Ptsnoop is a backdoor program written in (sigh) visual basic. After being
activated, it looks for active RAS connections, and exits if none are found. If
the connections exist, it copies itself to the /windows/system directory and modifys win.ini
so that it is excecuted each time Windows is started. When active, it connects
to several websites, and allows a script on the websites to control the cursor
and window positions. The intent of this trojan is pretty much unknown, being
that the websites it connects to were quickly changed or removed.