Help ATS with a contribution via PayPal:
learn more

SCI: Tech Fears Arise Over Norton and Pifts.exe

page: 1
267
<<   2  3  4 >>

log in

join
+94 more 
posted on Mar, 10 2009 @ 01:32 AM
link   
"hey /g I was running my dad's computer tonight when a popup from norton asked me if I wanted to allow pifts.exe, I tried googling to see what it was and I am not getting any information. Anyone know what the hell this exe is? Also apparently any thread related to pifts.exe is being deleted on the norton forums."
zip.4chan.org...

Yep, that's right. Something that Norton is saying is just a regular update is requesting internet access. I know 4chan isn't everyone's idea of a good news source, but this is being talked about all over the internet, despite Norton's attempts to delete everything concerning the issue.



www.tech-linkblog.com...#

Hey /x/, /g/ needs your help on something. Some seriously shady # is going doing. The makers of Norton are involved in a coverup of some sort. A part of the program tried to access something in Africa. People asked them what it was.

They are deleting every single message about it on their forum and banning users who post them about PIFTS.EXE. We are trying to figure out what the hell it does, and why they are trying to cover it up. If you search Google for it you will find deleted posts in their forums.

What is pifts.exe and why are they trying to cover it up?

zip.4chan.org...

Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about pifts.exe
It's also strange that it's trying to access Africa.

If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall. Looking through its .dll, it accesses your IE history, and for some reason accesses Google as well.

[edit on 10-3-2009 by sadisticwoman]

[edit on 10-3-2009 by sadisticwoman]




posted on Mar, 10 2009 @ 01:42 AM
link   
Very interesting.

It seems to be true (that they're deleting the topic).

Google search results

All topics deleted.

Time to do some digging...



posted on Mar, 10 2009 @ 01:44 AM
link   

Originally posted by Gemwolf
Very interesting.

It seems to be true (that they're deleting the topic).

Google search results

All topics deleted.

Time to do some digging...


Exactly, and even if they're only covering up something silly and benign, a coverup is still completely unacceptable.



posted on Mar, 10 2009 @ 01:49 AM
link   
Interesting, hopefully more people will see what a crummy company Symantec is and they lose some business. Whether it is a malicious program or not, they are definitely trying cover it up. I will be keeping tabs on this and waiting for Symantecs explanation.



posted on Mar, 10 2009 @ 01:53 AM
link   
This is why I don't use Norton. 4chan? I guess ATS isn't safe from its vile name
Symantec is known for adding "additional" software and code with its products. Trying to access something in Africa? How did they find that out?



posted on Mar, 10 2009 @ 01:54 AM
link   
Howdy folks,

Somebody over at /g/ managed to finally track down the actual executable and all of its creepy files.

I present to you, Pifts.exe.

www....(nolink)/?mnmh35b9d0k

Scanned by Spybot, MBAM and McAfee-- it's "clean", but I wouldn't go opening that .exe just yet.

Open them up as .txt and look through them-- there's evidence in the .pf that it's doing something with the Internet Temporary Files, the History, and, for some reason, Google.


http:///m1e207a78

All the strings in the .exe for your perusal.


I personally have no idea how they're thinking it's contacting Africa-- the two IP addresses given by the Tech blog don't resolve to it in any way, just Washington Swapdrive and Microsoft Search Companion.



posted on Mar, 10 2009 @ 01:55 AM
link   
norton is a nightmare these days. i bought a new pc recently and it had a trial version pre installed.

after uninstalling it, i had an endless world of pain with the pc. its like they deliberatley make it an impossible task of a clean uninstall.

after seaching google it was clear millions of others were in the same boat!!!




posted on Mar, 10 2009 @ 01:57 AM
link   
reply to post by choujeap
 


That it resolves to swapdrive is also interesting, though, in that they may be sending our information out to be stored on their servers in Washington.

For those who don't know, Yahoo, Symantec, and Swapdrive (being owned by Symantec) are all basically the same company.

[edit on 10-3-2009 by sadisticwoman]



posted on Mar, 10 2009 @ 02:01 AM
link   
This Pifts.exe seems a bit strange . Take my advice and do not use norton. Norton uses WAY too much system resources.



posted on Mar, 10 2009 @ 02:02 AM
link   
reply to post by sadisticwoman
 


Since we're getting Yahoo! Answer questions about PIFTS taken down, too, I have to wonder just how bad this thing is.



posted on Mar, 10 2009 @ 02:07 AM
link   
An alternative article:


All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it.
...
This indicates that the program tried to change tactics to go out on the net. I look a look for this and it is SwapDrive. So this must be an update to Swapdrive but I am unsure as to why it pops up that way. The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP. Although just recently Norton Decides to Delete that thread and people are really worried about why? Is this a coverup of some sort because there is a exploit in the Wild that we don’t know about? These are good questions that need to be answered. Here is what one posted about this just after they deleted the forum thread:

Source


===
Edit to add: This reminds me of a thread by Skyfloating some time ago:
The antivirus software conspiracy

Is this the moment of truth?

===
Edit 2: The only definitions to the acronym "PIFTS" I can find is:

PIFTS—Planetary Imaging Fourier Transform Spectrometer

Source

[edit on 10-3-2009 by Gemwolf]

[edit on 10-3-2009 by Gemwolf]



posted on Mar, 10 2009 @ 02:13 AM
link   
reply to post by Gemwolf
 


That's a very good read.

Without new viruses, antivirus companies would cease to exist. Of course they have a hand in making new ones.



posted on Mar, 10 2009 @ 02:18 AM
link   
Confirmed, via google cache, that messages were deleted from Symantic's message board.

Here's a "Yahoo Answers" question on the subject:
Anyone know what PIFTS.exe is?

Let's see if that remains open. Additionally, here is a report from someone who posted on the Symantic boards, claiming they have now been blocked from creating new posts there:


Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I've now been blocked from creating new posts or replies on the Norton forums. They really don't want to talk about whatever this was.

Source



posted on Mar, 10 2009 @ 02:19 AM
link   
New post from 4chan. pretty interesting.


>I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got tranferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support.
>System File Issue
I HAVE GREAT FAITH IN THESE PEOPLE.

>My question was again ignored and he then wanted to enter my computer remotely and look for viruses.
...

ohohoho

After the person hung up:

>He called right back and told me he wanted to transfer me to his Supervisor since I was obviously not satisfied with my call.



posted on Mar, 10 2009 @ 02:28 AM
link   
We're currently having the problem of people calling in and being given the run around on the phone. They transfer you, don't give you any answers, ask you to reinstall and reboot, and then, finally, when they can't get rid of you, they ask if they can come in remotely.

Also, I can confirm that asking any question even vaguely related to PIFTS.exe is enough to get your thread deleted and your account banned from the Norton forums. I asked "Why are threads being deleted?". The thread was subsequently banned and so was I.

EDIT 1: Disassembled PIFTS is in from /g/.

www.megaupload.com...

[edit on 10-3-2009 by choujeap]



posted on Mar, 10 2009 @ 02:33 AM
link   
I haven't seen a systematic removal of "data" like this in a while. It takes a bit of people to do damage control like this. The things to note here are the Washington Swapdrive ip address and microsoft search companion originating in the executables encoding and the fact that there's a bunch of useless padding in the file. As explained on one of the forums its comparable to someone filling half a page of paper with xx's and oo's just to fill up the sheet of paper so it would match another like it. Normally padding like that is not included in a file for any reason its sloppy coding. Baton down your hatches folks this reeks of mass data mining, or something more sinister which i wont mention. (WHERE THE SPYBOT ACTUALLY JUMPS OUT OF THE COMPUTER AT YOU)

But really tho make sure to uninstall norton products they suck to begin with use avg or something, anything else but norton products. You will thank me later

[edit on 10-3-2009 by Localjoe3]



posted on Mar, 10 2009 @ 02:34 AM
link   
S+F'd.

I've been watching this on the new 4chan thread. Interesting stuff, but it seems like we aren't getting very far. I think we'll find out more in the morning.



posted on Mar, 10 2009 @ 02:42 AM
link   
I think I have got a hint by somebody doing some digging. Here is a statement about what he is speculating. It is Spying on its users! I have a feeling they are deleting the posts in the norton message board because their terms of service problably forgot to include about the spying part.




The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.


Source



posted on Mar, 10 2009 @ 02:45 AM
link   

I looked up the:

G O E C 6 2 ~ 1 . D L L

thing we found before.

Symantec accesses Google Desktop.

G O E C 6 2 ~ 1 . D L L is Google Desktop.

They ARE recording searches-- Google Desktop interacts with IE, too, so... just, #.


There you go. Symantec is recording what you search for on Google.

This could also be tied to Yahoo wanting to sabotage Google as the top search engine.


+2 more 
posted on Mar, 10 2009 @ 03:00 AM
link   
ATS has been contacted by Symantec and threatened to sue ATS if we don't delete the topic. I'll delete the thread in a couple of minutes...


...

I'm just kidding.


I'm just curious why the reference to South Africa. For one South Africa doesn't have a very strong Internet infrastructure. Our connection speed isn't nearly as fast as say the US, and I can't imagine that our infrastructure is good enough to handle a sudden surge of all Norton users' data coming its way. And secondly, I can't imagine who in South Africa would want such information. Yes, Symantec has a strong market share in SA, but strong enough to pull some stunt? I don't know...

Edit to add bold.

[edit on 10-3-2009 by Gemwolf]






top topics



 
267
<<   2  3  4 >>

log in

join