Internat.exe and ptsnoop.exe in my msconfig startup, Part 2
- by Dennis Faas on 20021030 @ 10:44PM EST | google it | send to friends
- Filed under Security | (related terms: internat.exe, ptsnoop.exe, windows, symantec, system)
To be honest with you, I have never encountered these programs before. The name "internat.exe" seemed to me that it was a purposely misspelled version of the word "Internet" -- most likely misspelled to dupe users into thinking that it was a friendly Internet-related program. In all likelihood, I thought, the program name "internat.exe" could have been a trojan.
I was right. Sort of.
As always, I use Google to sniff for clues when I need to explore possibilities and options. Google pointed in the right direction and provided links to Symantec for the file trojan file internat.exe (also known as PWSteal.Netsnake) and F-Secure for the trojan file ptsnoop.exe.
So far so good.
From the Symantec website, I found that there is a trojan program file called internat.exe which maliciously steals passwords and sends them to the trojan creator. However, I missed the part where the Symantec web site mentions that there is in fact a legitimate file called internat.exe which resides in the %windir%\system directory.
Basim from Iraq writes, "Internat.exe is there in *msconfig.exe* for bilingual machines. The blue small square in the system tray where you can change the language you type in email messages, couldn't be displayed without enabling internat.exe. This applies to bilingual Windows only."
And, to quote from the Symantec web site:
" Please note that there is a legitimate Windows application called %windir%\system\Internat.exe. The Trojan file (also known as internat.exe) is 82.5 KB in length and uses a zip file icon. The "real" Internat.exe is generally about 20 KB in length with a "?" icon.
NOTE: %windir% is a variable that denotes the folder in which Windows is installed. The normal installation folders are C:\Windows or C:\Winnt. "
So, what do you need to do to make sure that the Internat.exe -- if you have it on your system -- is not the trojan?
From my understanding, an infected system will display "Hello. I'm NetSnake." after a system reboot. If you remember seeing a message like this, the trojan is installed on your system and you need to get rid of it.
Alright -- on to the next problem: ptsnoop.exe
Originally, I found a web page on F-Secure which made mention of another trojan program called ptsnoop.exe, which attempts to connect to a web site (which does not exist any more) and tries to take control of mouse movement and window positioning. Once again, I missed the very last paragraph on this page which makes note of a legitimate program called ptsnoop.exe.
David G. sent me his thoughts:
" There is a legitimate program called Ptsnoop.exe, which is related to modem technology. It may interfere with running some programs. For example: PTSNOOP.EXE Interferes with Installation and Running of REALHELP At the bottom of this page is the notation. PTSNOOP is a token program that waits for a program to request the COM port to be opened. Then it makes sure that the modem drivers get loaded if they are not.
PTSNOOP can be found with several different modems, such as the MICOM HSP PCTEL and EPS Technology COMM WAVE PCMCIA modems. It is not mandatory for proper operation, and the manufacturers list removal of PTSNOOP in various steps of their troubleshooting procedures.
I believe the confusion about a Trojan may have come from the existence of a Trojan named "Backdoor.ptsnoop." (e.g. see discussions, Computing.Net - PTSnoop.exe was killing my computer... or; Re: PTsnoop....what is it? - www.ezboard.com). "
That summed it up nicely. Thank you, David.
Free eBook: Getting Started: Your Guide to Windows 8. Windows 8 is arguably Microsoft's most daring Windows Operating system to date. Featuring an unusual tile-based Start screen that's optimized for touchscreen devices, Windows 8 is now available on all new computers, laptops and ultrabooks, and hybrid tablets. Whichever device you use Windows 8 on, you'll need to know a few things. First, how are you going to get the data from your current operating system to the new one? Second, you'll probably be wondering where Windows desktop has gone. Finally, you might be wondering: why did Microsoft remove the Start menu? This eBook answers all those questions, and more. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.
Stay informed -- get our timely news delivered via email or RSS!
