Link to Security Alerts regarding PT Snoop Virus
Here's a snippet -
Ptsnoop is a simple backdoor program written in Visual Basic. Being activated it first looks for active RAS connections and exits immediately if none is found.
If a connection is present, the backdoor installs itself to system by copying itself as PTSNOOP.EXE file to \Windows\System\ directory and modifying WIN.INI file. The backdoor adds its execution string after LOAD= variable in [Windows] section of WIN.INI file. Diring this operation WIN.INI file gets copied to WIN.ANA file, the backdoor's execution st ring is then added and WIN.INI file is deleted. Then WIN.ANA file is renamed to WIN.INI file. This way the backdoor will become active every time Windows starts.
There's more there, but nothing says how to get rid of it.
Do you think if I get rid of the LOAD variable in the the win.ini file, it would get rid of the virus?