Anyone know what PIFTS.exe is?

http://www.tech-linkblog.com/2009/03/con…

even snopes is hiding it!

Everyone wants to know this (myself included) and another thing I'm curiose about is why doesnt Symantec wanna talke about this thing?
They keep deleting forum posts on their site apparently with anything regarding or even mentioning this executable.
Apparently there is an IP that the files tries to connect to, somewhere in Africa of all places. I ca only suspect that this thing is gonna be big, whetever it is.

I googled this about an hour ago and wasnt anything on it...
NOW THERE 10 PAGES ON IT AND GROWING.
I too run Norton Anti Vir and saw the posts in their forum about it have been deleted.
very starnge

There is some discussion about this going on over here: http://chrysler5thavenue.blogspot.com/2009/03/piftsexe.html

It appears to be some sort of a virus.

I'm starting to wonder if Norton might actually be in on this thing. If you look for a directory similar to C:\WINNT\Temp (or similar depending on your OS) you may find a .txt file which contains a line of information starting with: "the ping url is http://stats.norton.com/n/p?module=..." this smells fishy to me. The text file will have a name similiar to Norton_PIFTS [Date] [Time my machine was apparently last rebooted].log
PIFTS.exe appears to have been pulled in via LiveUpdate back on 3/4 on my machine. On 3/9 Live Update brought in another ZIP file with a long name ending in jtun_pifts.zip.full. Hovering over it from a search screen indicates that it is" No Zip file, bad Zip file, or part of a spanned ZIP file." In the least case, it seems like Norton is trying to get information sent back to itself. This information disappearing from blogs on their own site....hmmmmm. Until they come clean on this, I'll be denying access to this program and probably uninstalling Norton - at least until this is cleared up.You want to be able to trust the company that we're paying for to keep us protected, yes?

Good reply Sax; I appreciate others helping me on this one.

The only real valid theory so far is that it's sending some kind of usage info back to Google regarding stuff in your IE cache and Temporary Internet Files.

Block it's access, delete it if you can manage to do so, and clear your IE cache if you use it.

Wow, ok there is definitely something going on here. I just called customer support and after running around for a bit, the operator gained a worried tone in his voice and said he'd put me on hold for a few minutes while he did some research as to what the problem was.

After that, he transfered me to technical support. I spoke to a woman who got my information and didn't seem to know what pifts.exe was. She actually said, "When I searched on google, there are no results for pifts.exe."

This means one of two things.

1) She was lying to cover something up.
2) The company is blocking their own tech support people from viewing anything with pifts on it.

CONSPIRACY!!!!!!

The same thing happened to me. I posted a question that said, "What is PIFTS.EXE? C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt1… I posted it at 10:32pm PST and it was removed within a minute. I am no longer able to post a new message or reply to any others.

I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got transferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support. I then spoke to Fahed and asked the same questions. After a while he came back and explained that the system puts out updates every hour and this was part of that process. I asked again why messages about this issue were being deleted from the Norton Forum. While I was on hold, I posted myself to the Norton Forum so see what would happen (see above for that information). My question was again ignored and he then wanted to enter my computer remotely and look for viruses. I said that my question has still not been answered and I feel that something very suspicious was going on with Symantec. I told him that I was not going to allow anyone from Symantec to access my computer because I have lost my trust in the company because of the way I am being treated. I told him that I was finished with the call and would just contact the media and hung up. He called right back and told me he wanted to transfer me to his Supervisor since I was obviously not satisfied with my call. I next spoke to Austin, Case Manager. He basically repeated the same crap as everyone else and would not tell me why my post and others were deleted. I told him that I am done with Norton products and will remove them from all of my computers and others that I have installed their product on. This is crazy! Lets get the word out there! Symantec is digging a big hole with this issue and losing customer trust! What exactly are they trying to install on our systems?

I can only guess that Symantec are using this program to collect some
statistics. What statistics they are trying to collect would be the big
question.

I guess this because my Norton Firewall log says the following

10/03/2009 10:00:34,"This one time, the user has chosen to ""block"" communications.","This one time, the user has chosen to ""block"" communications. Outbound TCP connection. Remote address,service is (stats.norton.com(67.134.208.160),http(8… Process name is ""C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt8…

I'm going to give you some simple advice, Delete Norton right now, as Pifts.exe is deadly virus created by Norton. No one knows what it exactly does but we all know Norton can manipulate something they create so Norton accepts it.

Uninstall Norton and move to McAfee. Works perfectly, doesn't show up.

If you accidentally opened the page, click the "X" button, and immediately ALT+F4 the page.

If not, I know nothing more on how to help.

One last thing, do not trust Norton or Symantec with them saying "Everything is under control. and do not belive those assuring hope by saying "Its just part of the program."

Check out this Digg article:
http://digg.com/security/The_mysterious_…

It has a lot of information to do with it.

I smell conspiracy.

I would allow this file and do some packet sniffing and see if it has any detection such as SMTP, my guess is that it does. Because it puts something in /tmp then it probably sends a message informing Norton about it. This has to require smtp notification, if it does, we will get the user and password this baby is wired to.

And wait, they want to REMOTELY access your machine? Wait just one second, how do they do is? automatically. Wait just a second, this requires RDP or VNC, if they just connect to you like that it means they already have your details and all they need to do is connect via client.

Ooooh crap.

ive read up on this as soon as i discovered it today.

my corporate edition of symantec hasnt said anything yet but i am switching to kaspersky as we speak.

if i dont hear anything about this "officially" soon i am going to the media with it

Chances are (though no one seems to know yet) is that it's a tool for gathering statistical information.

The thing is, Norton are being very very secretive about it, to the point of paranoia. And this is making the users of their products equally paranoid.

Best advice, prevent the program accessing the internet, uninstall Norton and use any of the decent free anti-virus solutions out there until this issue is addressed satisfactorily. (if it ever is.)

All you need to know is here: http://www.sophos.com/blogs/gc/

Nothing to worry about.

PIFTS.EXE

Live update, Symantec
http://fr.online-armor.com/oasis2/file/s…
decompiling pifts.exe led me to pifengine
online Armor says
Product Name LiveUpdate Notice
Product Version 1.3
File Version 1.3.0.34
Copyright Copyright (c) 2007 Symantec Corporation. All rights reserved.
Internal Name PifEng
Original Name PifEng.dll
Description PIF Engine

its live update thats all, oh and by the way there are many other free antivirus without this issue symantec sucks anyway

No scanner seems to pick it as a Virus (0/39):
http://www.virustotal.com/analisis/734465e30a6ee6d6c493471d77940f4c

But it definitely, phones home. It tries to connect to stats.norton.com.
http://www.threatexpert.com/report.aspx?md5=91b564d825a3487ae5b5fafe57260810

Now why does it need to connect to stats.norton.com, when LiveUpdate will anyway send back details of installation ?? Somethings is fishy ...

This is ridiculous.
PIFTS.EXE is no more than just another conspiracy fairytale like 2012, reptilians, jesus christ or yogi the bear.
You are all just feeding these idiots with your fear and attention, which is exactly what they want.
You sheep.

After reading this page:

http://www.abovetopsecret.com/forum/thre…

I have come to the conclusion that all paid anti-virus systems are a waste of time and good money.

It has been revealed in the past that companies like Symantec have been making viruses, because without viruses, they wouldn't exist, and they would also get no money.

I have always and will continue to use free anti virus software as the reports I have received from friends and relatives who use paid software, haven't been very good. Also, what is the company doing with the money you pay? They certainly aren't making their software better. All the money does is goes into their back pockets to spend on luxuries.

I stick to free software usch as Avast and AVG because not only has my college given good reports on them, I also have had an exellent experience with them. Avast found 21 viruses on my old computer which previously had McAffe installed on it, and guess what, McAffe didn't detect them...

If companies can give out free antivirus systems, and keep them well updated, what is the matter with Symantec or McAffe or any "paid" software?

My advice:

Uninstall Symantec's Norton Antivirus or McAffe and get yourself a good free one, such as Avast.

This PIFTS.exe file, that has been reported in an unexistant folder, and attempting to access servers in Africa seems very fishy.

Don't trust them.

It seems Norton made a boo boo. Ugh.

It was a program for them to check what OS Norton users had so that their update server traffic could be balanced. Apparently they wanted to see how many needed an update to the Norton program as many people are going to Windows 7.

It looks to me that so many were asking about it in their forums at once they thought they had a spammer problem, and deleted all references to it and those accounts. Maybe they should have issued a statement first, eh?

Sad, they have a good product. But this is going to make a lot of people steer away from them.

see these (malware free) articles:

http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119&jump=true

I WON'T trade my PIFTS.EXE with anything !

Its a spy program that loops thru the internet connecting all and any contacts you have on your pc with all others and allows all your information to be accessed by the dept. of Homland Security. Don't even think of touching it. you will be very sorry.