PT Snoop Virus found, what should I do?

EnoonEcalpon

Member
Jul 21, 2001
76
0
0
Alta vista has it listed as a known BO virus, but doesn't tell me any way of getting rid of it. Mcafee doesn't even have it listed as a known virus. Anyone know about this virus and how I get rid of it?
 

fooshkee

Senior member
Aug 10, 2001
571
0
71
i think i have a program called snoop running in my task manager... never figured out what it was.... damn damn damn... anybody else know anything about this?
 

EnoonEcalpon

Member
Jul 21, 2001
76
0
0
Link to Security Alerts regarding PT Snoop Virus

Here's a snippet -

Ptsnoop is a simple backdoor program written in Visual Basic. Being activated it first looks for active RAS connections and exits immediately if none is found.

If a connection is present, the backdoor installs itself to system by copying itself as PTSNOOP.EXE file to \Windows\System\ directory and modifying WIN.INI file. The backdoor adds its execution string after LOAD= variable in [Windows] section of WIN.INI file. Diring this operation WIN.INI file gets copied to WIN.ANA file, the backdoor's execution st ring is then added and WIN.INI file is deleted. Then WIN.ANA file is renamed to WIN.INI file. This way the backdoor will become active every time Windows starts.




There's more there, but nothing says how to get rid of it.

Do you think if I get rid of the LOAD variable in the the win.ini file, it would get rid of the virus?
 

EnoonEcalpon

Member
Jul 21, 2001
76
0
0
Ah, that would coincide when I installed my new modem. Hmmm. Does that mean I shouldn't delete it? What a foul name to give to a program. "Snoop" just automatically makes me think that it's a virus.
 

EnoonEcalpon

Member
Jul 21, 2001
76
0
0
Heh, any other thoughts on whether this is a virus or just a program for the Win Modem? Also, anyone know how to fix my Sig so it goes to my anandtech page? I tried putting up my rig but it comes out as nothing....