Internat.exe and ptsnoop.exe in my msconfig startup?

Dennis Faas's picture

Infopackets Reader 'ZZ' write s:

" Dear Dennis,

I would like to know what the files "internat.exe" and "ptsnoop.exe" mean. I found them on msconfig/startup tab. Should I clear their checkboxes? "

My Response:

After searching for those file names using the Google search engine, it appears that there are legitimate Windows files (internat.exe and ptsnoop.exe) -- however, there are also files with the same names that carry malicious intent.

In short, the trojan file Internat.exe steals passwords and sends them to the trojan creator; the trojan file Ptsnoop attempts to connect to a web site (which does not exist any more) and tries to take control of mouse movement and window positioning.

  • Check out this page from Symantec (PWSteal.Netsnake) -- also known as Internat.exe, and
  • this page from F-Secure (ptsnoop.exe)

Update 2002/10/30: This topic has been updated / re-addressed with greater detail in the following issue of the Gazette newsletter.

Rate this article: 
No votes yet