Hey /x/, /g/ needs your help on something. Some seriously shady # is going doing. The makers of Norton are involved in a coverup of some sort. A part of the program tried to access something in Africa. People asked them what it was.
They are deleting every single message about it on their forum and banning users who post them about PIFTS.EXE. We are trying to figure out what the hell it does, and why they are trying to cover it up. If you search Google for it you will find deleted posts in their forums.
What is pifts.exe and why are they trying to cover it up?
Originally posted by Gemwolf
It seems to be true (that they're deleting the topic).
Google search results
All topics deleted.
Time to do some digging...
All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it.
This indicates that the program tried to change tactics to go out on the net. I look a look for this and it is SwapDrive. So this must be an update to Swapdrive but I am unsure as to why it pops up that way. The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP. Although just recently Norton Decides to Delete that thread and people are really worried about why? Is this a coverup of some sort because there is a exploit in the Wild that we don’t know about? These are good questions that need to be answered. Here is what one posted about this just after they deleted the forum thread:
PIFTS—Planetary Imaging Fourier Transform Spectrometer
Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I've now been blocked from creating new posts or replies on the Norton forums. They really don't want to talk about whatever this was.
>I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got tranferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support.
>System File Issue
I HAVE GREAT FAITH IN THESE PEOPLE.
>My question was again ignored and he then wanted to enter my computer remotely and look for viruses.
After the person hung up:
>He called right back and told me he wanted to transfer me to his Supervisor since I was obviously not satisfied with my call.
The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.
I looked up the:
G O E C 6 2 ~ 1 . D L L
thing we found before.
Symantec accesses Google Desktop.
G O E C 6 2 ~ 1 . D L L is Google Desktop.
They ARE recording searches-- Google Desktop interacts with IE, too, so... just, #.