What is Ptsnoop.exe?

When I hit control/alt/delete there is an entry that reads: ptsnoop. Can you tell me what that is?

-Pat

This question was answered on January 2, 2004. Much of the information contained herein may have changed since posting.

---

Knowing what is running in the background of your computer is very helpful in maintaining a happy healthy computer Later in this column, I will provide resources for learning more about programs that automatically load in Windows.

As to your situation, there are at least two distinct but completely different possibilities for what you are seeing in your ‘Task List’ or ‘Task Manager’.

It’s the classic ‘could be good news, could be bad news’ scenario Let’s hope that it’s good news in your case.

The good news is that it may just be a required application for your dial-up modem, especially if it’s an older one Ptsnoop.exe is a program used to interface certain modems with your computer from various companies including PC-TEL, Conexant, HSP MicroModem, Zoltrix and Rockwell to name a few.

It is a Terminate and Stay Resident (TSR) program that is not actually "snooping", but is interfacing with your computer to allow the modem to function It is looking for an available COM port for your modem to use when a request to use the modem is executed.

These types of modems are often referred to as ‘soft or Winmodems’ because they don’t have their own processing capability and must ask the computers main processor to do all the real work.

The modem version of ptsnoop.exe is not a malicious program and is not gathering any data about you You can remove the ptsnoop application, but every time you reboot your computer it will likely reinstall itself if you have a modem that relies on it.

If an older modem that is no longer installed used the program or if you have switched to a broadband connection and don’t use a modem any longer, it is safe to remove the program.

The second possibility is that you have acquired a ‘backdoor Trojan’ program that is malicious.

Various iterations of these malicious worms (first seen in early 2001) install a file called Ptsnoop.exe into Windows and modifies your computers startup in order to have it load every time you start your system.

It can cause everything from instability in your computer to randomly deleted files and most disturbing, can open up a ‘backdoor’ into your computer for others on the Internet to access.

The only way to know for sure if the actual file that you have in your computer is a worm is to run a complete virus scan with an up-to-date virus detection program as they all have the ability to detect this family of code.

Many of you are familiar with the ‘MSConfig’ utility (Start/Run/Msconfig) in Windows, but when you click on the ‘Startup’ tab to view the list of auto-loading programs, you need help identifying (don’t we all!) what each entry does.

Several web sites have created wonderful resources for learning more about items that are running in the background of Windows including www.answersthatwork.com (click on the ‘Task List’ button) and www.pacs-portal.co.uk (click on the ‘Startup Tips’ button).

USER BEWARE! Be sure you fully understand what you are disabling before doing so If you don’t understand what you are doing, don’t do it Make sure to only make one change at a time and reboot your system after each change to make sure that there are no ill effects

About the author

Posted by Ken Colburn of Data Doctors on January 2, 2004

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!