General SecurityPost any general questions related to security, viruses or spyware here.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
I've recently become aware of excessive HDD activity at various times and are puzzeling me. I have shut down all running processes except explorer and systray during one of these times and the activity is still there. I downloaded Wintop and see a PTSnoop.exe running on both C and D. My first thought was that it was something I had intentionally downloaded and had forgotten but a little looking around on Google tells me that it might be a trojan. I have an updated Norton A/V running but has caught nothing like this. I put PTSnoop.exe in Symantec search and came up empty. However, F-Secure.com says it could be a trojan(altho some modem programs do use this thing to search for ports). Does anyone have any info on this thing? I suspect that it is the culprit running my HDD ragged when nothing should be. TIA, Bob
Didn't find the information you thought to find? Check out these Similar Threads
Thanks Daizy. I must have Phronemophobia cause I did some more checking inside my machine and found that it is a legit program I intentionally downloaded a while ago. Seems strange and confusing to me that modem programs, legit software, and Backdoor Trojans can have the same name. Maybe that's the aim of the trojan. ?
Well, that was an "aside" because I still have/or had the unexplained activity on HDD. I'm still looking.
Well hello again bobmc32
That ptsnoop is indeed a pain in the rear. The name alone raises suspicion for heaven's sakes. Do take a gander through those threads when you get a chance. I believe one of the members (AnnMarie) went in great detail on how to remove it properly.
Let's go about this systematically though? Are you running Zonealarm? What all do you have checked under msconfig? Have you downloaded and run Ad-Aware and got rid of any and all spyware?
Daizy
*edit* msconfig
To get to msconfig:
Go to start...then run....type in: msconfig
Click ok
Look under the start up tab.
Daizy - Oh, I looked(wouldn't want your efforts wasted) and read AnnMarie's posts and no, I don't have ZA but do have Sygate and do have Adaware and have run(altho not tonight-but recently).
Startup tab in Sys config has been pruned(no PTSnoop there). As said, did a bit more checking and found that I intentionally downloaded a program from Karen Kenworthy( http://www.karenware.com/powertools/ptsnoop.asp)named PTSnoop(for some unknown reason) and that is , I think, the root of my snooper and not a trojan. Thanks for your help and will keep looking on this end, too.
Daizy - I have 56k dialup which isn't 56k at all as I live in the boonies and really get about 28.8 or thereabout(maybe 33.3 sometimes) and I "think" I have excessive HDD activity on occaision 'cause my drive light on the box is on, not constantly, but I would estimate 60%or more of the time, that is, flickering rapidly. As it is doing right now. I downloaded Wintop to monitor all running processes, which it seems to do better than the Close Program program. That's where I came across PTSnoop. Shut them down via Close Program but still have the flicker rapidly. I have no scheduled mx going and not A/V schedule running nor anything else I can think of. I do distributed computing for United Devices Cancer Research, but that uses processor and not disk far as I know. Anyway, can shut that down and doesn't change conditions. Is an intermittant condition, it seems. The drive activity , that is. That's about all I know about it at the moment and thanks for your continued help.
Bob
I do not see any mention as to what version of Windows you are running.
What is the condition of your hard drive as far as loading on it. ?
If the HD to heavily loaded and the Swap file does not have room enough to work it may cause almost constant disk access.
Does this occur just when online or at other times also ? If only online it nay be one thing. Do you know if you have Windows Critical update loading at startup.
But if it also occurs while not online it is more than likely something that Windows ( or some software ) is doing in the background.
Do you by some chance have MS Office on the machine ? That will also drive a machine nuts.
Do you have the newer version of Windows Media Player ( 7 or above ) ?
Do you have Real PLayer installed and running in the Systray and its' access to the Net not blocked by the Firewall ?
Both of the above are nasty resource hogging NOSEY pieces of software. And may be on line Spying on you anytime you are on line. And both know just about each and every move you make.
BTW . AD-Adware will not catch that kind of spyware. Also a lot of newer Software will set tiself up to go online But, unless very careful during the install of same the user may not even know it
Win98fe (noted in sig. area)
20Gb HDD divided into C (2.5gb-bout 1.2 used)D =Rest not very used
Occurs both on and offline
Occurs with usual apps running and with only explorer and systray
Have both MP7 and RP neither running in tray(I will check settings)
No MS Office
Since you mentioned it I did block both RP and MP in Sygate firewall(Hadn't done that before.)
After I submit this I will check settings in MP and RP and thanks.
I love seeing the samll C: drive. And gald to see the 98FE.
The probelm occuring both on and off line does lead me to a firm belief that you gotta find and nail down what is running in the back ground. ( not always an easy task )
WAG-- Check the Task Scheduler. Something there may have gone astray and running when it should not be. I myself do not run TaskMonitor and the Scheduler for two reason. One they are not really needed and both have a tendency to go haywire and not work properly.
I suggest getting Startup Cop And do some experimenting with varous items that my be loading at start up.
Startup Cop does nothing other then allow things to start or not start. And it may show things that Cnrtl-Alt-Del does not. And easier ( much ) to use than MSCONFIG.
Swap file should be no problem UNLESS YOU have it set to too small a minimum.
You might check your AV software setting to see if it is set to check all files. This may not only create some activity but also slow the system down.
Other than finding what may be running in the background my only other wild idea ( right now anyway ) would be to ask if you have GoBack on the machine.
Yup. These things for sure do CPU/memory/disk work on your PC.
I run the Stanford Alzheimer etc. research via folding@home and I can tell from the norton system doctor that my hd fragments lots quicker when it is running (which is mostly) than when it isn't. And lots of the same sort of Hd activity you describe.
Especially with a dial-up connection, the app needs some place to store data after crunching and before transmitting. Hd is about the only reasonable spot.
I do distributed computing for United Devices Cancer Research, but that uses processor and not disk far as I know. Anyway, can shut that down and doesn't change conditions.
I saw that too. But I dismised it when I read that it can be shut down with no change.
But then I do not know anything about that software.
bobmc32
Is there a possibility that there is more than one file that loads for that and you only shut one down. ?
Newt
norton system doctor
Do you find that usefull ? I never did. Especially if loaded and running in the systray.
what happens if you prevent UD from running at startup as opposed to simply closing it down?
Another good point.
With some software it does make a difference. As it may have more than one part.
For example;
If an .exe file loads at startup and it in turn loads another associated one but only the first may show and it is shut down by Cntrl-Alt-Del it may still leave the other loaded. And * MAY * in turn reload the one that was shut down.
That is why I myself highly recommend Startup Cop for testing various startup combos.
I know Norton Internet Security does the above. If I do not shut down the main file it just keeps right on reloading.
