triple 7...decided to leave well enough alone since modem is working well. then one more? the directions for removing ptsnoop will work on win98se as well? ps this trojan program is very nice-classy!

[AnnMarie]

Hi again nlday - sorry, had to dash off to work and didnt see your last post. If you decide to remove PTSNOOP, I have posted this link which gives you full information on editing your registry Win98/ME Editing The Windows Registry. I guess I have a reservation in view of the conflicting reports on PTSNOOP. Like Triple 7's, I think if its working well, its best to leave it alone. Yes Ants is a great program, I'm pleased that you like it however neither Nav or Ants detected PTSNOOP as a trojan, so it may have been misdiagnosed.