Try Adaware and Spybot. Plus this quote from PCA and the effect of removing Ptsnoop.exe
PCAdviser: On Ptsnoop.exe
"These descriptions I've come across - all valid as far as I can see :-
(1) Program installed with some modems that monitors the COM ports for the
modem driver. Not needed from what I've read - may need a registry edit to
get rid of it
(2) Backdoor trojan virus that copies itself as PTSNOOP.EXE -see here [the
info in the next section] for more info
(3) Apparantly the people who put it out claim it's a driver for a Voice
modems (don't know who they are though - Ed)
Note: If using AOL and you disable this you may lose your connection or lock
(4) Can also be an older Logitech scanner program. Remove from the Win.ini
tab under Load='path'\PTSNOOP and the System.ini tab under
drivers='path'\ptrtkr.drb. Can cause parallel port conflicts big time
dragging system resources way down when a conflict exists"
Ptsnoop is a simple backdoor program written in Visual Basic. Being
activated it first looks for active RAS connections and exits immediately if
none is found.
If a connection is present, the backdoor installs itself to system by
copying itself as PTSNOOP.EXE file to \Windows\System\ directory and
modifying WIN.INI file. The backdoor adds its execution string after LOAD=
variable in [Windows] section of WIN.INI file. Diring this operation WIN.INI
file gets copied to WIN.ANA file, the backdoor's execution st ring is then
added and WIN.INI file is deleted. Then WIN.ANA file is renamed to WIN.INI
file. This way the backdoor will become active every time Windows starts.
Being active the backdoor tries to connect to the following websites:
When the connection succeeds, the backdoor clips cursor to a certain area
and allows a hacker or script on these websites to control mouse movement
and window positions. It is not clear why this is done and it is impossible
to check any more because the contents of the above mentioned websites were
changed or removed.
The idea might have been to make a user click on certain areas of a website
to download or run a script or binary from there. In any case, this backdoor
should be deleted from a system and WIN.INI file should be cleaned from
backdoor's execution string after LOAD= variable.
It should be noted that software packages for certain modems contain
PTSNOOP.EXE files, but these are not trojans. If you are not sure if that
file is a trojan or not, use F-Secure Anti-Virus to check it out."
[Analysis: Alexey Podrezov; F-Secure Corp.; September 2001]
When pc [Win98 SE] is firstbooted Ptsnoop is in the startup list. Naturally I've
always been suspicious of it.
Trying to save on memory and thinking it was a component of Net Nanny I
unchecked it in startup and this certainly coincides with PC's Golden
Then after my grandson went joyriding on the web the mouse started to disappear or
else to refuse to move [straight after bootup] where you wanted it to.
Eventually I learned that this was neither an expiring rodent nor memory
Could one of grandson's download exploits have activated a hitherto quiescent
trojan to produce the uncooperative and disappearing mouse?
I have removed Ptsnoop.exe to the recycle bin and saved a copy in briefcase
which I use as an isolation ward for things I'm afraid to eliminate. I think
it was installed as part of Viavoice which I cannot be doing with and which
is uninstalled [or it may be part of readiness for AOL].
After restart I seemed to have an eighth more memory according to the
monitor and no more mouse trouble
You may need processviewer to kill Ptsnoop activity in order to bin it.