One of the people in my office got an email with the dwarf4you.exe attachment (W95.Hybris.worm virus). Go here for more info... http://www.pandasoftware.com/library/gusano/W32Hybris_EN_2.htm

Anyhow, I was checking the computer's registry and noticed a program named ptsnoop.exe set to run on startup. I know that this was used for modems at one time. I have also read that this may be a virus?! Can anybody enlighten me?

Thanks

I don't think it's a virus. My computer is running that file as I type this. I think it has something to do with the internal modem sound because when I run msconfig and disable this entry, I get no sound when I dial my internet connection.!

Yeah its something your modem is running. I used to have a modem that used ptsnoop. I dont know exactly what it does, but it shouldn't be hurting anything, except it seems to take alot of resources to run it. If you run a search on google I'm almost positive you can find more info on it.

HhH8785

I couldn't get ptsnoop from loading at startup either with a PCtel modem. Unchecking it from msconfig didn't work, and deleting it from HKey_local_machine.... Run & Run- didn't work either because it just keep rebuilding these entries at startup. Deleting ptsnoop.exe from the hard drive did the the trick though.

Hey, not head, do you happen to have a Compaq or HP? That's a file I've noticed floating around on those. Mostly compaqs i think. Just a pointless .exe file as far as i can tell. Then again, most of the programs that load at startup with those retail comps are pointless.

I can concur with that, it does seems to run on Compaqs. and aren't PCTel modems based on the Motorola chipset? I remember running into it on a customer's computer and was almost certain it was sometype of trojan because of the suspicious name, but my fears were once again chased away by the wonderful Sysopt forum and all it's helpful and knowledgeable members. and no,,im not on drugs http://www.sysopt.com/forum/smile.gif


d0s7

[This message has been edited by dos7 (edited 07-19-2001).]

For what it's worth, the modem driver that installed the ptsnoop.exe file identifies itself in device manager as "HSP56 MicroModem", and it installed entries for Ptsnoop/ptsnoop.exe, CountrySelection/pctptt.exe, and EnsoniqMixer/starter.exe in msconfig. I have yet to figure out how to keep these three entries from reloading into the registry after I delete them.

Here is a quote from Symantec (http://service1.symantec.com/SUPPORT/qdeckkb.nsf/pfdocs/1998120111641926) about ptsnoop.exe. NOTE:
PTSNOOP is a token program that waits for a program to request the COM port to be opened. Then it makes sure that the modem drivers get loaded if they are not.

PTSNOOP can be found with several different modems, such as the MICOM HSP PCTEL and EPS Technology COMM WAVE PCMCIA modems. It is not mandatory for proper operation, and the manufacturers list removal of PTSNOOP in various steps of their troubleshooting procedures.

Or here is a forum (http://www.computing.net/windows95/wwwboard/forum/13515.html) at computing.net that talks about this. I don't think the second response is correct but the rest of them seem to know more about what they are saying. I didn't read it all but the first few replies talk about what it is and what it does. Hope this helps.

Thanks all. The computer (not a Compaq, HP, or other major brand) in question is one with integrated video and sound, along with a riser slot for the modem. I checked a couple of other computers in the office and ptsnoop.exe was NOT in the startup area, and these computers also had modems. I guess it is just the type of modem in this computer.

Again, thanks.

i know this is an old post, but i just came across this today. i have been wondering what ptsnoop was and why i couldn't keep it from loading on startup.
i tried to delete ptsnoop.exe and i couldn't.
it just says something about "can't delete windows is using it".
how can i go about deleting this from starting up?
i went to msconfig win.ini and under windows i unchecked load=1. and it still shows up in startup with a check mark in the box.


robin

Uncheck it in msconfig, then check to see it is loaded in the file "system.ini". If so, then comment out the line by inserting a semi-colon infront of the load command. Some older PC-TEL HSP drivers would load ptsnoop from here, and only a manual edit would remove the application. Any rate, the drivers will work perfectly fine without ptsnoop running, assuming Windows properly identifies and loads the drivers during the modem install process.

Robert Richmond

Robin -

Try ctrl-alt-del and see if ptsnoop is currently running. If it is, highlight it and End Task.

Search for ptsnoop on your c drive and then delete it. Reboot and try another ctrl-alt-del and see if its gone.

Good Luck!

ME

Robin, any file (or folder) can be deleted from a pure DOS prompt, before Windows loads.

On boot, you get to a DOS prompt (win98 = holding down the ctrl key on boot up) then, you have to access the folder where the file resides.

Like this (fictitious folder name for an example) 'Junk' on the C: drive.

C:\>CD\junk (hit enter)

now you will see..

C:\junk> (this means you are now in the folder called junk.)

Say the file name is junk.exe..

C:\junk>DEL junk.exe (hit enter)

This action will delete the file, junk.exe from this folder.

Sometimes tho, if a file has some atributes assigned to it, those attibutes have to be removed first...so, back to the junk folder..

C:\junk>ATTRIB -R -A -S -H (hit enter)

Now, the atributes should have been removed from the files within junk folder...retry the delete process.

The above works for files and folders on the C: drive...if they are on another drive or partition, then change to that drive or partition at the dos prompt first.