SCI: Tech Fears Arise Over Norton and Pifts.exe, page 1

SCI: Tech Fears Arise Over Norton and Pifts.exe, page 1

Pages: << 1 2 3 4 >>
ATS Members have flagged this thread 267 times

Topic started on 10-3-2009 @ 01:32 AM by sadisticwoman

"hey /g I was running my dad's computer tonight when a popup from norton asked me if I wanted to allow pifts.exe, I tried googling to see what it was and I am not getting any information. Anyone know what the hell this exe is? Also apparently any thread related to pifts.exe is being deleted on the norton forums."
zip.4chan.org...

Yep, that's right. Something that Norton is saying is just a regular update is requesting internet access. I know 4chan isn't everyone's idea of a good news source, but this is being talked about all over the internet, despite Norton's attempts to delete everything concerning the issue.

www.tech-linkblog.com...#

Hey /x/, /g/ needs your help on something. Some seriously shady # is going doing. The makers of Norton are involved in a coverup of some sort. A part of the program tried to access something in Africa. People asked them what it was.

They are deleting every single message about it on their forum and banning users who post them about PIFTS.EXE. We are trying to figure out what the hell it does, and why they are trying to cover it up. If you search Google for it you will find deleted posts in their forums.

What is pifts.exe and why are they trying to cover it up?

zip.4chan.org...

Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about pifts.exe
It's also strange that it's trying to access Africa.

If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall. Looking through its .dll, it accesses your IE history, and for some reason accesses Google as well.

[edit on 10-3-2009 by sadisticwoman]

[edit on 10-3-2009 by sadisticwoman]

reply posted on 10-3-2009 @ 01:42 AM by Gemwolf

Very interesting.

It seems to be true (that they're deleting the topic).

Google search results

All topics deleted.

Time to do some digging...

reply posted on 10-3-2009 @ 01:44 AM by sadisticwoman

Originally posted by Gemwolf
Very interesting.

It seems to be true (that they're deleting the topic).

Google search results

All topics deleted.

Time to do some digging...

Exactly, and even if they're only covering up something silly and benign, a coverup is still completely unacceptable.

reply posted on 10-3-2009 @ 01:49 AM by yeastblood

Interesting, hopefully more people will see what a crummy company Symantec is and they lose some business. Whether it is a malicious program or not, they are definitely trying cover it up. I will be keeping tabs on this and waiting for Symantecs explanation.

reply posted on 10-3-2009 @ 01:53 AM by nastalgik

This is why I don't use Norton. 4chan? I guess ATS isn't safe from its vile name

Symantec is known for adding "additional" software and code with its products. Trying to access something in Africa? How did they find that out?

reply posted on 10-3-2009 @ 01:54 AM by choujeap

Howdy folks,

Somebody over at /g/ managed to finally track down the actual executable and all of its creepy files.

I present to you, Pifts.exe.

www.mediafire.com...

Scanned by Spybot, MBAM and McAfee-- it's "clean", but I wouldn't go opening that .exe just yet.

Open them up as .txt and look through them-- there's evidence in the .pf that it's doing something with the Internet Temporary Files, the History, and, for some reason, Google.

pastebin.com...

All the strings in the .exe for your perusal.

I personally have no idea how they're thinking it's contacting Africa-- the two IP addresses given by the Tech blog don't resolve to it in any way, just Washington Swapdrive and Microsoft Search Companion.

reply posted on 10-3-2009 @ 01:55 AM by grantbeed

norton is a nightmare these days. i bought a new pc recently and it had a trial version pre installed.

after uninstalling it, i had an endless world of pain with the pc. its like they deliberatley make it an impossible task of a clean uninstall.

after seaching google it was clear millions of others were in the same boat!!!

reply posted on 10-3-2009 @ 01:57 AM by sadisticwoman

reply to post by choujeap

That it resolves to swapdrive is also interesting, though, in that they may be sending our information out to be stored on their servers in Washington.

For those who don't know, Yahoo, Symantec, and Swapdrive (being owned by Symantec) are all basically the same company.

[edit on 10-3-2009 by sadisticwoman]

reply posted on 10-3-2009 @ 02:01 AM by wiredamerican

This Pifts.exe seems a bit strange . Take my advice and do not use norton. Norton uses WAY too much system resources.

reply posted on 10-3-2009 @ 02:02 AM by choujeap

reply to post by sadisticwoman

Since we're getting Yahoo! Answer questions about PIFTS taken down, too, I have to wonder just how bad this thing is.

reply posted on 10-3-2009 @ 02:07 AM by Gemwolf

An alternative article:

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it.
...
This indicates that the program tried to change tactics to go out on the net. I look a look for this and it is SwapDrive. So this must be an update to Swapdrive but I am unsure as to why it pops up that way. The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP. Although just recently Norton Decides to Delete that thread and people are really worried about why? Is this a coverup of some sort because there is a exploit in the Wild that we don’t know about? These are good questions that need to be answered. Here is what one posted about this just after they deleted the forum thread:

Source

===
Edit to add: This reminds me of a thread by Skyfloating some time ago:
The antivirus software conspiracy

Is this the moment of truth?

===
Edit 2: The only definitions to the acronym "PIFTS" I can find is:

PIFTS—Planetary Imaging Fourier Transform Spectrometer

Source

[edit on 10-3-2009 by Gemwolf]

[edit on 10-3-2009 by Gemwolf]

reply posted on 10-3-2009 @ 02:13 AM by sadisticwoman

reply to post by Gemwolf

That's a very good read.

Without new viruses, antivirus companies would cease to exist. Of course they have a hand in making new ones.

reply posted on 10-3-2009 @ 02:18 AM by Ian McLean

Confirmed, via google cache, that messages were deleted from Symantic's message board.

Here's a "Yahoo Answers" question on the subject:
Anyone know what PIFTS.exe is?

Let's see if that remains open. Additionally, here is a report from someone who posted on the Symantic boards, claiming they have now been blocked from creating new posts there:

Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I've now been blocked from creating new posts or replies on the Norton forums. They really don't want to talk about whatever this was.

Source

reply posted on 10-3-2009 @ 02:19 AM by sadisticwoman

New post from 4chan. pretty interesting.

>I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got tranferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support.
>System File Issue
I HAVE GREAT FAITH IN THESE PEOPLE.

>My question was again ignored and he then wanted to enter my computer remotely and look for viruses.
...

ohohoho

After the person hung up:

>He called right back and told me he wanted to transfer me to his Supervisor since I was obviously not satisfied with my call.

reply posted on 10-3-2009 @ 02:28 AM by choujeap

We're currently having the problem of people calling in and being given the run around on the phone. They transfer you, don't give you any answers, ask you to reinstall and reboot, and then, finally, when they can't get rid of you, they ask if they can come in remotely.

Also, I can confirm that asking any question even vaguely related to PIFTS.exe is enough to get your thread deleted and your account banned from the Norton forums. I asked "Why are threads being deleted?". The thread was subsequently banned and so was I.

EDIT 1: Disassembled PIFTS is in from /g/.

www.megaupload.com...

[edit on 10-3-2009 by choujeap]

reply posted on 10-3-2009 @ 02:33 AM by Localjoe3

I haven't seen a systematic removal of "data" like this in a while. It takes a bit of people to do damage control like this. The things to note here are the Washington Swapdrive ip address and microsoft search companion originating in the executables encoding and the fact that there's a bunch of useless padding in the file. As explained on one of the forums its comparable to someone filling half a page of paper with xx's and oo's just to fill up the sheet of paper so it would match another like it. Normally padding like that is not included in a file for any reason its sloppy coding. Baton down your hatches folks this reeks of mass data mining, or something more sinister which i wont mention. (WHERE THE SPYBOT ACTUALLY JUMPS OUT OF THE COMPUTER AT YOU)

But really tho make sure to uninstall norton products they suck to begin with use avg or something, anything else but norton products. You will thank me later

[edit on 10-3-2009 by Localjoe3]

reply posted on 10-3-2009 @ 02:34 AM by EricS

S+F'd.

I've been watching this on the new 4chan thread. Interesting stuff, but it seems like we aren't getting very far. I think we'll find out more in the morning.

reply posted on 10-3-2009 @ 02:42 AM by wiredamerican

I think I have got a hint by somebody doing some digging. Here is a statement about what he is speculating. It is Spying on its users! I have a feeling they are deleting the posts in the norton message board because their terms of service problably forgot to include about the spying part.

The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.

reply posted on 10-3-2009 @ 02:45 AM by sadisticwoman

I looked up the:

G O E C 6 2 ~ 1 . D L L

thing we found before.

Symantec accesses Google Desktop.

G O E C 6 2 ~ 1 . D L L is Google Desktop.

They ARE recording searches-- Google Desktop interacts with IE, too, so... just, #.

There you go. Symantec is recording what you search for on Google.

This could also be tied to Yahoo wanting to sabotage Google as the top search engine.

reply posted on 10-3-2009 @ 03:00 AM by Gemwolf

ATS has been contacted by Symantec and threatened to sue ATS if we don't delete the topic. I'll delete the thread in a couple of minutes...

...

I'm just kidding.

I'm just curious why the reference to South Africa. For one South Africa doesn't have a very strong Internet infrastructure. Our connection speed isn't nearly as fast as say the US, and I can't imagine that our infrastructure is good enough to handle a sudden surge of all Norton users' data coming its way. And secondly, I can't imagine who in South Africa would want such information. Yes, Symantec has a strong market share in SA, but strong enough to pull some stunt? I don't know...

Edit to add bold.

[edit on 10-3-2009 by Gemwolf]

Pages: << 1 2 3 4 >> ^^TOP^^

Antartica 2012
Posted 17 days ago with 126 member flags

The mystery of 100+ mpg cars, and the disappearance & deaths of men behind it
Posted 7 days ago with 101 member flags

Scientists able to talk to and teach dolphins sentences - Dolphins share a universal language.
Posted 4 days ago with 91 member flags

Pirate Bay to Allow Real-Object Downloads. The Real Reason for SOPA, IMO.
Posted 7 days ago with 74 member flags

Tor (anonymity network)
Posted 13 days ago with 46 member flags

Top 10 Most Incredible Pieces Of Nanoscale Art
Posted 1 days ago with 40 member flags

cold plasma found above earth raises questions of einstiens "gravity is a fundimental force"
Posted 9 days ago with 23 member flags

Logical Proofs of Infinite External Consciousness
Posted 15 days ago with 17 member flags

Newest topics, updated in real-time:

New Mona Lisa Discovery. Not Conspiracy, Just Interesting.
General Chit Chat, Posted 2 minutes ago

Poll Reveals Most Americans Don't Know They Got a Tax Cut
Breaking Political News, Posted 6 minutes ago

Judge rules Obama will stay on Georgia ballot
US Political Madness, Posted 33 minutes ago

AFTER MIDNIGHT: 56: For Millions of Years....
ATS Live, Posted 36 minutes ago

"Anonymous" is now hacking into phones, and guess who...
Social Issues and Civil Unrest, Posted 36 minutes ago

Craziest UFO Video EVER
Aliens and UFOs, Posted 51 minutes ago

Tell me to stop
2012, Posted 52 minutes ago

Union forces 460 families into unemployment
Global Meltdown, Posted 1 hours ago

Aliens modeling for artists ...
Aliens and UFOs, Posted 1 hours ago

Ken Lewenza - Job-Slaying Jackass!
Global Meltdown, Posted 1 hours ago

Newest topics getting flags, in real-time:

Aliens Among Us ...Video
Aliens and UFOs, Posted 10 hours ago, 19 flags

Only read this if you are quite young?
Philosophy and Metaphysics, Posted 8 hours ago, 19 flags

Obama Citation for Contempt of Court- Now Moving Through Judiciary
US Political Madness, Posted 8 hours ago, 19 flags

Anonymous 'hack FBI and Scotland Yard phone call'
Breaking Alternative News, Posted 11 hours ago, 18 flags

Record 1.2 Million People Fall Out Of Labor Force In One Month, Labor Force Participation Rate Tumbl
Breaking Political News, Posted 9 hours ago, 18 flags

Lake Vostok Scientific Team Original Drilling Docs and Info......
Fragile Earth, Posted 11 hours ago, 17 flags

Prison inmate sneaks pig into design of state crest on three dozen police cars
General Chit Chat, Posted 11 hours ago, 16 flags

Australian Mothers Protest Facebook Over The Right To Display Their Breasts.
General Chit Chat, Posted 14 hours ago, 13 flags

In Relation To Lake Vostok Thread!! IMPORTANT IMHO
Fragile Earth, Posted 8 hours ago, 10 flags

Iran successfully launches new satellite into orbit !!
Middle East Issues, Posted 6 hours ago, 8 flags

Newest topics getting replies, in real-time:

Australian Mothers Protest Facebook Over The Right To Display Their Breasts.
General Chit Chat, Posted 14 hours ago, 469 replies

Please, come out and tell me the truth. Someone who knows the truth please. im asking nicely, please
General Chit Chat, Posted 15 hours ago, 65 replies

Anonymous 'hack FBI and Scotland Yard phone call'
Breaking Alternative News, Posted 11 hours ago, 61 replies

MSNBC: Israel will Attack Iran as soon as April 2012.
World War Three, Posted 11 hours ago, 57 replies

Clown sightings/attempted abductions in the midwest
Paranormal Studies, Posted 13 hours ago, 56 replies

Kids are the root of all evil...
Rant, Posted 8 hours ago, 54 replies

Obama Citation for Contempt of Court- Now Moving Through Judiciary
US Political Madness, Posted 8 hours ago, 52 replies

99.7% of humans have an above average number of limbs : discuss
Philosophy and Metaphysics, Posted 7 hours ago, 52 replies