PDA

View Full Version : Can You Identify These Startup Menu Items?



Dr. Goodspeed
02-14-2003, 06:37 AM
1) PT SNOOP ptsnoop.exe
2) Country Selection pctptt.exe
I go start>run>ms config>system configuration>startup tab and uncheck
them, hit apply, then OK, restart. Resources come back up to 90/92%.
But shortly, they reappear checked and I have to repeat the procedure.
My system runs Windows 98/Pent.166, so I need all (the resources) I can to
run K-Lite 2.02. Do I need these things or are they just BS? If I haven't given
enough system info give me a nudge...

imported_QuietSilence!
02-14-2003, 07:36 AM
PT SNOOP ptsnoop.exe is a virus
Please note that certain software packages for certain modems contain PTSNOOP.EXE files, but these are not trojans. If you are not sure if that file is a trojan or not, use F-Secure Anti-Virus to check it out.

Ptsnoop is a simple backdoor program written in Visual Basic. Being activated it first looks for active RAS connections and exits immediately if none is found.

If a connection is present, the backdoor installs itself to system by copying itself as PTSNOOP.EXE file to \Windows\System\ directory and modifying WIN.INI file. The backdoor adds its execution string after LOAD= variable in [Windows] section of WIN.INI file. Diring this operation WIN.INI file gets copied to WIN.ANA file, the backdoor's execution st ring is then added and WIN.INI file is deleted. Then WIN.ANA file is renamed to WIN.INI file. This way the backdoor will become active every time Windows starts.


Country Selection pctptt.exe is a Modem Optimizer Surf the Net at Blazing Speeds in seconds without the expense of additional hardware. Save on RAM. Buy direct from the manufacturer

by looking at both of these at the same time it looks like its ur modem driver but run a virus scan any way too be sure.
if it is ur modem driver then the problem is u got a realy cheep "Software modem" i would go and spend the money on a good "Hardware modem" what a software modem is is a modem that dosent do its own work and off loads its work to ur cpu to do the work for it and thats why it takes so much resources from ur comp a hardware modem dos all the work it self so as not to use up system resourses

StinkyFinger
02-14-2003, 07:41 AM
ptsnoop.exe might be a backdoor trojan or it might be for your PCTEL modem. Check this old, but lenghty thread -> http://www.computing.net/windows95/wwwboar...orum/13515.html (http://www.computing.net/windows95/wwwboard/forum/13515.html)

Quoting from anwersthatwork.com, pctptt.exe is Country Selection task for PCTEL Modems. This background program is installed with PCTEL modem drivers. It enables you to set the country in which you are using your PCTEL modem. As such, therefore, it is only needed once, when you first install your modem.

Recommendation :
A harmless background task which you can disable with Startup Manager once you have successfully configured your PCTEL modem. If, on the other hand, you used to have a PCTEL modem, but have since replaced it, use Startup Manager to delete the Pctptt.exe entry.

Google (http://www.google.com) can provide you with tons of info right away, instead of waiting for a reply on this forum!

Dr. Goodspeed
02-15-2003, 06:44 AM
I replaced my PC's original modem (28.8K) a month ago with a PCTEL HSP56.
Those two system suckers previously mentioned probably came riding in on
the (CD-ROM) software driver disc (Computer Associates/BIT WARE for Windows V3.30.21) I used to setup the modem. This kind of stuff happens
when you live on limited $ and limited knowledge. Thanks to Quiet Silence!
and StinkyFinger for smartening up a newbie.

I_DONT_SHARE_PORN
02-15-2003, 07:16 AM
pt snoop aint NO FREAKING VIRUS, it is microstft spyware GEEZ, you people and the fucking virus'...

MagicNakor
02-15-2003, 07:24 AM
There seems to be a lot of confusion about this famous ptsnoop.exe file. The ptsnoop.exe file is installed with certain modems. The file watches the COM ports for activity and allocates system resources to open the port.

It is a Terminate and Stay Resident (TSR) program that uses roughly 1 MB of resources to run. The problem here is that Norton Antivirus misdiagnoses this file to have a Trojan virus in it. This has caused many people to become frightened of this file, as if it were the Black Plague itself. It isn't a virus. The file is safe, and if you deleted it, you can reinstall the drivers that came with your modem to restore it.

Reference (http://www.computeruser.com/articles/1908,5,21,1,0801,00.html)

This background program is used by PC Tel modems. It is essential to the good functioning of those modems.

Recommendation :
If you used to have a PC Tel modem, but have since replaced it, use Startup Manager to delete the Ptsnoop.exe entry.

Reference2 (http://www.answersthatwork.com/Tasklist_pages/tasklist_p.htm)

Backdoor.Ptsnoop
Detected as:
Backdoor.Ptsnoop

Aliases:
None

Area of Infection:
.EXE Files


No additional information.


Reference3 (http://securityresponse.symantec.com/avcenter/venc/dyn/33801.html)

imported_QuietSilence!
02-17-2003, 10:36 AM
MagicNakor
there are two versions of PTsnoop.exe one is a trojan and the other is used for pctel modems to learn more go here http://www.f-secure.com/v-descs/ptsnoop.shtml

and norton antivirus dose knows the diffrence in them

and it only uses 1MB of ram not resorses. but it uses a heck of a lot of cpu cycles when ur useing ur pctel modem cus what it is doing is the job in software that a real modem dose in hardware on the modem it self that is the reasion that pctel modems have a min cpu requirement. they realy are juck modems but they are cheep and they do work

I_DONT_SHARE_PORN i think the prog that ur talking about is called PCsnoop its a prog too spy on what peps do no there comp commenly used to track kids by parents and by wifes to track husbands and visaversa

MagicNakor
02-17-2003, 12:02 PM
You should actually read my post then, QuietSilence. It detailed the difference between the two.

Bender
02-17-2003, 12:57 PM
http://www.pacs-portal.co.uk/

This guy went through the trouble of making a HUGE list of start-up programs with their definition, this site is really worth a visit. B)


edited Engrish.