Virus, left PTsnoop.exe and denies access

  Ironman556 00:23 15 Oct 03

Hi, my neighbour had a virus via email. She followed Norton's (2002 or 2003) instructions to remove it but it seems to have left some traces behind. Running Win 98. Doesn't have norton disc.

On boot there's an error message saying that hgfxbzx.exe can't be opened (the deleted file I think), and after hitting 'esc' a few times it comes up 'PTsnoop.exe can't be found', followed by 'try removing from Win.ini'.

Searched PCA site and found that it's a modem thing or a virus. I'm assuming it's the virus left. click here

My main problem is that a lot of .exe's can't be opened as the PC tries to run hgfxbzx.exe (random name?) first, and when it can't be found, denies access to the file. There are, however certain ways around this. By clicking the internet connection icon instead of IE, IE will be allowed to open, so the internet can be accessed. By right clicking and selecting "Scan with Norton" Norton can be opened, whereas it can't when trying to open directly via Norton link.

I cannot get into System Properties or MSCONFIG. I can get into Find. I can get into the win.ini, but am unsure what to edit the line to.

It's currently: (no gaps between lines)

load = ptsnoop.exe

run c:\windows\system\cmmpe.exe hpfsched

Null port = none

device = HP Deskjet, hpfdjcb, LPT1

I think it's only the first line that needs changing, but does the whole thing need deleting or changing to load = "somthing else"?

I will probably try tomorrow, but I don't want to mess up the win.ini by setting it wrong. Will also try AVG on there, does Norton need removing or can it be disabled somehow? (I'm not sure the removal tools will work, access will probably be denied)

Thanks, and sorry about the long post, but I wanted to get all the info I had in, Ironmsn.

  BobG65 00:40 15 Oct 03

I think you may have wrong info on PTSNOOP.EXE, it seems to be a program installed by certain modem drivers to monitor coms performance.

Try a Google search for ptsnoop and look at the EZBOARD entry. I also read a response in PCAdvisor maybe two issues ago which was an answer to the same question conclusion was its a legal file with an unfortunate name, thanks Bill.

Hope this helps

Bob Gray

  Jester2K II 07:44 15 Oct 03

The virus had hijacked the settings for running an EXE file. However the Anti Virus hasn't reversed the effects.

Download the file on this page click here

Unzip it and right click the Virusfix1 file and select Install, then right click the Virusfix2 file and select MERGE. Say YES to the warning.


  Jester2K II 07:50 15 Oct 03

Also keep NAV on the PC until this is sorted. Then uninstall NAV (use Add / Remove Programs and then look at this thread click here for the RNAV.exe program) and get AVG installed and up to date.

the virus has also locked you out of MSCONFIG, TASK MANAGER and REGEDIT. The fix above also sorts this...

The stuff in win.ini looks fine.

  Ironman556 14:43 15 Oct 03

Thanks, I'e downloaded the file and will give it a shot in a bit.

I know PTsnoop is oth ar of a virus and also somthing to do with some modems. Theonly reason I hough it was linked was click here (first link didn't work, sorry)

Anyway I'll try Jester's file which should hopefully fix it, if not then I'll have to check out the Win.ini.

Thanks again, post back later, Ironman.

  Ironman556 14:48 15 Oct 03

Jester2K II

Thanks, I've downloaded the file and will give it a shot in a bit.

I know PTsnoop is somtimes part of a virus, but can also be somthing to do with some modems. The only reason I thought it was linked was click here (first link didn't work, sorry)

Anyway I'll try Jester's file which should hopefully fix it, if not then I'll have to check out the Win.ini.

Thanks again, I'll post back later, Ironman.

(PS keyboards that look good deals at a PC fair may not be in the long run...;-) )

  Ironman556 21:05 15 Oct 03

A BIG THANKS to Jester.

The messages have now gone on boot up, and all programs load ok (I've left Norton on now, as it works again).

I couldn't get the registry file to merge "not a valid win32 application". The reg file symbol is displayed, so it is recognised, and Merge is an option, but it cannot be merged. I have checked on my PC and it asks if I'm sure I want to add the entries so the file is not corrupt.

I tried to get into the registry (using win 98's regedit), but it says that it has been disabled by the system admisistrator. The PC does have a user set up, but it logs straight into Windows as there is only one user. Would it be likely that the place that sold the PC (but went out of business) would have admin access but not the user?

The main thing is that the PC can now be used for what is wanted, ie. email, text editors etc. and my neighbour's happy that she can use the PC for everything she wants again. I've left it that if I can find a fix for the problem of getting into the registry I will go back and sort it, or that she asks me if there's more problems. Although the PC's working again, I feel as if I've only done half a job, as REGEDIT won't open. I've tried msconfig, and that now works, and the system properties can be opened. If you have any other pointers to getting into regedit, please let me know (or even if you think it might have been disabled by the retailer).

Thanks again, Ironman.

  Jester2K II 07:42 16 Oct 03

After running the firsy file the second one should work straight away.

The second one contains the command to allow you back into the regedit.

Did you try rebooting before running the second file?

  Ironman556 21:20 16 Oct 03

Yes, ran first file, all went ok, ran second and got error. Rebooted, previous error messages had vanished, retried the reg file and it said not a valid win32 application again. If the regeditor is still locked, would that mean that files can't be merged?

Would using JV16 allow me access to the registry do you think?

Thanks for sticking with this.


  Jester2K II 21:43 16 Oct 03

Probably but VoG linked to this file click here which is another INF (right click and select INSTALL) file which has the reg fix for the regedit in it - mine is in the second one which you can't run.

Try this file.

  Ironman556 22:16 16 Oct 03

Thanks, I'll give that one a go tomorrow.

This thread is now locked and can not be replied to.

Surface Studio vs iMac 5K comparison review: Apple and Microsoft all-in-one PCs battle it out

1995-2015: How technology has changed the world in 20 years

Social media image sizes, specs and aspect ratios: the ultimate guide

New MacBook Pro release date, price and specs | New MacBook Pro 2016 announced: Now with Touch Bar…