SillyDog701

[ohgal]

While looking thru my msconfig - start up files I saw something called ptsnoop.exe. Can someone tell me what exactly this is, what it does and do I need it?

I'm using Windows 98 SE.

Thanks for your help.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

[Mr. Tinkles]

Well, good or bad news, depending on your situation I guess. It COULD be a backdoor trojan, or it might be a legitimate file from a modem installation.

The following two quotes explain briefly the good news (ie, the legitimate file from a modem installation). The first quote is from F-Secure, the second from Symantec AntiVirus Research Center:

It should be noted that software packages for certain modems contain PTSNOOP.EXE files, but these are not trojans. If you are not sure if that file is a trojan or not, use F-Secure Anti-Virus to check it out.

PTSNOOP is a token program that waits for a program to request the COM port to be opened. Then it makes sure that the modem drivers get loaded if they are not.

PTSNOOP can be found with several different modems, such as the MICOM HSP PCTEL and EPS Technology COMM WAVE PCMCIA modems. It is not mandatory for proper operation, and the manufacturers list removal of PTSNOOP in various steps of their troubleshooting procedures.

Now for a couple of links regarding the bad news:
http://www.f-secure.com/v-descs/ptsnoop.shtml
http://securityresponse.symantec.com/av ... 33801.html

The Symantec link isn't very informative, but has a link on its page for a free online PC security scan, so I included it.

In short, if it isn't coming from a modem installation, I'd say you are infected with the backdoor type ptsnoop.exe file and should really get your system scanned/cleaned immediately, then kick your dog.