SCI: Tech Fears Arise Over Norton and Pifts.exe, page 1

SCI: Tech Fears Arise Over Norton and Pifts.exe, page 1

Pages: << 1 2 3 4 >>
ATS Members have flagged this thread 267 times

Topic started on 10-3-2009 @ 01:32 AM by sadisticwoman

"hey /g I was running my dad's computer tonight when a popup from norton asked me if I wanted to allow pifts.exe, I tried googling to see what it was and I am not getting any information. Anyone know what the hell this exe is? Also apparently any thread related to pifts.exe is being deleted on the norton forums."
zip.4chan.org...

Yep, that's right. Something that Norton is saying is just a regular update is requesting internet access. I know 4chan isn't everyone's idea of a good news source, but this is being talked about all over the internet, despite Norton's attempts to delete everything concerning the issue.

www.tech-linkblog.com...#

Hey /x/, /g/ needs your help on something. Some seriously shady # is going doing. The makers of Norton are involved in a coverup of some sort. A part of the program tried to access something in Africa. People asked them what it was.

They are deleting every single message about it on their forum and banning users who post them about PIFTS.EXE. We are trying to figure out what the hell it does, and why they are trying to cover it up. If you search Google for it you will find deleted posts in their forums.

What is pifts.exe and why are they trying to cover it up?

zip.4chan.org...

Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about pifts.exe
It's also strange that it's trying to access Africa.

If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall. Looking through its .dll, it accesses your IE history, and for some reason accesses Google as well.

[edit on 10-3-2009 by sadisticwoman]

[edit on 10-3-2009 by sadisticwoman]

reply posted on 10-3-2009 @ 01:42 AM by Gemwolf

Very interesting.

It seems to be true (that they're deleting the topic).

Google search results

All topics deleted.

Time to do some digging...

reply posted on 10-3-2009 @ 01:44 AM by sadisticwoman

Originally posted by Gemwolf
Very interesting.

It seems to be true (that they're deleting the topic).

Google search results

All topics deleted.

Time to do some digging...

Exactly, and even if they're only covering up something silly and benign, a coverup is still completely unacceptable.

reply posted on 10-3-2009 @ 01:49 AM by yeastblood

Interesting, hopefully more people will see what a crummy company Symantec is and they lose some business. Whether it is a malicious program or not, they are definitely trying cover it up. I will be keeping tabs on this and waiting for Symantecs explanation.

reply posted on 10-3-2009 @ 01:53 AM by nastalgik

This is why I don't use Norton. 4chan? I guess ATS isn't safe from its vile name

Symantec is known for adding "additional" software and code with its products. Trying to access something in Africa? How did they find that out?

reply posted on 10-3-2009 @ 01:54 AM by choujeap

Howdy folks,

Somebody over at /g/ managed to finally track down the actual executable and all of its creepy files.

I present to you, Pifts.exe.

www....(nolink)/?mnmh35b9d0k

Scanned by Spybot, MBAM and McAfee-- it's "clean", but I wouldn't go opening that .exe just yet.

Open them up as .txt and look through them-- there's evidence in the .pf that it's doing something with the Internet Temporary Files, the History, and, for some reason, Google.

http:///m1e207a78

All the strings in the .exe for your perusal.

I personally have no idea how they're thinking it's contacting Africa-- the two IP addresses given by the Tech blog don't resolve to it in any way, just Washington Swapdrive and Microsoft Search Companion.

reply posted on 10-3-2009 @ 01:55 AM by grantbeed

norton is a nightmare these days. i bought a new pc recently and it had a trial version pre installed.

after uninstalling it, i had an endless world of pain with the pc. its like they deliberatley make it an impossible task of a clean uninstall.

after seaching google it was clear millions of others were in the same boat!!!

reply posted on 10-3-2009 @ 01:57 AM by sadisticwoman

reply to post by choujeap

That it resolves to swapdrive is also interesting, though, in that they may be sending our information out to be stored on their servers in Washington.

For those who don't know, Yahoo, Symantec, and Swapdrive (being owned by Symantec) are all basically the same company.

[edit on 10-3-2009 by sadisticwoman]

reply posted on 10-3-2009 @ 02:01 AM by wiredamerican

This Pifts.exe seems a bit strange . Take my advice and do not use norton. Norton uses WAY too much system resources.

reply posted on 10-3-2009 @ 02:02 AM by choujeap

reply to post by sadisticwoman

Since we're getting Yahoo! Answer questions about PIFTS taken down, too, I have to wonder just how bad this thing is.

reply posted on 10-3-2009 @ 02:07 AM by Gemwolf

An alternative article:

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it.
...
This indicates that the program tried to change tactics to go out on the net. I look a look for this and it is SwapDrive. So this must be an update to Swapdrive but I am unsure as to why it pops up that way. The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP. Although just recently Norton Decides to Delete that thread and people are really worried about why? Is this a coverup of some sort because there is a exploit in the Wild that we don’t know about? These are good questions that need to be answered. Here is what one posted about this just after they deleted the forum thread:

Source

===
Edit to add: This reminds me of a thread by Skyfloating some time ago:
The antivirus software conspiracy

Is this the moment of truth?

===
Edit 2: The only definitions to the acronym "PIFTS" I can find is:

PIFTS—Planetary Imaging Fourier Transform Spectrometer

Source

[edit on 10-3-2009 by Gemwolf]

[edit on 10-3-2009 by Gemwolf]

reply posted on 10-3-2009 @ 02:13 AM by sadisticwoman

reply to post by Gemwolf

That's a very good read.

Without new viruses, antivirus companies would cease to exist. Of course they have a hand in making new ones.

reply posted on 10-3-2009 @ 02:18 AM by Ian McLean

Confirmed, via google cache, that messages were deleted from Symantic's message board.

Here's a "Yahoo Answers" question on the subject:
Anyone know what PIFTS.exe is?

Let's see if that remains open. Additionally, here is a report from someone who posted on the Symantic boards, claiming they have now been blocked from creating new posts there:

Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I've now been blocked from creating new posts or replies on the Norton forums. They really don't want to talk about whatever this was.

Source

reply posted on 10-3-2009 @ 02:19 AM by sadisticwoman

New post from 4chan. pretty interesting.

>I was on the phone with Symantec from 9:00pm PST until 11:00 and got basically no decent answers. They finally admitted it was part of the install process but couldn't tell me what it was for. Every time that I asked why messages were being removed from the Forum, I got transferred to someone else. I started at Tech Support talking to Ella, then got tranferred to Sam in the Virus Removal Dept. I asked him the same questions, then finally I asked to speak to a Supervisor, and got Frank the floor supervisor. He said that it was not a virus but a "System File Issue" and he would have to transfer me to Technical Support.
>System File Issue
I HAVE GREAT FAITH IN THESE PEOPLE.

>My question was again ignored and he then wanted to enter my computer remotely and look for viruses.
...

ohohoho

After the person hung up:

>He called right back and told me he wanted to transfer me to his Supervisor since I was obviously not satisfied with my call.

reply posted on 10-3-2009 @ 02:28 AM by choujeap

We're currently having the problem of people calling in and being given the run around on the phone. They transfer you, don't give you any answers, ask you to reinstall and reboot, and then, finally, when they can't get rid of you, they ask if they can come in remotely.

Also, I can confirm that asking any question even vaguely related to PIFTS.exe is enough to get your thread deleted and your account banned from the Norton forums. I asked "Why are threads being deleted?". The thread was subsequently banned and so was I.

EDIT 1: Disassembled PIFTS is in from /g/.

www.megaupload.com...

[edit on 10-3-2009 by choujeap]

reply posted on 10-3-2009 @ 02:33 AM by Localjoe3

I haven't seen a systematic removal of "data" like this in a while. It takes a bit of people to do damage control like this. The things to note here are the Washington Swapdrive ip address and microsoft search companion originating in the executables encoding and the fact that there's a bunch of useless padding in the file. As explained on one of the forums its comparable to someone filling half a page of paper with xx's and oo's just to fill up the sheet of paper so it would match another like it. Normally padding like that is not included in a file for any reason its sloppy coding. Baton down your hatches folks this reeks of mass data mining, or something more sinister which i wont mention. (WHERE THE SPYBOT ACTUALLY JUMPS OUT OF THE COMPUTER AT YOU)

But really tho make sure to uninstall norton products they suck to begin with use avg or something, anything else but norton products. You will thank me later

[edit on 10-3-2009 by Localjoe3]

reply posted on 10-3-2009 @ 02:34 AM by EricS

S+F'd.

I've been watching this on the new 4chan thread. Interesting stuff, but it seems like we aren't getting very far. I think we'll find out more in the morning.

reply posted on 10-3-2009 @ 02:42 AM by wiredamerican

I think I have got a hint by somebody doing some digging. Here is a statement about what he is speculating. It is Spying on its users! I have a feeling they are deleting the posts in the norton message board because their terms of service problably forgot to include about the spying part.

The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.

reply posted on 10-3-2009 @ 02:45 AM by sadisticwoman

I looked up the:

G O E C 6 2 ~ 1 . D L L

thing we found before.

Symantec accesses Google Desktop.

G O E C 6 2 ~ 1 . D L L is Google Desktop.

They ARE recording searches-- Google Desktop interacts with IE, too, so... just, #.

There you go. Symantec is recording what you search for on Google.

This could also be tied to Yahoo wanting to sabotage Google as the top search engine.

reply posted on 10-3-2009 @ 03:00 AM by Gemwolf

ATS has been contacted by Symantec and threatened to sue ATS if we don't delete the topic. I'll delete the thread in a couple of minutes...

...

I'm just kidding.

I'm just curious why the reference to South Africa. For one South Africa doesn't have a very strong Internet infrastructure. Our connection speed isn't nearly as fast as say the US, and I can't imagine that our infrastructure is good enough to handle a sudden surge of all Norton users' data coming its way. And secondly, I can't imagine who in South Africa would want such information. Yes, Symantec has a strong market share in SA, but strong enough to pull some stunt? I don't know...

Edit to add bold.

[edit on 10-3-2009 by Gemwolf]

Pages: << 1 2 3 4 >> ^^TOP^^

Pokemon discovered in Venezuela
Posted 14 days ago with 47 member flags

89-Year-Old Man Develops Bladeless Bird-Friendly Wind Turbine
Posted 11 days ago with 45 member flags

Amazing snowflake images that you have never seen before.
Posted 14 days ago with 44 member flags

Energy Solutions THEY don\'t want you to know about
Posted 14 days ago with 35 member flags

High speed video reveals the bizarre physics of an ordinary water droplet
Posted 4 days ago with 32 member flags

Does this video show a working self propelled magnetic engine?
Posted 7 days ago with 31 member flags

Viruses: alive or not?
Posted 11 days ago with 30 member flags

NASA reveals secrets it has hidden on the Curiosity rover.
Posted 17 days ago with 29 member flags

Newest topics, updated in real-time:

New Lebron x shoe..proof that tptb pick who wins nba finals?
General Conspiracies: 5 minutes ago

How stupid do they think we are?
Rant: 13 minutes ago

Amazing images of tornado near Denver International Airport at 3:24 PM CDT
Fragile Earth: 30 minutes ago

Poor African Country Announces "Imminent Launch Of 5 Satellites And Telescope" - Reaction?
General Chit Chat: 51 minutes ago

Russell Brand on MSNBC Mocking Media
Politicians & People: 57 minutes ago

Testicle Mascot ‘Mr. Balls’ AKA Senhor Testiculo to raise awareness of testicular cancer
Health & Wellness: 1 hours ago

White Cop Killes & year Old BLACK Child - He Blames TV Cameras " Was Accident!"
Social Issues and Civil Unrest: 1 hours ago

Influenza: marketing vaccine by marketing disease
Diseases and Pandemics: 1 hours ago

Newest topics getting flags, in real-time:

32 Million Data Collection Points in San Diego Alone...The "Truth" is Coming Out
US Political Madness: 15 hours ago, 33 flags

The Names We Do Not Speak: The FEMALE Illuminati!
New World Order: 17 hours ago, 21 flags

Watch the Shockwave of an Explosion at Mexico’s Popocatépetl
Fragile Earth: 11 hours ago, 20 flags

Brazil is under Siege: Protest in all Major Cities. Rio 100 thousands, Sao Paulo, 65 thousands. Bras
Other Current Events: 15 hours ago, 20 flags

Strange Object on Mars
Space Exploration: 17 hours ago, 18 flags

Egyptian Magazine Rose El-Youssef - "Muslim Brotherhood Infiltrates Obama Administration"
US Political Madness: 7 hours ago, 12 flags

Yet Another Obama Energy Boondoggle...
US Political Madness: 10 hours ago, 9 flags

South African Student Invents Waterless Bathing
Science & Technology: 10 hours ago, 8 flags

Newest topics getting replies, in real-time:

What is that "the christian god"?
Religion, Faith, And Theology: 6 hours ago, 84 replies

32 Million Data Collection Points in San Diego Alone...The "Truth" is Coming Out
US Political Madness: 15 hours ago, 81 replies

If the Greys aren't real, where did the idea of them come from?
Aliens and UFOs: 7 hours ago, 62 replies

The Names We Do Not Speak: The FEMALE Illuminati!
New World Order: 17 hours ago, 58 replies

Strange Object on Mars
Space Exploration: 17 hours ago, 48 replies

I time traveled with my mind and changed reality around me
The Gray Area: 13 hours ago, 44 replies

Americans here your views on Australians posting on ATS A few Questions:
Rant: 8 hours ago, 28 replies

Brazil is under Siege: Protest in all Major Cities. Rio 100 thousands, Sao Paulo, 65 thousands. Bras
Other Current Events: 15 hours ago, 27 replies